WordPress.org

Ready to get started?Download WordPress

Forums

NextScripts: Social Networks Auto-Poster
Great Idea but worried about password storage (3 posts)

5 stars
  1. jbbaab44
    Member
    Posted 1 year ago #

    So. i bought this mainly because of the feature to post to google+ since there's nothing out there that works so far for me. But after reading about the setup and installation of the Google+ API for nextscripts i read this crazy statement, "Please note that WordPress is not storing your Google+ password in very secure manner, so you better create a separate G+ account for your website."

    I don't want to put all the blame on nextscripts here for this since i don't know if there's a secure password work-around, so i applaud them for attempting a solution for Google+, but i mean it's pretty worthless to me if my original google+ account for my website should not be used.

    If you want to pay for this plugin you will have to ask yourself two questions . . .
    - is it worth paying for the opportunity for a hacker to hack the password to your google+ account?
    - is it worth setting up a separate google+ account just for this plugin's sake?

    Those are questions you will have to ask yourself. I would have rated it higher, but this plugin does not make sense for me to use.

    == edit 3-28-13 ==
    after dialogue with support staff it seems that the password storage issue is not as 'crazy' as i made it to be. NextScripts does a good job with this plugin. Wish the password didn't have to be stored on wordpress's database, but this is the best solution out there now . . . and a good one.

  2. NextScripts
    Member
    Plugin Author

    Posted 1 year ago #

    There is nothing "crazy" about this statement. This is just the standard warning about the fact that access to Google+ requires password.

    There is also nothing really "dangerous" about that fact. Your Google+ password is encrypted and stored in the WordPress database. Theoretically hacker can crack your WordPress website, steal your database, reverse-engineer our plugin code, crack our encryption and get to your Google+ password.

    Again all this is possible only if someone hacks/steals your WordPress website first, so keep your WordPress secure and you will be fine.

    There is no way around it. Google+ requires password for autoposting, and this password must be saved somewhere.

    Also that fact that Google (again not plugin, but Google) requires password for autoposting is certainly not a reason to give plugin bad rating.

  3. jbbaab44
    Member
    Posted 1 year ago #

    I apologize for my evaluation. i don't know too much about that stuff, and what i read really surprised me. thanks for your explanation

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.