Description
The Drupal Password Encryption plugin enables support for Drupal’s password encryption algorithms.
A password encryption algorithm is the method is used to secure a password when preparing to save it to the database, such as when registering a new user account, changing a password, or checking if a password is correct when logging in.
This plugin is most useful for users imported from a Drupal website. Users’ passwords can be migrated (with no processing) from Drupal’s users.pass database column to WP’s wp_users.user_pass column. Then, once the plugin is activated, users can login to the WP website using the same password they used to login to the Drupal website, without needing a password reset.
This plugin is also useful to simply enable stronger password encryption in WordPress.
Once this plugin is activated, any existing WP user (that was not migrated from Drupal) will still be able to login using their same password. This is possible because phpass is one of several algorithms that Drupal supports. (phpass is WP core’s default password encryption algorithm.) However, until the user changes or resets their password, it will remain encrypted using phpass.
The plugin works by overriding WP’s pluggable functions wp_hash_password() and wp_check_password() to invoke the equivalent functions in Drupal 7’s password.inc, which is included with the plugin’s files.
This plugin may work on earlier versions of WordPress. Please share your findings if you try it.