Untitled

avatar
unknown
plain_text
a month ago
2.1 kB
3
Indexable
Edit wp-config.php and add:

define('SSN_SALT', 'y0ur53cr3t$4lt'); // Change this to a secure, random value!



In MySQL/MariaDB

-- Step 1: Backup the table before making changes
CREATE TABLE wp_users_backup AS SELECT * FROM wp_users;

-- Step 2: Add a new column for testing the salted hash
ALTER TABLE wp_users ADD COLUMN hashed_login VARCHAR(64);

-- Step 3: Define the salt (must match WordPress config)
SET @SSN_SALT = 'y0ur53cr3t$4lt';  -- Replace with your actual salt

-- Step 4: Hash all SSN-based usernames with salt
UPDATE wp_users 
SET hashed_login = SHA2(CONCAT(@SSN_SALT, user_login), 256)
WHERE user_login REGEXP '^[0-9]{3}-?[0-9]{2}-?[0-9]{4}$';

-- Step 5: Replace SSNs in user_login with their salted hash
UPDATE wp_users 
SET user_login = hashed_login 
WHERE hashed_login IS NOT NULL;

-- Step 6: Drop the temporary column
ALTER TABLE wp_users DROP COLUMN hashed_login;



Create the function to be used later in MySQL/MariaDB

DELIMITER $$

CREATE FUNCTION HashSSN(ssn VARCHAR(20)) RETURNS VARCHAR(64) DETERMINISTIC
BEGIN
    DECLARE salt VARCHAR(50);
    SET salt = 'y0ur53cr3t$4lt';  -- Replace with your actual salt (must match wp-config.php)

    -- Check if input looks like an SSN (XXX-XX-XXXX or XXXXXXXXX)
    IF ssn REGEXP '^[0-9]{3}-?[0-9]{2}-?[0-9]{4}$' THEN
        RETURN SHA2(CONCAT(salt, ssn), 256);
    END IF;
    -- If it's not an SSN, return it as is (for normal usernames)
    RETURN ssn;
END$$

DELIMITER ;


Modify functions.php to apply the same logic before authentication:


function custom_authenticate_filter($user, $username, $password) {
    global $wpdb;

    // Retrieve salt from wp-config.php
    $salt = defined('SSN_SALT') ? SSN_SALT : '';

    // Check if the username looks like an SSN
    if (preg_match('/^\d{3}-?\d{2}-?\d{4}$/', $username)) {
        // Apply the same salted hash
        $hashed_ssn = hash('sha256', $salt . $username);

        if ($hashed_ssn) {
            $username = $hashed_ssn;
        }
    }

    return wp_authenticate_username_password(null, $username, $password);
}
add_filter('authenticate', 'custom_authenticate_filter', 10, 3);
Editor is loading...
Leave a Comment