Drupal is a registered trademark of Dries Buytaert
drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)! drupal 11.3.6 Update released for Drupal core (11.3.6)! drupal 10.6.6 Update released for Drupal core (10.6.6)! cms 2.1.0 Update released for Drupal core (2.1.0)! bootstrap 8.x-3.40 Minor update available for theme bootstrap (8.x-3.40). menu_link_attributes 8.x-1.7 Minor update available for module menu_link_attributes (8.x-1.7). eca 3.1.1 Minor update available for module eca (3.1.1). layout_paragraphs 2.1.3 Minor update available for module layout_paragraphs (2.1.3). ai 1.3.3 Minor update available for module ai (1.3.3). ai 1.2.14 Minor update available for module ai (1.2.14). node_revision_delete 2.0.3 Minor update available for module node_revision_delete (2.0.3). moderated_content_bulk_publish 2.0.52 Minor update available for module moderated_content_bulk_publish (2.0.52). klaro 3.0.10 Minor update available for module klaro (3.0.10). klaro 3.0.9 Minor update available for module klaro (3.0.9). layout_paragraphs 2.1.2 Minor update available for module layout_paragraphs (2.1.2). geofield_map 11.1.8 Minor update available for module geofield_map (11.1.8).
← All modules

php_password

72 sites Security covered
View on drupal.org

Which version should I use?

3.x - The 3.x version provides a forward compatibility layer for sites running Drupal core > 10.1 and < 11.3. If you are running Drupal core 11.3 or greater, this module is not required. It forward ports the functionality of #3530186: Switch to argon2 as the default password hashing algorithm.

1.x, 2.x - The 1.x and 2.x versions replace Drupal's in PHP hashing algorithm with php's native password hashing. This functionality was added to Drupal core in 10.1.0. The module is based on work from the core issue queue #1845004: Replace custom password hashing library with PHP password_hash(). If you are running Drupal core 10.1 or greater, the 1.x and 2.x versions are not required.

Installation

The php_password module will take care of replacing the relevant password services provided by Drupal core.
Installation is as simple as installing any other Drupal module.

Configuration (3.x)

This module doesn't have a lot of configuration needed out of the box. However
you should as a minimum create a services.yml file to configure the password algorithm to use. You may also wish to tweak some of the parameters used to hash new passwords. See The README for more information.

Activity

Total releases
2
First release
Aug 2025
Latest release
7 months ago
Release cadence
14 days
Stability
50% stable

Releases

Version Type Release date
3.0.0 Stable Sep 1, 2025
3.0.x-dev Dev Aug 18, 2025