Filter hook 'wp_hash_password_options'

Hook Information

Hook Parameters

Usage Examples

<?php
// Hook into wp_hash_password_options
add_filter('wp_hash_password_options', 'my_custom_filter', 10, 2);

function my_custom_filter($hash, $user_id) {
    // Your custom filtering logic here
    return $hash;
}

Source Code Context

<?php
2810  
2811  		/** This filter is documented in wp-includes/pluggable.php */
2812  		$algorithm = apply_filters( 'wp_hash_password_algorithm', PASSWORD_BCRYPT );
2813  
2814  		/** This filter is documented in wp-includes/pluggable.php */
2815  		$options = apply_filters( 'wp_hash_password_options', array(), $algorithm );
2816  
2817  		$prefixed = str_starts_with( $hash, '$wp' );
2818  
2819  		if ( ( PASSWORD_BCRYPT === $algorithm ) && ! $prefixed ) {
2820  			// If bcrypt is in use and the hash is not prefixed then it needs to be rehashed.

PHP Documentation

<?php
/**
	 * Checks whether a password hash needs to be rehashed.
	 *
	 * Passwords are hashed with bcrypt using the default cost. A password hashed in a prior version
	 * of WordPress may still be hashed with phpass and will need to be rehashed. If the default cost
	 * or algorithm is changed in PHP or WordPress then a password hashed in a previous version will
	 * need to be rehashed.
	 *
	 * Note that, just like wp_check_password(), this function may be used to check a value that is
	 * not a user password. A plugin may use this function to check a password of a different type,
	 * and there may not always be a user ID associated with the password.
	 *
	 * @since 6.8.0
	 *
	 * @global PasswordHash $wp_hasher phpass object.
	 *
	 * @param string     $hash    Hash of a password to check.
	 * @param string|int $user_id Optional. ID of a user associated with the password.
	 * @return bool Whether the hash needs to be rehashed.
	 */