wp_generate_password

The timeline below displays how wordpress function wp_generate_password has changed across different WordPress versions. If a version is not listed, refer to the next available version below.

WordPress Version: 6.2

/**
 * Generates a random password drawn from the defined set of characters.
 *
 * Uses wp_rand() to create passwords with far less predictability
 * than similar native PHP functions like `rand()` or `mt_rand()`.
 *
 * @since 2.5.0
 *
 * @param int  $length              Optional. The length of password to generate. Default 12.
 * @param bool $special_chars       Optional. Whether to include standard special characters.
 *                                  Default true.
 * @param bool $extra_special_chars Optional. Whether to include other special characters.
 *                                  Used when generating secret keys and salts. Default false.
 * @return string The random password.
 */
function wp_generate_password($length = 12, $special_chars = true, $extra_special_chars = false)
{
    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    if ($special_chars) {
        $chars .= '!@#$%^&*()';
    }
    if ($extra_special_chars) {
        $chars .= '-_ []{}<>~`+=,.;:/?|';
    }
    $password = '';
    for ($i = 0; $i < $length; $i++) {
        $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
    }
    /**
     * Filters the randomly-generated password.
     *
     * @since 3.0.0
     * @since 5.3.0 Added the `$length`, `$special_chars`, and `$extra_special_chars` parameters.
     *
     * @param string $password            The generated password.
     * @param int    $length              The length of password to generate.
     * @param bool   $special_chars       Whether to include standard special characters.
     * @param bool   $extra_special_chars Whether to include other special characters.
     */
    return apply_filters('random_password', $password, $length, $special_chars, $extra_special_chars);
}

WordPress Version: 5.3

/**
 * Generates a random password drawn from the defined set of characters.
 *
 * Uses wp_rand() is used to create passwords with far less predictability
 * than similar native PHP functions like `rand()` or `mt_rand()`.
 *
 * @since 2.5.0
 *
 * @param int  $length              Optional. The length of password to generate. Default 12.
 * @param bool $special_chars       Optional. Whether to include standard special characters.
 *                                  Default true.
 * @param bool $extra_special_chars Optional. Whether to include other special characters.
 *                                  Used when generating secret keys and salts. Default false.
 * @return string The random password.
 */
function wp_generate_password($length = 12, $special_chars = true, $extra_special_chars = false)
{
    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    if ($special_chars) {
        $chars .= '!@#$%^&*()';
    }
    if ($extra_special_chars) {
        $chars .= '-_ []{}<>~`+=,.;:/?|';
    }
    $password = '';
    for ($i = 0; $i < $length; $i++) {
        $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
    }
    /**
     * Filters the randomly-generated password.
     *
     * @since 3.0.0
     * @since 5.3.0 Added the `$length`, `$special_chars`, and `$extra_special_chars` parameters.
     *
     * @param string $password            The generated password.
     * @param int    $length              The length of password to generate.
     * @param bool   $special_chars       Whether to include standard special characters.
     * @param bool   $extra_special_chars Whether to include other special characters.
     */
    return apply_filters('random_password', $password, $length, $special_chars, $extra_special_chars);
}

WordPress Version: 5.1

/**
 * Generates a random password drawn from the defined set of characters.
 *
 * Uses wp_rand() is used to create passwords with far less predictability
 * than similar native PHP functions like `rand()` or `mt_rand()`.
 *
 * @since 2.5.0
 *
 * @param int  $length              Optional. The length of password to generate. Default 12.
 * @param bool $special_chars       Optional. Whether to include standard special characters.
 *                                  Default true.
 * @param bool $extra_special_chars Optional. Whether to include other special characters.
 *                                  Used when generating secret keys and salts. Default false.
 * @return string The random password.
 */
function wp_generate_password($length = 12, $special_chars = true, $extra_special_chars = false)
{
    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    if ($special_chars) {
        $chars .= '!@#$%^&*()';
    }
    if ($extra_special_chars) {
        $chars .= '-_ []{}<>~`+=,.;:/?|';
    }
    $password = '';
    for ($i = 0; $i < $length; $i++) {
        $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
    }
    /**
     * Filters the randomly-generated password.
     *
     * @since 3.0.0
     *
     * @param string $password The generated password.
     */
    return apply_filters('random_password', $password);
}

WordPress Version: 4.6

/**
 * Generates a random password drawn from the defined set of characters.
 *
 * @since 2.5.0
 *
 * @param int  $length              Optional. The length of password to generate. Default 12.
 * @param bool $special_chars       Optional. Whether to include standard special characters.
 *                                  Default true.
 * @param bool $extra_special_chars Optional. Whether to include other special characters.
 *                                  Used when generating secret keys and salts. Default false.
 * @return string The random password.
 */
function wp_generate_password($length = 12, $special_chars = true, $extra_special_chars = false)
{
    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    if ($special_chars) {
        $chars .= '!@#$%^&*()';
    }
    if ($extra_special_chars) {
        $chars .= '-_ []{}<>~`+=,.;:/?|';
    }
    $password = '';
    for ($i = 0; $i < $length; $i++) {
        $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
    }
    /**
     * Filters the randomly-generated password.
     *
     * @since 3.0.0
     *
     * @param string $password The generated password.
     */
    return apply_filters('random_password', $password);
}

WordPress Version: 4.1

/**
 * Generates a random password drawn from the defined set of characters.
 *
 * @since 2.5.0
 *
 * @param int  $length              Optional. The length of password to generate. Default 12.
 * @param bool $special_chars       Optional. Whether to include standard special characters.
 *                                  Default true.
 * @param bool $extra_special_chars Optional. Whether to include other special characters.
 *                                  Used when generating secret keys and salts. Default false.
 * @return string The random password.
 */
function wp_generate_password($length = 12, $special_chars = true, $extra_special_chars = false)
{
    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    if ($special_chars) {
        $chars .= '!@#$%^&*()';
    }
    if ($extra_special_chars) {
        $chars .= '-_ []{}<>~`+=,.;:/?|';
    }
    $password = '';
    for ($i = 0; $i < $length; $i++) {
        $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
    }
    /**
     * Filter the randomly-generated password.
     *
     * @since 3.0.0
     *
     * @param string $password The generated password.
     */
    return apply_filters('random_password', $password);
}

WordPress Version: 3.9

/**
 * Generates a random password drawn from the defined set of characters.
 *
 * @since 2.5.0
 *
 * @param int $length The length of password to generate
 * @param bool $special_chars Whether to include standard special characters. Default true.
 * @param bool $extra_special_chars Whether to include other special characters. Used when
 *   generating secret keys and salts. Default false.
 * @return string The random password
 **/
function wp_generate_password($length = 12, $special_chars = true, $extra_special_chars = false)
{
    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    if ($special_chars) {
        $chars .= '!@#$%^&*()';
    }
    if ($extra_special_chars) {
        $chars .= '-_ []{}<>~`+=,.;:/?|';
    }
    $password = '';
    for ($i = 0; $i < $length; $i++) {
        $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
    }
    /**
     * Filter the randomly-generated password.
     *
     * @since 3.0.0
     *
     * @param string $password The generated password.
     */
    return apply_filters('random_password', $password);
}

WordPress Version: 3.7

/**
 * Generates a random password drawn from the defined set of characters.
 *
 * @since 2.5
 *
 * @param int $length The length of password to generate
 * @param bool $special_chars Whether to include standard special characters. Default true.
 * @param bool $extra_special_chars Whether to include other special characters. Used when
 *   generating secret keys and salts. Default false.
 * @return string The random password
 **/
function wp_generate_password($length = 12, $special_chars = true, $extra_special_chars = false)
{
    $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
    if ($special_chars) {
        $chars .= '!@#$%^&*()';
    }
    if ($extra_special_chars) {
        $chars .= '-_ []{}<>~`+=,.;:/?|';
    }
    $password = '';
    for ($i = 0; $i < $length; $i++) {
        $password .= substr($chars, wp_rand(0, strlen($chars) - 1), 1);
    }
    // random_password filter was previously in random_password function which was deprecated
    return apply_filters('random_password', $password);
}