wp_update_user causes password to be double hashed
|Reported by:||WPsites||Owned by:|
If you use wp_update_user to insert/update a user and you pass in the users password (user_pass) then the password gets hashed in wp_update_user and then gets hashed again when wp_insert_user is called further down.
So I think line 1419 of /wp-includes/user.php needs to be removed as not not hash the password.
In fact what is the point of wp_update_user? when wp_insert_user seems to do exactly the same thing CORRECTLY.
This is the same for all versions of WordPress since 2.0 I reckon.
Change History (4)
comment:3 @SergeyBiryukov — 3 years ago
- Resolution fixed deleted
- Status changed from closed to reopened