WordPress encrypts user passwords with the insecure MD5-based password hashing. To improve this WP User Manager can use the modern and secure bcrypt.
To do this, you need to have the Security addon installed and your site running on PHP 5.5 or greater.
- Navigate to User > Settings
- Click the Security tab
- Turn on the ‘Use more secure password encryption’
The encryption is backwards with passwords created before the setting was enabled and if it is disabled.