Wp bcrypt password plugin fatal error upon installation

When installing the WP Password bcrypt plugin I get error:

Fatal error: Cannot redeclare wp_check_password() (previously declared in …\wp-includes\pluggable.php:2087) in …\wp-content\plugins\wp-password-bcrypt\wp-password-bcrypt.php on line 44

Is the solution to this dropping it into the mu-plugins folder? Or does that not really solve the issue?

Did you add it to your theme?

Pluggable functions can only be overwritten by plugins, mu-plugins or by adding it before WordPress loads (e.g by using composer).

@Foxaii Yes, I added it to the plugins folder (not through composer) and when I activated it gives this error. If I drop it in the mu-plugins folder I do not get the error. However, I read on Github that Wordpress may just be ignoring the error and it may not be the fix. It wasn’t clear what the solution is.

Is the solution to leave it in the mu-plugins folder? I am trying to add the plugin to older already built projects not using Bedrock.

Our README explicitly says not to use it as a plugin anyway. mu-plugin is better.

@swalkinshaw Thanks! I read the README but the wording “We do not recommend using this as a normal (non-mu) plugin. It makes it too easy to disable or remove the plugin.” gave me the impression that it was a security recommendation and not that it would cause conflict errors. I deduced that I could still use it as a plugin with no issues.

My confusion. My bad.

Thanks again!

Just to confirm, it should not cause errors.


A function can only be reassigned this way once, so you can’t install two plugins that plug the same function for different reasons. For safety, it is best to always wrap your functions with if ( !function_exists() ), otherwise you will produce fatal errors on plugin activation.

Looks like we’re in the wrong here and should add a if ( !function_exists() ) check.

The only thing is if the user is getting this Fatal Error, and you add the function_exists and the Fatal goes away, it means the user gets no feedback but the plugin isn’t making them more secure. Maybe worth including a notice of some kind?

Yeah, correct. We’ve discussed adding function_exists checks and also displaying an admin notice if it does.

1 Like