Title: password hasing Last modified: December 30, 2019 --- # password hasing * Resolved [colmanbyrne](https://wordpress.org/support/users/colmanbyrne/) * (@colmanbyrne) * [6 years, 5 months ago](https://wordpress.org/support/topic/password-hasing/) * Hi for the password hashing section in setting * how can I determein if the salt is before or after * external database is using statement like * $newpassword = crypt(md5($password), $pw_salt); * so a single salt for all passwords , but before or after ? Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [tbenyon](https://wordpress.org/support/users/tbenyon/) * (@tbenyon) * [6 years, 5 months ago](https://wordpress.org/support/topic/password-hasing/#post-12280632) * Hey [@colmanbyrne](https://wordpress.org/support/users/colmanbyrne/), * The statement you have sent is a custom hashing solution and thus not supported by the plugin as a standard setting. * This is because as well as using the crypt hashing method, it is also relying on an md5 hash. * For this reason the only way for you to solve this is by using the “exlog_hook_filter_authenticate_hash” hook. You can find documentation for its use in the [FAQ](https://wordpress.org/plugins/external-login/#what%20hooks%20are%20available%20in%20the%20external%20login%20flow%3F). * To help you out however, this is something like what you would want to add to your functions.php file: * ``` function myExlogHashAuthenticator($password, $hashFromDatabase, $username, $externalUserData) { $pw_salt = 'someSaltUsedOnExternalDatabase' $generatedHashFromEnteredPassword = crypt(md5($password), $pw_salt) return $generatedHashFromEnteredPassword == $hashFromDatabase; } add_filter('exlog_hook_filter_authenticate_hash', 'myExlogHashAuthenticator', 10, 4); ``` * I have not tested this so treat this like pseudo code to help you build a solution. * I should also point out that the hashing system your external database is using is not best practice. I would recommend reading the `SECURITY NOTES -> Hashing` section of the main [plugin page](https://wordpress.org/plugins/external-login/) for guidance on why this is not desirable. * Let me know if you have any questions, and let me know how you get on, * Thanks, * Tom 🙂 - This reply was modified 6 years, 5 months ago by [tbenyon](https://wordpress.org/support/users/tbenyon/). * Thread Starter [colmanbyrne](https://wordpress.org/support/users/colmanbyrne/) * (@colmanbyrne) * [6 years, 5 months ago](https://wordpress.org/support/topic/password-hasing/#post-12280693) * Hi Tom * That’s great I will use the hook , one question though , do I need to set the Hashing type to none or anything else to use the hook and avoid any conflicts? or the this setting ignores by the hook * Colman * Plugin Author [tbenyon](https://wordpress.org/support/users/tbenyon/) * (@tbenyon) * [6 years, 5 months ago](https://wordpress.org/support/topic/password-hasing/#post-12280770) * If the hook is in place, the rest of the settings for password hashing are ignored. * You’ve made me realise however this is not documented or very clear. I may add a notice to the admin area in the future to indicate if the custom hook has been found. * I’ll mark this thread as resolved for now but if you have any further issue don’t hesitate to get back in contact. 🙂 * If you like the plugin I’d be very grateful for a [review](https://wordpress.org/support/plugin/external-login/reviews/#new-post). * Thanks Colman, * Tom 🙂 Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘password hasing’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/external-login_fbebd6.svg) * [External Login](https://wordpress.org/plugins/external-login/) * [Frequently Asked Questions](https://wordpress.org/plugins/external-login/#faq) * [Support Threads](https://wordpress.org/support/plugin/external-login/) * [Active Topics](https://wordpress.org/support/plugin/external-login/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/external-login/unresolved/) * [Reviews](https://wordpress.org/support/plugin/external-login/reviews/) * 3 replies * 2 participants * Last reply from: [tbenyon](https://wordpress.org/support/users/tbenyon/) * Last activity: [6 years, 5 months ago](https://wordpress.org/support/topic/password-hasing/#post-12280770) * Status: resolved