What is the longest allowable username and password for a WP site?

What is the longest allowable username and password for a WP site?

  • Rupok

    Hi Michael

    I hope you had a wonderful day.

    If we look at the WordPress default database structure, we can see "user_login" field has a character limit of 60. So the username can be maximum of 60 characters.

    For "user_pass", the field character limit is 255 but there is a tricky thing. WordPress NEVER stores your password in plain text format. It encrypts the password with MD5 hashing algorithm. The MD5 message-digest algorithm is a widely used cryptographic hash function producing a 128-bit (16-byte) hash value, typically expressed in text format as a 32 digit hexadecimal number.

    So theoretically you do not have any limit for the length of your password. The longer the password, the more memory your server will need to process that. But PHP contains some safety checks on the maximum request size to avoid malicious users from filling up your memory. As long as your server is able to handle insane amount of load, sky is your limit for passwords.

    Have a nice day. Cheers!

  • Kasia Swiderska

    Hello Mike,

    What would you say would be an "industry-standard" in this regard for max for each, in a practical sense?

    I don't thinks there is some "industry-standard" for this when it comes to lengths. Password should be safe. This (shorter password) $%#e$5rRT is safer than qazxswedcvfr because it's harder to break.
    I personally use 20 to 26 chars for passwords. With upper, lower, numbers and other chars in random order.

    With regards to taking up a lot of memory, why would even the max length take up any significant amount of memory? Isn't it only stored on one record in the WP database?

    Yes, but like Rupok said before it is encrypted password with MD5 hashing algorithm. And to process algorithm you need memory (computer need memory) - more advanced algorithm, more complicated then it needs more resources. If you are interested in this subject there is RTC about the MD5 http://www.faqs.org/rfcs/rfc1321.html

    kind regards,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.