1 | | While I really care about security, it isn't logical to use PHPass and switch the supported version to 5.3. Why? Well, 3,383,560 servers are currently running 5.2. Only 3,475,453 servers support PHP 5.3. If WordPress stopped supporting 5.2 there would be an outrage. The problem stems from PHP not putting in native support for more secure hash types hash types before 5.3. I agree with Nacin on the fact that we should use plugins until at least 2014. If you even know about password hashing, then finding a plugin won't be hard. If you want to double check my findings on the PHP versions go to shodanhq.com and do some searches. |
| 1 | While I really care about security, it isn't logical to switch the supported version to 5.3. Why? Well, 3,383,560 servers are currently running 5.2. Only 3,475,453 servers support PHP 5.3. If WordPress stopped supporting 5.2 there would be an outrage. The problem stems from PHP not putting in native support for more secure hash types before 5.3. I agree with Nacin on the fact that we should use plugins until at least 2014. If you even know about password hashing, then finding a plugin won't be hard. If you want to double check my findings on the PHP versions go to shodanhq.com and do some searches. |