WordPress: Update MD5 htpasswd-Hash

[Togijak]

Normal WorPress user are protecting the admin account with  .htaccess and most of this user are using  MD5/SHA1 but it is much more secure to use bcrypt

Quote

Hashing algorithms

bcrypt $2y$ or $2a$ prefix

This algorithm is currently considered to be very secure. Bcrypt hashes are very slow to compute (which is one one the reasons why they are secure). The cost parameter sets the computing time used (higher is more secure but slower, default: 5, valid: 4 to 31).
Warning : think carefully before you try values above 10, this thing is really slow. You could freeze your computer.
Compatibility : Apache since version 2.4 (needs apr-util 1.5+)

md5 (APR) $apr1$ prefix

Apache-specific algorithm using an iterated (1,000 times) MD5 digest of various combinations of a random salt and the password. This is the default (since Apache version 2.2.18).
Compatibility : all Apache versions, Nginx 1.0.3+.

crypt(), also known as crypt(3) no prefix

It used to be the default algorithm until Apache version 2.2.17. It limits the password length to 8 characters. Considered insecure.
Compatibility : all Apache and Nginx versions, Unix only. Plain ASCII characters only.

salted sha-1 {SSHA} prefix

Considered insecure. The use of salt makes it more time-consuming to crack a list of passwords. However, it does not make dictionary attacks harder when cracking a single password.
Compatibility : Nginx 1.0.3+ only.

sha-1 {SHA} prefix

Facilitates migration from/to Netscape servers using the LDAP Directory Interchange Format (ldif). This algorithm is insecure by today's standards.
Compatibility : all Apache versions, Nginx 1.3.13+.

Plaintext (no hashing) no prefix for Apache, {PLAIN} for Nginx

Use plaintext passwords. Insecure.
Compatibility : all Windows and Netware Apache versions, Nginx 1.0.3+.

 

here you find an htpasswd generator for offline use that works with bcrypt