From 6d241e3fc0fb98367329361a37244c61ed472f41 Mon Sep 17 00:00:00 2001 From: Scott Walkinshaw Date: Mon, 29 Feb 2016 12:20:09 -0500 Subject: [PATCH] Add wp-password-bcrypt plugin for secure passwords --- CHANGELOG.md | 4 ++++ README.md | 1 + composer.json | 3 ++- composer.lock | 61 +++++++++++++++++++++++++++++++++++++++++++++++++-- 4 files changed, 66 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a71e5646c9..9b198b6926 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,7 @@ +### HEAD + +* Add wp-password-bcrypt for more secure passwords ([#243](https://github.com/roots/bedrock/pull/243)) + ### 1.5.4: 2016-02-29 * Use HTTPS for wpackagist.org diff --git a/README.md b/README.md index 317ec8ae08..ea7bfcb805 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,7 @@ Much of the philosophy behind Bedrock is inspired by the [Twelve-Factor App](htt * Easy WordPress configuration with environment specific files * Environment variables with [Dotenv](https://github.com/vlucas/phpdotenv) * Autoloader for mu-plugins (use regular plugins as mu-plugins) +* Enhanced security (separated web root and secure passwords with [wp-password-bcrypt](https://github.com/roots/wp-password-bcrypt)) Use [Trellis](https://github.com/roots/trellis) for additional features: diff --git a/composer.json b/composer.json index 53ee859888..3d02167dca 100644 --- a/composer.json +++ b/composer.json @@ -37,7 +37,8 @@ "composer/installers": "~1.0.12", "vlucas/phpdotenv": "^2.0.1", "johnpbloch/wordpress": "4.4.2", - "oscarotero/env": "^1.0" + "oscarotero/env": "^1.0", + "roots/wp-password-bcrypt": "1.0.0" }, "extra": { "installer-paths": { diff --git a/composer.lock b/composer.lock index 0763d3ee4b..3287c201fd 100644 --- a/composer.lock +++ b/composer.lock @@ -4,8 +4,8 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], - "hash": "18f8ceec799acdf25a1ffaf3e85a613f", - "content-hash": "e881db08bfff5960fc6e95d1f92443af", + "hash": "c1a6716c9465beb6cbc45fecd3a86e07", + "content-hash": "175acdfd1990a9c09fd3e5239140b5a0", "packages": [ { "name": "composer/installers", @@ -232,6 +232,63 @@ ], "time": "2015-12-31 12:34:29" }, + { + "name": "roots/wp-password-bcrypt", + "version": "1.0.0", + "source": { + "type": "git", + "url": "https://github.com/roots/wp-password-bcrypt.git", + "reference": "5cecd2e98ccc3193443cc5c5db9b3bc7abed5ffa" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/roots/wp-password-bcrypt/zipball/5cecd2e98ccc3193443cc5c5db9b3bc7abed5ffa", + "reference": "5cecd2e98ccc3193443cc5c5db9b3bc7abed5ffa", + "shasum": "" + }, + "require": { + "composer/installers": "~1.0", + "php": ">=5.5.0" + }, + "require-dev": { + "brain/monkey": "^1.3.1", + "mockery/mockery": "^0.9.4", + "phpunit/phpunit": "^4.8.23|^5.2.9", + "squizlabs/php_codesniffer": "^2.5.1" + }, + "type": "library", + "autoload": { + "files": [ + "wp-password-bcrypt.php" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "Scott Walkinshaw", + "email": "scott.walkinshaw@gmail.com", + "homepage": "https://github.com/swalkinshaw" + }, + { + "name": "qwp6t", + "homepage": "https://github.com/qwp6t" + }, + { + "name": "Jan Pingel", + "email": "jpingel@bitpiston.com", + "homepage": "http://janpingel.com" + } + ], + "description": "WordPress plugin which replaces wp_hash_password and wp_check_password's phpass hasher with PHP 5.5's password_hash and password_verify using bcrypt.", + "homepage": "https://roots.io/plugins/wp-password-bcrypt", + "keywords": [ + "wordpress wp bcrypt password" + ], + "time": "2016-03-01 16:27:06" + }, { "name": "vlucas/phpdotenv", "version": "v2.2.0",