diff --git a/passman-dev/php/passman/register.php b/passman-dev/php/passman/register.php
index 1c3516f..a4abd0d 100644
--- a/passman-dev/php/passman/register.php
+++ b/passman-dev/php/passman/register.php
@@ -37,8 +37,17 @@ if ($_SERVER["REQUEST_METHOD"] === "POST") {
 			$login_message = "Database error (prepare failed).";
 			$result = false;
 		} else {
-			$stmt->bind_param("ss", $new_username, $new_password);
-			$result = $stmt->execute();
+			// Hash the password before storing it.
+			// Never store login passwords in plaintext.
+			$password_hash = password_hash($new_password, PASSWORD_DEFAULT);
+			if ($password_hash === false) {
+				$login_message = "Password hashing failed.";
+				$result = false;
+			} else {
+				// Store the hash (not the plaintext password).
+				$stmt->bind_param("ss", $new_username, $password_hash);
+				$result = $stmt->execute();
+			}
 			$stmt->close();
 		}