Every web application and authentication system that stores password encrypt the clear-text password into an encrypted ciphertext. The encryption is one-way, and cannot be reversed. If you forgot your password, you'll have to reset it as the original password cannot be recovered.

If you're a developer and know your encryption algorithm, you may use this tool to generate a cipher-text password that you can assign in your database.


What are the hashing algorithms used by popular CMSes?

Here's a list of popular Content Management Systems (CMS) along with the hashing algorithms commonly used for password encryption:

  • WordPress: WordPress traditionally used the MD5 hashing algorithm for password storage. However, as of WordPress version 2.5, it switched to using the more secure bcrypt algorithm by default.
  • Magento: Magento, as of version 2.3.0, uses the bcrypt hashing algorithm for password storage.
  • Drupal: Drupal traditionally used MD5 but has transitioned to more secure algorithms. As of Drupal 7, it uses SHA-512, and as of Drupal 8, it uses the bcrypt algorithm.
  • Joomla: Joomla traditionally used MD5, but in recent versions (Joomla 3.x), it has moved to using bcrypt for password hashing.
  • Django (web framework): Django, a web framework used for building web applications, commonly uses the PBKDF2 (Password-Based Key Derivation Function 2) algorithm for password hashing.
  • Plone: Plone, a content management system built on the Zope application server, uses SHA-256 for password hashing.
  • TYPO3: TYPO3, a popular open-source CMS, typically uses the phpass library, which supports various hashing algorithms. The specific algorithm can be configured, but commonly it uses bcrypt.
  • Umbraco: Umbraco, a .NET-based CMS, uses the bcrypt hashing algorithm for password storage.
  • SilverStripe: SilverStripe, a PHP-based CMS and framework, uses bcrypt for password hashing.
  • MODX: MODX, a flexible and extensible CMS, uses the phpass library and supports various hashing algorithms. Bcrypt is a common choice for password hashing.
  • ExpressionEngine: ExpressionEngine, a CMS and web application framework, uses the bcrypt hashing algorithm for password security.
CMS/PlatformPrevious HashingHashing Algorithm
WordPressMD5Bcrypt (v2.5+)
MagentoMD5Bcrypt (v2.3+)
DrupalMD5, SHA-512 (v7)Bcrypt (v8+)
JoomlaMD5Bcrypt (v3+)
Django-PBKDF2
Plone-SHA-256
TYPO3ConfigurableBcrypt
Umbraco-Bcrypt
SilverStripe-Bcrypt
MODXConfigurableBcrypt
ExpressEngine-Bcrypt

It's important to note that the choice of hashing algorithm is crucial for the security of user passwords. More secure algorithms like bcrypt is recommended over older and less secure options like MD5 or SHA-1. Additionally, the specific hashing algorithm used can depend on the version of the CMS or the configuration settings. It's always a good practice to keep your CMS and its components up to date to benefit from the latest security enhancements.


Related Resources