You can encrypt the MD5 encrypted password with
sha1(). You have to encrypt all users passwords (MD5 encrypted) with
sha1() again in your database and in the login page check their password with this
sha1(md5($password)) and compare it with you database.
This will improve your site security quite lot but I'd recommend you to use password_hash() anyway.