Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

WordPress WordPress User Roles An Overview of User Roles The Subscriber Role in WordPress

Stephen Limmex
Stephen Limmex
32,604 Points

Where/how to store passwords?

Where/how do you recommend we store passwords? What is the best practice? Mentioned in the video is the practice of saving a password for the admin's records.

1 Answer

Kevin Korte
Kevin Korte
28,149 Points

Assuming you're talking about storing passwords in the wordpress database, like if you had a custom login or something. Wordpress provides functions that save and retrieve user accounts and passwords. These functions should salt and save the hashed password. And than the functions wordpress provides will hash the incoming password and compare it to the hashed password in the database.

https://codex.wordpress.org/Function_Reference/wp_hash_password

https://codex.wordpress.org/Function_Reference/wp_set_password

Now if we look at the source for wp_set_password

function wp_set_password( $password, $user_id ) {
2214            global $wpdb;
2215    
2216            $hash = wp_hash_password( $password );
2217            $wpdb->update($wpdb->users, array('user_pass' => $hash, 'user_activation_key' => ''), array('ID' => $user_id) );
2218    
2219            wp_cache_delete($user_id, 'users');
2220    }

Which you can see it's updating the users table, with the hashed password.