wordpress password encryption in NodeJS

Edit: Today there is an implementation which supports Wordpress portable hashes: wordpress-hash-node.

Previous reply:

Sigh... I took an interest in this, and spent half an hour pouring through PHPass source code. Then I googled for node phpass.

Edit: On closer inspection, this seems to only implement bcrypt encryption, while the PHPass default (which I think Wordpress uses) is something they call "Portable Hashes". node-phpass throws 'Portable hashes are not implemented' when you ask for Portable Hashes. I suggest you implement that for node-phpass and send a pull request.

For Wordpress 4.9.5, in NodeJS after

npm i wordpress-hash-node

var hasher = require('wordpress-hash-node');let wordpressHashPass = "$P$BzPE3JGpq4CUpvpMHhtPh3lZmIoG.s1";let wordpressPlainTextPass = '(&@fZsImcKq7K3Lmd&qBe!Jx';var checked = hasher.CheckPassword(wordpressPlainTextPass, wordpressHashPass); //This will return trueconsole.log(checked); // returns truevar hasher = require('wordpress-hash-node');let wordpressHashPass = "$P$BzPE3JGpq4CUpvpMHhtPh3lZmIoG.s1";let wordpressPlainTextPass = 'goodday';var checked = hasher.CheckPassword(wordpressPlainTextPass, wordpressHashPass); //This will return falseconsole.log(checked); // returns false

wordpressHashPass is the MD5 hashed password that you can find in the wp_users table of Wordpress for a user.

wordpressPlainTextPass is the plain text password that the user types in the password field.

The method CheckPassword compares the plain text password and the hash password. It returns true if it coincides and false if it does not coincides.