wp_generate_password( int $length = 12, bool $special_chars = true, bool $extra_special_chars = false ): string

Generates a random password drawn from the defined set of characters.

Description

Uses wp_rand() to create passwords with far less predictability than similar native PHP functions like rand() or mt_rand().

Parameters

$lengthintoptional
The length of password to generate.

Default:12

$special_charsbooloptional
Whether to include standard special characters.

Default:true

$extra_special_charsbooloptional
Whether to include other special characters.
Used when generating secret keys and salts.

Default:false

Return

string The random password.

More Information

This function executes the random_password filter after generating the password.

Normal characters: abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789

Special characters: !@#$%^&*()

Extra special characters: -_ []{}<>~`+=,.;:/?|

Source

function wp_generate_password( $length = 12, $special_chars = true, $extra_special_chars = false ) {
	$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
	if ( $special_chars ) {
		$chars .= '!@#$%^&*()';
	}
	if ( $extra_special_chars ) {
		$chars .= '-_ []{}<>~`+=,.;:/?|';
	}

	$password = '';
	for ( $i = 0; $i < $length; $i++ ) {
		$password .= substr( $chars, wp_rand( 0, strlen( $chars ) - 1 ), 1 );
	}

	/**
	 * Filters the randomly-generated password.
	 *
	 * @since 3.0.0
	 * @since 5.3.0 Added the `$length`, `$special_chars`, and `$extra_special_chars` parameters.
	 *
	 * @param string $password            The generated password.
	 * @param int    $length              The length of password to generate.
	 * @param bool   $special_chars       Whether to include standard special characters.
	 * @param bool   $extra_special_chars Whether to include other special characters.
	 */
	return apply_filters( 'random_password', $password, $length, $special_chars, $extra_special_chars );
}

Hooks

apply_filters( ‘random_password’, string $password, int $length, bool $special_chars, bool $extra_special_chars )

Filters the randomly-generated password.

Changelog

VersionDescription
2.5.0Introduced.

User Contributed Notes

  1. Skip to note 9 content

    You can use the wp_generate_password() function to create a unique hash that can be added as a parameter to URLs. This is useful in scenarios such as cache busting (forcing the browser to re-fetch the page instead of using a cached version) or generating unique referral links.

    Here’s an example of how to implement this:

    $url = home_url( '/some-location' ); // Get some URL of your WordPress site
    $url = add_query_arg( array(
        '_some_param' => wp_generate_password( 32, false, false ) // Generate a unique hash
    ), $url );
    
    wp_safe_redirect( $url ); // Safely redirect to the new URL

    You can replace home_url() with any other URL you want to use as the base.

You must log in before being able to contribute a note or feedback.