How to Import WordPress Users into Laravel

How to Import WordPress users into Laravel

We have all been there when we forgot the password to one of our WordPress websites and needed a quick solution. A cursory search in Google will result in information on how you can login through database (through Hosting Panel / Cpanel) and go into Database Management tool such as phpMyAdmin and change password to MD5 of new password.

This gives us two pieces of information:

  1. Changing passwords in WordPress is easy
  2. Passwords are saved as MD5 (partially true)

WordPress uses phpass (introduced since WordPress 2.5 and now considered weak as well [1]) library which is built with MD5 fallback (for WordPress installations running older versions of PHP) and hence allows easy one-time manipulation of passwords through database. In other words, when importing users from WordPress to Laravel database (or other softwares), we will get phpass based passwords and will need to convert them into the target password hash.

Related: 10 steps to rescue Hacked WordPress website on a shared hosting

 

Laravel Framework on the other hand, being snazzy, doesn’t care about older PHP versions (minimum 5.6) and uses bcrypt hashing algorithm. bcrypt is built into PHP version 5.5 and onward and hence provides a much stronger hash than phpass.

Hence to convert WordPress passwords into Laravel passwords, you can either make sure that your WordPress runs on a new PHP version and change your WP passwords to be upgraded to bcrypt [2] but there will always be users who are left behind on old phpass passwords. Or you can use one of Laravel packages to convert phpass passwords into bcrypt passwords.

At The Right Software company, we use mikemclin/laravel-wp-password[4] package to tie in the code at the time of login.

//user's input data
$post_login = $request->input('post_login');
$post_password = $request->input('post_password');
//get user's saved password from database
$wp_hashed_password = $user['password'];

if ( WpPassword::check($password, $wp_hashed_password) ) {
// login successful, update password to bcrypt, send user forward
}
else {
// login failed, send user back to login page
}

After this, we update the passwords in database so that processing is saved next time.

Finally, when all passwords are updated, we can remove this code completely. Setup a reminder or a task in your management software to remove this code from repository in future uploads.

We care about customer website security and make sure to take part in betterment of internet.

 

References

  1. http://stackoverflow.com/questions/5343611/portable-phpass-password-hashes-should-i-use-them
  2. https://github.com/roots/wp-password-bcrypt
  3. http://php.net/manual/en/function.password-hash.php
  4. https://github.com/mikemclin/laravel-wp-password
Tagged

Advantages of our
How to Import WordPress Users into Laravel

Round-the-clock Availibility

Our support staff is available 24/7 to take support calls and messages from clients.

100% Client Satisfaction

We involve client in all stages of software development to deliver satisfaction and peace of mind.

Technical Process

We hire developers that are technically strong and discuss the project thoroughly before starting.

Money Back Guarante

If you are not happy with the quality of work or we fail to achieve final technical goal, we’ll not take your money.

Long Term Commitment

We have worked with some clients for over 7 years. Our commitment and dedication is a matter of pride for us.

We Care!

We care about your investment. We will tell it straight if you are making a bad decision.

Contact us

Request a Demo

clients
Timothy de Vos

Timothy de Vos

Senior Project Manager, Characterful

Khuram, and his team, completed excellent work for us. They were professional, willing to go the extra mile and communicative. They completed the project as expected with no issues. I look forward to working with them on the next project.
rosy

Rosy Thornton

Owner, Orange Lizard

I have worked with Khuram and the team on several projects now, and they are always extremely professional, proactive and efficient in their work. The standard of work is excellent and the client has always been very happy with the result. I have no hesitation in recommending them.
Olushola Dabiri

Olushola Dabiri

Owner, Shokam Consulting Limited

The Right Software has become a dependable and valuable partner over the years. They are committed to ensuring that all tasks given to implement are carried out successfully. They never disappoint! I will surely recommend them.
david-ball

David Ball

Owner, Media Force Ltd, UK

I have been working with The Right Software for the last year and must say that the service and quality of work is outstanding! They are very quick to understand my brief and always go above and beyond to complete the job on time and on budget. I highly recommend you use The Right Software for all your future projects.
Emily House

Emily House

Manager, Mineral Systems NZ

Over the last 5 years of working with The Right Software we have found them very capable and patient. They have done a fantastic job of building a complicated system with a remote user and continue to support its development.

    NDA implied. No spam. Privacy guaranteed.