WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #21022, comment 63


Ignore:
Timestamp:
11/09/2015 02:56:28 AM (6 years ago)
Author:
deadduck169
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21022, comment 63

    initial v1  
    44Actually, according to [https://github.com/ircmaxell/password_compat here], it's versions < 5.3.7 and also that haven't had the $2y fix backported into them that are incompatible. Of the servers using PHP 5.3, most will likely be using either >= 5.3.7 or a version with $2y backported into it.
    55
    6 The [https://wordpress.org/about/stats/ stats] show that at the time of writing only 11.2% of Wordpress servers currently use PHP 5.2. The chance of someone moving from a PHP 5.5 server to a 5.2 server are probably pretty negligible, especially since 5.2 has been past its [http://php.net/eol.php end of support] since the beginning of 2011.
     6The [https://wordpress.org/about/stats/ stats] show that at the time of writing only 11.2% of Wordpress servers currently use PHP 5.2. The chance of someone moving from a PHP 5.3.7+ server back to a 5.2 server are probably pretty negligible, especially since 5.2 has been past its [http://php.net/eol.php end of support] since the beginning of 2011, and if changing hosts and given the choice, most people would choose a server with more recent software, not older software.
    77
    88I feel that while '''not''' using bcrypt by default we are throwing the baby out with the bath water. We can easily detect whether the user's PHP is compatible with $2y (see the [https://github.com/ircmaxell/password_compat/blob/master/lib/password.php check function here]), so even if there's a 0.1% chance that someone might migrate from a compatible version to an incompatible version, all we need to do is display a message to users after they have attempted to log in, like this: