Importing users from standard Wordpress auth

Get Help
,
1

Hello,

I need to bulk import users from Wordpress’ standard auth to Auth0, keeping existing passwords intact. A user import using a custom password hash seems to fit the bill, however I’ve had some trouble implementing it. To stop me falling down a rabbit hole, is Wordpress supported?

I’ve searched and all I can find is threads from 3+ years ago saying that Wordpress isn’t supported, despite their being a plugin. Has support been added since then? Using the plugin isn’t an option at the moment.

Thanks in advance!

3

Hi @osman.hankir

Welcome to the Auth0 Community!

Wordpress uses MD-5 based hashing algorithm which was unsupported in the past by Auth0, however, it is supported now days.

You can review our documentation regarding User Migration. Please keep in mind that the custom password hash that you are using is part of the supported ones:

"argon2",
"bcrypt",
"hmac",
"ldap",
"md4",
"md5",
"sha1",
"sha256",
"sha512",
"pbkdf2",
"scrypt"

Hope this helps!
If you have any other questions, feel free to leave a reply!

Kind Regards,
Nik

4

That’s great, thanks! Good to know WordPress is officially supported now.

I was initially thrown off by receiving a ONE_OF_MISSING error pointing to custom_password_hash, though it appears the endpoint was expecting the hash and salt to be base64 encoded.

With that addressed, users are successfully being imported now however I can’t seem to log in using a test profile. (“Wrong email or password” error)

Am I missing something with the payload below?

[
    {
        "email": "firstname.lastname@domain.com",
        "email_verified": false,
        "given_name": "Firstname",
        "family_name": "Lastname",
        "name": "Firstname Lastname",
        "blocked": false,
        "custom_password_hash": {
            "algorithm": "md5",
            "hash": {
                "value": "<base64 encoded value of user_pass in wp_users table>",
                "encoding": "base64"
            },
            "salt": {
                "value": "<base64 encoded output of wp_salt('auth');>",
                "encoding": "base64",
                "position": "prefix"
            }
        }
    }
]

Hope you can point me in the right direction!

5

Hi,

The payload provided appears to be fine. Are you by any chance using a Wordpress plugin named Password Protected? That might interfere with the authentication flow. I will look more into the issue and keep you updated.

Also, could you try it again with the same test user and let me know if it succeeds or not?

Kind Regards,
Nik

6

Thanks Nik

I’m testing with a completely vanilla installation of Wordpress, so there aren’t any plugins that could be interfering.

I’ve tried again with the same test user and (after changing the upsert flag to true so the task doesn’t fail) it still doesn’t work.

Thanks again,
Osman

7

Got it.

Additionally, after a little bit of digging and research, it appears that Wordpress uses PHP password hashing which appears to be using the following hashing algorithms:

  • bcrypt
  • Argon2
  • blake2b

Having these in mind, you could try to import the users using one of the following hashing algorithms when you import the users to check if anything changes. If it is possible, could you check if you encrypt the password using MD5 or anything else on Wordpress’s side?
If you are using MD5, as far as I have researched, it appears that Wordpress do not use pure MD5, which would interfere with the user import.

If you are using MD5 hashing, regarding the ONE_OF_MISSING error, do you also receive a message with it or is the value empty?

Otherwise, the possible causes for the error message that you are receiving would be:

  • The fact that you are not passing in a valid JSON when importing the user. I noticed that your payload appears to be wrapped in an array, you could try removing that. If the original payload is not encapsulated in an array, then that should be fine.
  • The imported hash format you are using is not following the format correctly or it might be mixing formats

If you are still experiencing issues in migrating the users, I would highly recommend to use the Wordpress Plugin for user migration and I understand that you have mentioned that it is not an option at this time.

I will keep investigating internally regarding Wordpress since the documentation on the matter is quite hard to come by.

If you have any other questions, feel free to leave a reply!

Kind Regards,
Nik

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.