Yikes! I wonder when they added that. I have a couple of plugins that have PHP >= 5.4 syntax, I guess maybe they’re grandfathered in?
Yet another reason WP needs to take a strong stance on forcing PHP upgrades.
I’ve been using the plugin wp-bcrypt on a few sites for a while now, and one thing I noticed is that bcrypt isn’t fully supported in WP < 4.4. Whilst login worked, the password reset feature didn’t.
Although I haven’t tried it with the wp-password-bcrypt plugin, I would imagine it’ll suffer the same problems. These were caused by a field length limit in the WordPress database schema.
For more info see issue 33904 on the WordPress bug tracker. There’s also an explanation of the behaviour here.
Considering this puts a dependency on having WordPress 4.4 installed, you might want to list it as one of the requirements of wp-password-bcrypt in the plugin’s README.
2 Likes
Cool thing… I really do not understand why WP is still using MD5!
Instead of wp-password-bcrypt I suggest that it be renamed to wp-native-php-password just my two cents on this one 