By default, WordPress uses the notoriously weak MD5 algorithm to hash user passwords. This design flaw in the WordPress core makes it significantly easier for people who have gained access to your database to figure out user passwords. Luckily, it’s possible to upgrade WordPress to use the much stronger bcrypt algorithm. All that needs to be done is install this plugin:
This is a simple and effective way to harden WordPress security, so we have made it standard practice here at Beaker Studio. You should too!