Case-Insensitive Passwords

I caught a WP Questions question asking for functionality that produced case-insensitive password functionality for WordPress. I have never considered anything like this, so I dug into the core a bit to see what could be done. As it turns out it was pretty simple, the wp_set_password() and wp_check_password() functions are Pluggable functions so they can be overwritten. Although, I discovered that it wouldn’t let me overwrite wp_set_password() so I had to overwrite wp_hash_password() instead.

The basic premise of my plugin is that it takes the password given to it and forces it to lowercase before hashing it and storing it in the database. When a user logs in, it will take the password input and force it to lowercase, hash it, and compare it to what is stored in the database. This produces the affect of case-insensitivity. The case-insensitivity only works for newly generated passwords, so I built the plugin to check the password submitted without forcing to lowercase, if it fails it will force it to lowercase and check again.

So, I created a little plugin and submitted it to the WP Question asker. If you need case-insensitive passwords, I made the plugin freely available at the WordPress plugin repository (just remember it is less secure to not allow cases in a password).

I do not plan on doing much to maintain this plugin, it pretty much works as is. If you want additional functionality feel free to contact me, but I will probably require a mandatory donation to do any extra work on it.