Title: Ballast Security Hashing
Author: BallastSecurity
Published: <strong>July 24, 2012</strong>
Last modified: September 6, 2012

---

Search plugins

This plugin **hasn’t been tested with the latest 3 major releases of WordPress**.
It may no longer be maintained or supported and may have compatibility issues when
used with more recent versions of WordPress.

![](https://s.w.org/plugins/geopattern-icon/ballast-security-securing-hashing.svg)

# Ballast Security Hashing

 By [BallastSecurity](https://profiles.wordpress.org/ballastsecurity/)

[Download](https://downloads.wordpress.org/plugin/ballast-security-securing-hashing.zip)

 * [Details](https://srd.wordpress.org/plugins/ballast-security-securing-hashing/#description)
 * [Reviews](https://srd.wordpress.org/plugins/ballast-security-securing-hashing/#reviews)
 *  [Installation](https://srd.wordpress.org/plugins/ballast-security-securing-hashing/#installation)
 * [Development](https://srd.wordpress.org/plugins/ballast-security-securing-hashing/#developers)

 [Support](https://wordpress.org/support/plugin/ballast-security-securing-hashing/)

## Description

This plugin seamlessly changes your stored password hash to a far stronger one. 
The hash that it is changed to is
 generated with a variety of variations on PBKDF2,
including my own ARC4PBKDF2 which adds custom ARC4 encryption during the hashing
processs, then a SHA-1 to meet size constraints. This plugin exponentially increases
the strength of your stored password.

### Arbitrary section

## Installation

 1. Upload `BallastSecurityHasher.zip` through the plugin upload interface
 2. Activate the plugin through the ‘Plugins’ menu in WordPress
 3. Choose the hash you want to convert to from the Secure Hasher Configuration Menu
 4. Log out and log back in, and your hash will be recomputed

## FAQ

### How will this affect my login time?

The difference to login time is negligable, but to someone trying to crack your 
password, it can add years to the cracking time.

### How can I change my password hashes back?

As of version 0.2b, you are able to start converting all logins back to the original
hash. In order to deactive this plugin without
 locking yourself out of your WordPress,
you need to have all your users login after reverting the hashing methods to the
original.

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Ballast Security Hashing” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ BallastSecurity ](https://profiles.wordpress.org/ballastsecurity/)

[Translate “Ballast Security Hashing” into your language.](https://translate.wordpress.org/projects/wp-plugins/ballast-security-securing-hashing)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/ballast-security-securing-hashing/),
check out the [SVN repository](https://plugins.svn.wordpress.org/ballast-security-securing-hashing/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/ballast-security-securing-hashing/)
by [RSS](https://plugins.trac.wordpress.org/log/ballast-security-securing-hashing/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.2.1

 * Colaborator: HacKan ([@hackancuba](https://www.twitter.com/HacKanCuBa/)) solved
   issue when php v < 5.3.0 and problem with line 358

#### 1.2

 * Added nonce

#### 1.1

 * Added ARC4PBKDF2 along with a custom version of ARC4 developed by me.

#### 1.0

 * Added 3 configurations of the classic PBKDF2 key derivation

#### 0.3b

 * Added the option to use 10000 or 100000 iterations instead of 2048

#### 0.2b

 * Added the option to convert hashes back to the original WordPress generated hashes
 * Added a configuration screen page

#### 0.1b

 * Initial version set with SHA-256 with 2048 iterations as the configuration static

## Meta

 *  Version **1.2.1**
 *  Last updated **14 years ago**
 *  Active installations **10+**
 *  WordPress version ** 2.0.2 or higher **
 *  Tested up to **3.4.2**
 *  Language
 * [English (US)](https://wordpress.org/plugins/ballast-security-securing-hashing/)
 * Tags
 * [hash](https://srd.wordpress.org/plugins/tags/hash/)[password](https://srd.wordpress.org/plugins/tags/password/)
   [security](https://srd.wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://srd.wordpress.org/plugins/ballast-security-securing-hashing/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/ballast-security-securing-hashing/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/ballast-security-securing-hashing/reviews/)

## Contributors

 *   [ BallastSecurity ](https://profiles.wordpress.org/ballastsecurity/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/ballast-security-securing-hashing/)

## Donate

Would you like to support the advancement of this plugin?

 [ Donate to this plugin ](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=KCHYQRCBZEWML)