arraypress/wp-hash-utils
Composer 安装命令:
composer require arraypress/wp-hash-utils
包简介
A lean WordPress library for hashing, password security, data integrity, and verification
关键字:
README 文档
README
A lean WordPress library for hashing, password security, data integrity, and verification.
Installation
composer require arraypress/wp-hash-utils
Quick Start
use ArrayPress\HashUtils\Hash; // Password security $hashed = Hash::password( $password ); $valid = Hash::verify_password( $password, $stored_hash ); // Data integrity $hash = Hash::data( [ 'user_id' => 123, 'action' => 'purchase' ] ); $file_hash = Hash::file( '/path/to/file.zip' ); // WordPress nonces $nonce = Hash::nonce( 'delete_post_' . $post_id ); $valid = Hash::verify_nonce( $_POST['nonce'], 'delete_post_' . $post_id ); // HMAC authentication $signature = Hash::hmac( $api_data, $secret_key ); $authentic = Hash::verify_hmac( $api_data, $signature, $secret_key );
API
Salt
get_salt(): string
Get combined WordPress salts for hashing.
Password
password( string $password ): string
Hash passwords securely using WordPress methods.
verify_password( string $password, string $hash ): bool
Verify password against hash (timing-safe).
Data
data( mixed $data, string $algo = 'sha256', string $salt = '' ): ?string
Hash any data (arrays, objects, strings). Uses WordPress salt by default. Returns null for invalid algorithms.
file( string $path, string $algo = 'sha256' ): ?string
Hash file contents. Returns null if file doesn't exist or isn't readable.
attachment( int $id, string $algo = 'sha256' ): ?string
Hash WordPress attachment file by ID.
cache_key( mixed $data, string $prefix = '' ): string
Generate cache keys from data: Hash::cache_key( $query, 'posts' ) → "posts_a1b2c3d4"
Nonce
nonce( string $action ): string
Create WordPress nonce for action verification.
verify_nonce( string $nonce, string $action ): bool
Verify WordPress nonce. Returns false for invalid/expired nonces.
HMAC
hmac( mixed $data, string $key = '', string $algo = 'sha256' ): ?string
Generate HMAC for message authentication. Uses WordPress salt if key is empty.
verify_hmac( mixed $data, string $expected, string $key = '', string $algo = 'sha256' ): bool
Verify HMAC (timing-safe comparison).
Common Use Cases
// User authentication $hashed = Hash::password( $user_password ); $valid = Hash::verify_password( $input_password, $stored_hash ); // Form security $nonce = Hash::nonce( 'update_profile' ); if ( Hash::verify_nonce( $_POST['nonce'], 'update_profile' ) ) { // Process form } // File integrity $hash = Hash::file( $uploaded_file ); update_post_meta( $attachment_id, 'file_hash', $hash ); // API security $signature = Hash::hmac( $request_data, $api_secret ); $headers = [ 'X-Signature' => $signature ]; // Caching $cache_key = Hash::cache_key( $complex_query_data, 'results' ); $cached = get_transient( $cache_key );
Security Best Practices
// ✅ Always verify nonces for sensitive actions if ( ! Hash::verify_nonce( $_POST['nonce'], 'delete_post' ) ) { wp_die( 'Security check failed' ); } // ✅ Use verify_hmac() for timing-safe comparisons $valid = Hash::verify_hmac( $data, $signature, $key ); // ❌ Never use == for signature comparison (timing attack risk) // if ( Hash::hmac( $data, $key ) == $signature ) { }
Supported Algorithms
- SHA-256 (default, recommended)
- SHA-1, MD5 (legacy support)
- SHA-512 (high security)
- All PHP
hash_algos()supported
Requirements
- PHP 7.4+
- WordPress 5.0+
License
GPL-2.0-or-later
arraypress/wp-hash-utils 适用场景与选型建议
arraypress/wp-hash-utils 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 10 次下载、GitHub Stars 达 1, 最近一次更新时间为 2025 年 09 月 09 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「security」 「wordpress」 「password」 「hash」 「hashing」 「utilities」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 arraypress/wp-hash-utils 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 arraypress/wp-hash-utils 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 arraypress/wp-hash-utils 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
The PHP class PasswordGenerator serves as a password generator to create memorable passwords like the keychain of macOS ≤ 10.14 did.
Provide a way to secure accesses to all routes of an symfony application.
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
High-level cryptographic primitives and security utilities for Maatify systems including password hashing, reversible encryption, HKDF key derivation, and key rotation.
A library for reading KeePass 2.x databases
It's a barebone security class written on PHP
统计信息
- 总下载量: 10
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 1
- 点击次数: 33
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: GPL-2.0-or-later
- 更新时间: 2025-09-09