Customer Password and Credit Card Info

Yes, you can move a WP-database using phpMyAdmin.

Wix and other cookie-cutter website platforms make it near impossible for you to do that because they want you trapped into paying them or risk losing your customer base.

It’s not a good idea to keep customer credit cards in your database unless you’re PCI Compliant. You may want to consider using PayPal or Stripe for checkout.

To transfer WP password hashes to another platform, the other platform would need to use the exact same hashing scheme. The hash in part relies upon unique salts, so transferring to another platform will not work.

However, you can import MD5 hashes into WP with phpMyAdmin and WP will correctly transform them to its own hashing scheme.

Thank you both for taking the time to answer my question.

@bcworkz – does this mean that if I import the MD5 hashes into WP, that I can later use the same hash to transform them onto an outside platform? Or does transferring out of WordPress just not work?

Well, if the MD5 remained untouched, it could be exported. But as soon as WP verifies a password, the MD5 is transformed into the WP hashing scheme. So the only export that would work would be the hashes of inactive users.

I suppose if a destination site used the same hashing scheme AND specified the same salt constants, one could successfully export. Probably the only way that would happen is to another WP site.

As I typed that last paragraph, it dawns on me that a different salt shouldn’t invalidate the hash. Changing salts on a WP site invalidates any auth cookies so users have to log in again, but their hash remains valid despite a different salt. Anyway, the destination site would still need to use the same hashing scheme, which is unlikely.

FWIW, the WP hashing scheme is declared here:
You can see at its heart it’s still MD5, but it’s wrapped in another encoded package which makes it largely incompatible with other sites.

Thank you for explaining all of that!

I guess I’m resigned to being unable to future proof myself when it comes to the passwords. Hopefully my users will forgive me in the future should I ever need to make that password change happen.

Appreciate all of your help and guidance. I’m satisfied and believe this issue can be closed.

PS – this support and general ability to make things work is why I’m happy I’m moving to WordPress 🙂

  • This reply was modified 3 days, 2 hours ago by langemf.

If I understand your situation, you want to move your client base from Wix to WP with as little inconvenience to the customer as possible. And if you decide to change platforms later, you want to be sure your database will be portable.

I thought there could be a way to move your database from Wix over to WP by using a JSON server or something, so I did some quick research and found this article (

I hope that helps, but I did not see anything about migrating existing users, emails, and passwords.

If you have their email addresses, you can set up an account for each of them on your WP site by adding them as a new user, and it will send them an email (optionally) to complete the registration process.

The best thing I can suggest here is communication with your customers. Look at it as a reason to send out a newsletter.

Additionally, if a user logs into your new site and their password doesn’t work, you can put a message saying if they joined the website before a specific date to please reset their password and provide them with a link. A user would understand that better than just wondering why their login and password isn’t working.

Hi Michael,

I’ve gone through a lot of those sites about migration and come up pretty empty-handed. I totally understand why it’s so difficult to do anything to passwords given the security concerns, so I agree with you that I’ll just need to have open and good communication with customers.

Thank you for taking the time to look into this for me, I really appreciate that! For now I will just go ahead with my site and worry about the future in the future.

Source link