WordPress.org

Ready to get started?Download WordPress

Forums

DB password is in clear text (2 posts)

  1. shochatd
    Member
    Posted 1 year ago #

    I am brand new to WordPress (trying to teach myself and get a better idea of its suitability for a project). I did some web searching on this, but was left still not understanding what to do. I have installed WordPress on my Ubuntu system (already had apache2, PHP 5.4.6, MySQL 5.5.29) and it appears to be running fine. What is bothering me is that when I look at line 25 of wp-config.php, I see my database password in clear text. I realize that WordPress has to be able to authenticate itself to the database somehow and this seems like the most obvious way to make that happen. Is there not some more secure way that doesn't leave such sensitive information sitting out there all the time? I could make the file readable only by www-data, but that doesn't seem like much protection. Something I read seemed to have MySQL storing the MD5 hash of the password, but I don't understand how this solves the problem. Maybe there's a document someone can point me to.
    Thanks from a newbie.

  2. esmi
    Forum Moderator
    Posted 1 year ago #

    It's really not a security issue. The wp-config.php file is not accessible via the WP back end interface. In fact the only way you can access it is via the server. And if someone has gotten access to the server to read your wp-config.php file, you have a lot more to worry about than just a plain text password.

Topic Closed

This topic has been closed to new replies.

About this Topic