What exactly is Bcrypt password encryption?

ANSWER: Bcrypt password encryption means that LittleBizzy is the only managed WordPress hosting company that forced all client sites to use PHP Bcrypt to encrypt all of their site user passwords. This is a very high tech and more recent encryption method that replaces older and less safe methods such as MD5 hashing. The method we use to do this is a special script developed by the folks at Roots, a well-established WordPress agency. This is a Must Use plugin meaning it can’t be removed, but in the case it ever has issues, your site will smoothly “fallback” to the older WordPress MD5 hashing methods.

Keep in mind that to activate the Bcrypt encryption it requires each user to login and logout at some point, at which point their password is re-encrypted. As far as non-active users who don’t login to WordPress, their passwords will NOT be re-encrypted using Bcyrpt and will remain stored in the database with MD5 hashes. For ultimate protection, you can either delete inactive users, reset their passwords to something temporary and LOGIN for them to get Bcrypt activated, or ask them to manually reset their passwords to something new after moving to LittleBizzy hosting.

Last modified:  27 Jul, 2016