Making WordPress passwords work in Laravel

When you are exporting WordPress users to a Laravel Application, you’ll notice that the hashed password from WordPress will not authenticate in Laravel.

Quick note: an updated version of this post can be found on my personal site.

Now instead of your users having to reset the password, you can do the following;

I) Install the ‘Laravel WP Password’ package and follow the installation instructions.

II) Create an ‘LogFailedAuthenticationAttemp.php’ event listener (‘app/Listeners') and pasted the following code in that file;


      if ( $user ) {
        if ( WpPassword::check($event->credentials['password'], $user->password ) ) {

          $user->password = Hash::make($event->credentials['password']);


This code will hook on a failed login attempt and check if a WordPress password variant does succeed. If it does, it will log the user in and also update the user password to a Laravel hashed variant. If not, it does nothing.

III) Finally, in the EventServiceProvider.php (app/Providers)file add the following under $listen;
‘Illuminate\Auth\Events\Failed’ => [

That’s it. It took me some time to figure out and I thought it might be useful for someone else too.

Related Articles

Comments 0