How to Import Wordpress Users into Laravel
  • bcrypt
  • composer
  • Framework
  • import
  • Laravel
  • md5
  • phpass
  • security
  • Wordpress

How to Import WordPress Users into Laravel

We have all been there when we forgot the password to one of our Wordpress websites and needed a quick solution. A cursory search in…

   
How to Import WordPress Users into Laravel

We have all been there when we forgot the password to one of our WordPress websites and needed a quick solution. A cursory search in Google will result in information on how you can login through database (through Hosting Panel / Cpanel) and go into Database Management tool such as phpMyAdmin and change password to MD5 of new password.

This gives us two pieces of information:

  1. Changing passwords in WordPress is easy
  2. Passwords are saved as MD5 (partially true)

WordPress uses phpass (introduced since WordPress 2.5 and now considered weak as well [1]) library which is built with MD5 fallback (for WordPress installations running older versions of PHP) and hence allows easy one-time manipulation of passwords through database. In other words, when importing users from WordPress to Laravel database (or other softwares), we will get phpass based passwords and will need to convert them into the target password hash.

Related: 10 steps to rescue Hacked WordPress website on a shared hosting

Laravel Framework on the other hand, being snazzy, doesn’t care about older PHP versions (minimum 5.6) and uses bcrypt hashing algorithm. bcrypt is built into PHP version 5.5 and onward and hence provides a much stronger hash than phpass.

Hence to convert WordPress passwords into Laravel passwords, you can either make sure that your WordPress runs on a new PHP version and change your WP passwords to be upgraded to bcrypt [2] but there will always be users who are left behind on old phpass passwords. Or you can use one of Laravel packages to convert phpass passwords into bcrypt passwords.

At The Right Software company, we use mikemclin/laravel-wp-password[4] package to tie in the code at the time of login.

//user's input data
$post_login = $request->input('post_login');
$post_password = $request->input('post_password');
//get user's saved password from database
$wp_hashed_password = $user['password'];

if ( WpPassword::check($password, $wp_hashed_password) ) {
// login successful, update password to bcrypt, send user forward
}
else {
// login failed, send user back to login page
}

After this, we update the passwords in database so that processing is saved next time.

Finally, when all passwords are updated, we can remove this code completely. Setup a reminder or a task in your management software to remove this code from repository in future uploads.

We care about customer website security and make sure to take part in betterment of internet.

References

  1. http://stackoverflow.com/questions/5343611/portable-phpass-password-hashes-should-i-use-them
  2. https://github.com/roots/wp-password-bcrypt
  3. http://php.net/manual/en/function.password-hash.php
  4. https://github.com/mikemclin/laravel-wp-password

Advantages of our
How to Import WordPress Users into Laravel

Round-the-clock Availibility

Our support staff is available 24/7 to take support calls and messages from clients.

100% Client Satisfaction

We involve client in all stages of software development to deliver satisfaction and peace of mind.

Technical Process

We hire developers that are technically strong and discuss the project thoroughly before starting.

Money Back Guarante

If you are not happy with the quality of work or we fail to achieve final technical goal, we’ll not take your money.

Long Term Commitment

We have worked with some clients for over 7 years. Our commitment and dedication is a matter of pride for us.

We Care!

We care about your investment. We will tell it straight if you are making a bad decision.

Contact us

Request a Demo

clients
Predictive Recruitment Partners

Greg Rogers

Director, Predictive Recruitment Partners

Sajjad and previous team members have been most accommodating. Very happy!  
ricki

Ricki Neill

Head of Digital, Reflexblue

As the Head of Digital at Reflexblue, I have had the pleasure of collaborating with The Right Software Company on several projects over the past 10 years, and I am thoroughly impressed with the outstanding programming work they have delivered for both websites and app ...
Timothy de Vos

Timothy de Vos

Senior Project Manager, Characterful

Khuram, and his team, completed excellent work for us. They were professional, willing to go the extra mile and communicative. They completed the project as expected with no issues. I look forward to working with them on the next project.
rosy

Rosy Thornton

Owner, Orange Lizard

I have worked with Khuram and the team on several projects now, and they are always extremely professional, proactive and efficient in their work. The standard of work is excellent and the client has always been very happy with the result. I have no hesitation in ...
Vikas Malik

Vikas Malik

Founder, Social Diners

I have worked in this business for 20 years and have had experience of both large and small companies. I have employed Khuram and his team on several projects each of which had issues as you might expect on any build. The key difference is that none of these issues ever ...
Olushola Dabiri

Olushola Dabiri

Owner, Shokam Consulting Limited

The Right Software has become a dependable and valuable partner over the years. They are committed to ensuring that all tasks given to implement are carried out successfully. They never disappoint! I will surely recommend them.
david-ball

David Ball

Owner, Media Force Ltd, UK

I have been working with The Right Software for the last year and must say that the service and quality of work is outstanding! They are very quick to understand my brief and always go above and beyond to complete the job on time and on budget. I highly recommend you ...

    NDA implied. No spam. Privacy guaranteed.