diff --git a/src/wp-includes/user-functions.php b/src/wp-includes/user-functions.php
index db87cd49a8..a79d1e8448 100644
--- a/src/wp-includes/user-functions.php
+++ b/src/wp-includes/user-functions.php
@@ -1602,7 +1602,7 @@ function wp_update_user($userdata) {
 	// Escape data pulled from DB.
 	$user = add_magic_quotes( $user );
 
-	if ( ! empty($userdata['user_pass']) ) {
+	if ( ! empty( $userdata['user_pass'] ) && $userdata['user_pass'] !== $user_obj->user_pass ) {
 		// If password is changing, hash it now
 		$plaintext_pass = $userdata['user_pass'];
 		$userdata['user_pass'] = wp_hash_password( $userdata['user_pass'] );
diff --git a/tests/phpunit/tests/user.php b/tests/phpunit/tests/user.php
index 0d2f29e4d6..f0b60d16c6 100644
--- a/tests/phpunit/tests/user.php
+++ b/tests/phpunit/tests/user.php
@@ -954,4 +954,18 @@ class Tests_User extends WP_UnitTestCase {
 
 		wp_new_user_notification( $user, 'this_is_deprecated' );
 	}
+
+	/**
+	 * @ticket 28435
+	 */
+	function test_wp_update_user_no_change_pwd() {
+		$testuserid = 1;
+		$user = get_userdata( $testuserid );
+		$pwd_before = $user->user_pass;
+		wp_update_user( $user );
+		
+		// Reload the data
+		$pwd_after = get_userdata( $testuserid )->user_pass;
+		$this->assertEquals( $pwd_before, $pwd_after );
+	}
 }