Category Archives: Security

PHP 5.5 Password Hashing API

Most of the applications or websites today have a user registration system which requires storing usernames, passwords etc. A developer of the application should always store passwords securely and never in plain text. There are many methods to encrypt or hash passwords and store in the database but which method to use? The methods that are currently used are hashing password using algorithms like MD5(), SHA1(), BCRYPT.

MD5() and SHA1() methods are now considered weak. BCRYPT is currently considered the best algorithm to use for password hashing. However, correctly implementing it can be difficult (prior to PHP 5.5). In PHP 5.5 there is a new Password Hashing API which can be used very easily for hashing the passwords using BCRYPT algorithm.
Read more »

Encryption using PHP and OpenSSL

In this post we will see how to encrypt and decrypt data using PHP OpenSSL. We will be using asymmetric (public/private key) encryption. In this encryption a user generates a pair of public / private keys and gives the public key to anyone who wants to send the data. The sender of the data will encrypt the data using the public key of the receiver. The receiver will then unencrypt the received data using his own private key. The data encrypted using the public key can only be decrypted using the corresponding private key.
Read more »

How to generate passwords for .htpasswd using PHP

In my earlier post about .htaccess I had described about authentication using .htaccess and command to generate .htpasswd file. However, when we want to add passwords for many users that method will take too long, since we will have to add passwords for each user one at a time. However, there is an easier way to generate the .htpasswd file using PHP. In this post I will show the different algorithms which can be used to generate the .htpasswd file.
Read more »

How to change WordPress username

By default when you install WordPress, the username is “admin”. If someone is trying to hack into your site the first username they would try is “admin”, and if you use “admin” all they have to now do is guess your password. So, it is highly recommended that you never use “admin” as the username used to login into WordPress. You can choose a different username while first installing WordPress. However, you cannot change your username once created.

You can change the username by running queries in the database or use different plugins for it. However, there is a much simpler way to change your username. In this post lets see how we can change the “admin” username (you can use similar steps for any other username).
Read more »