md5.me / crypto toolkit
0 network calls since load

About md5.me

What md5.me is

A small, fast cryptographic toolkit for WordPress admins, sysadmins, and security professionals. Seven tools on one page: MD5 hashing, SHA-1/256/384/512, bcrypt and phpass for modern WordPress passwords, a cryptographically-secure password generator, the eight WordPress secret keys for wp-config.php, .htpasswd entries for nginx and Apache, and a ready-to-run SQL snippet to reset a locked-out WordPress admin.

Why it runs in your browser

Every operation on this site happens client-side, in your tab, using the WebCrypto API and a small amount of self-contained JavaScript. The plaintext you type into the hash and password fields is never sent over the network, never written to a log, never stored in a cookie. You can verify this yourself: open the browser's Network tab and watch. The 0 network calls since load counter at the top of the page is a real measurement, not a marketing line.

Server-side hash generators have a structural problem: they require you to trust the server with the very thing you're trying to protect. A site that hashes your password on its server could log it. A salt generator that mints wp-config.php keys on its server could keep a copy. The only way to prove a site doesn't do that is to not give it the chance.

What it's good for

Day-to-day sysadmin work. Generating fresh WordPress salts after a compromise, hashing a new admin password before pasting it into a database, minting an .htpasswd line to harden wp-login.php, producing strong random passwords for credentials that don't deserve a memorable one. The tools are deliberately narrow: each one does the smallest thing it can do well, with the relevant context and a few words of explanation alongside.

What it's not

A vault, an authenticator, a password manager, or a pen-testing kit. There's no account, no login, no API. The site has no business model that depends on knowing what you do with it.

Who built it

Operated by Plus 1 Limited, a company registered in Greece. The site is one of several tools and services maintained by the same operator, oriented toward WordPress security and operations.