WordPress.org

Ready to get started?Download WordPress

Forums

WP Mail SMTP
Possible alternative to storing plaintext password (1 post)

  1. Stephen Harris
    Member
    Posted 1 year ago #

    Thanks for creating this great a plug-in!

    I noticed that the plug-in stores the SMTP password in plaintext (and the related forum messages that point out that this is necessary, since it needs to be sent to the e-mail host to authenticate the account).

    Would it be worth using a symmetric encryption for the password. The key obviously wouldn't be able be formed from anything stored in the database (defeats the purpose) and would be site-specific rather than user specific.

    For example it could be formed from a fixed plug-in string (appended to the database password) then hashed with wp_hash (which uses site-specific salts). The database password & salts are stored in wp-config.php - so the encryption would only be as secure as that file - but would protect the password if the database was stolen (or simply just viewed).

    But presumably if the database was read/stolen then the password is protected?

    http://wordpress.org/extend/plugins/wp-mail-smtp/

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags