WordPress doesn't ever store client passwords as plain content. This is the essential motivation behind why, on the off chance that you forget or lose your password, you have to reset it. Your password is not stored by wordpress, regardless of the possibility that if your database is hacked, the hacker won't does not know what your original password was. This is the reason why we hashed our password.

At the point when a password is supplied for verification, the validation will include a touch of "salt" to make the string any longer and more protected. At that point,  cryptographic calculation is applied to it to make the password more protected. A particular plain content string will  produce the same hash. Its absolutely impossible.

Distinctive hashing calculations have contrasting levels of security in light of the relative sizes of the hash strings created. A few (like SHA-2) are broadly acknowledged as being secure – meaning they haven't been effectively misused (yet). WordPress utilizes an open source library, the Portable PHP secret key hashing structure, to produce hashed strings utilizing a few accessible calculations.

Example of password hashing:

<?php
$wp_hasher = new PasswordHash(8, TRUE);

$password_hashed = '$P$BBCDD55D6LjfHDkINU5wF.v2BuuzO0/XPk/';
$plain_password = 'hellotest';

if($wp_hasher->CheckPassword($plain_password, $password_hashed)) {
    echo "YES, Matched";
} else {
    echo "No, Wrong Password";
}
?>

You can also use Blowfish DES (if accessible) rather than MD5 to hash the password with 16 rounds of hashing:

$wp_hasher = new PasswordHash(16, FALSE);
$hashedPassword = wp_hash_password($password);