WordPress Password Match From Outside of WordPress

Here is how you can match a wordpress user from outside of wordpress. We just need to include wordpress class-phpass.php which contains functions for matching wordpress user password.

This code is sometimes very useful if you are creating API or any other script outside of wordpress.

public function test2()
    {

        require_once('class-phpass.php' ); //class taken from wp-includes folder of wordpress

            $conn = mysqli_connect('localhost','root','','dbname');
            if (!$conn){
                        echo "Could not connect: " . mysql_error();
                        exit();
            }
            // wordpress' username that his password going to compare
            $user = 'testuser@test.com';
            $user_name = htmlspecialchars($user,ENT_QUOTES);
            // plain password to compare
            $password = 'testtest';
            $hasher = new PasswordHash(8, TRUE);
            // get user_name's hashed password from wordpress database
            echo $queryx = "select * from wp_users where user_login='$user_name'";
            $Resultx = mysqli_query($conn,$queryx);

            while($row = mysqli_fetch_array($Resultx)){
                 $passnya = $row['user_pass'];
            }
            // compare plain password with hashed password
            if ($hasher->CheckPassword( $password, $passnya )){
                echo "MATCHED";
            } else {
                echo "NO MATCHED";
            }
    }

That’s All. 🙂