Title: Encrypt WordPress User passwords using SQL rather than PHP? Last modified: August 19, 2016 --- # Encrypt WordPress User passwords using SQL rather than PHP? * [renwickcentre](https://wordpress.org/support/users/renwickcentre/) * (@renwickcentre) * [17 years ago](https://wordpress.org/support/topic/encrypt-wordpress-user-passwords-using-sql-rather-than-php/) * Hi, * I want to replicate the way WordPress encrypts a password for a new user (wp_user. user_pass) in WordPress 2.7.1. * However, I want to encrypt the password in SQL code inserting into MySQL rather than through PHP. This is so that I can bypass the WordPress Admin/Dashboard section to create new users, instead creating new users through a SQL Insert statement into the WordPress MySQL database. * I believe that WordPress 2.5+ onwards uses ‘Salted Passwords’ using the PasswordHash PHP class ([http://www.openwall.com/phpass/](http://www.openwall.com/phpass/)) to store passwords. I have also found the mod_auth_mysql Apache module ([http://modauthmysql.sourceforge.net/](http://modauthmysql.sourceforge.net/)) but neither of these appear to have any SQL code directly or suit my problem exactly. * Does anyone know how to encrypt passwords for new WordPress Users in a SQL INSERT or UPDATE statement that replicates the way WordPress encrypts passwords using PHP? * Cheers, Viewing 5 replies - 1 through 5 (of 5 total) * [shane-g](https://wordpress.org/support/users/shane-g/) * (@shane-g) * [17 years ago](https://wordpress.org/support/topic/encrypt-wordpress-user-passwords-using-sql-rather-than-php/#post-1077529) * Hi, * You can use md5() or AES_ENCRYPT function in your query to encrypt the password and store it.. * like: * `INSERT INTO usertable ( First_Name, Last_Name, Phone, BirthDate, Password ) VALUES ( '...', '...', '...', '......', AES_ENCRYPT ( 'mypassword', 'seSy78910'));` * Thanks, * Shane G. * Thread Starter [renwickcentre](https://wordpress.org/support/users/renwickcentre/) * (@renwickcentre) * [17 years ago](https://wordpress.org/support/topic/encrypt-wordpress-user-passwords-using-sql-rather-than-php/#post-1077568) * Hi Shane, * I thought MD5 hashing for WordPress passwords was depracated and not recommended since 2.5? * And if I do use AES_ENCRYPT how will WordPress know how to decrypt the password for each user if it doesn’t have the secret key (the ‘key_str’ parameter) that I pass to AES_ENCRYPT when I encrypt the password? * Cheers, * [netizenzero](https://wordpress.org/support/users/netizenzero/) * (@netizenzero) * [16 years, 7 months ago](https://wordpress.org/support/topic/encrypt-wordpress-user-passwords-using-sql-rather-than-php/#post-1077798) * I am actually looking to do exactly the same thing as renwickcentre, and the md5 suggestion doesn’t work. * I am still digging… * [Michael C](https://wordpress.org/support/users/mcallans/) * (@mcallans) * [16 years, 7 months ago](https://wordpress.org/support/topic/encrypt-wordpress-user-passwords-using-sql-rather-than-php/#post-1077801) * I am using 2.8.4 and I was able to use MD5 to create a password. I was surprised since I too thought salting was needed. * I used this code: * UPDATE wp_users SET user_pass = MD5(‘THE_PASSWORD’) WHERE wp_users.user_login =’THE_USERNAME’ LIMIT 1; * I was also able to insert a user into the table using similar code. But is also important to create an entry into the wp_usermeta table with the correct information. I simply use a query to copy from a working user record since I am too lazy to figure out all of the meaning behind the records: * insert into wp_usermeta ( user_id, meta_key, meta_value ) select 3 as x, meta_key, meta_value from wp_usermeta where user_id=2 * [netizenzero](https://wordpress.org/support/users/netizenzero/) * (@netizenzero) * [16 years, 7 months ago](https://wordpress.org/support/topic/encrypt-wordpress-user-passwords-using-sql-rather-than-php/#post-1077804) * Ya, I’m not sure why, but inserting the MD5 password via mysql doesn’t work. * I did play around with using the wp_hash_password() function to try to hash the password, and I do get a hash that looks right, but I may be missing a piece of the puzzle, because I get multiple hashes for the same password. * I know there is a random number used in the encryption process, but i’m not sure how that fits into the big picture. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Encrypt WordPress User passwords using SQL rather than PHP?’ is closed to new replies. ## Tags * [create new user](https://wordpress.org/support/topic-tag/create-new-user/) * [encryption](https://wordpress.org/support/topic-tag/encryption/) * [password](https://wordpress.org/support/topic-tag/password/) * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/) * 5 replies * 4 participants * Last reply from: [netizenzero](https://wordpress.org/support/users/netizenzero/) * Last activity: [16 years, 7 months ago](https://wordpress.org/support/topic/encrypt-wordpress-user-passwords-using-sql-rather-than-php/#post-1077804) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics