WordPress.org

Ready to get started?Download WordPress

Forums

WP Mail SMTP
Works As It Should (4 posts)

2 stars
  1. BenNieIV
    Member
    Posted 1 year ago #

    But the password field is not hashed let alone hidden. Anyone with Admin control can view the email password. That alone makes this plug-in unusable.

  2. Ewout
    Member
    Posted 1 year ago #

    hiding the password field is easy, just change type=text to type=password, but I too would like to see the password saved more securely. I have no idea if most SMTP servers accept a hashed password, perhaps it could be an option?

  3. Callum Macdonald
    Member
    Plugin Author

    Posted 1 year ago #

    This is a very commonly quoted issue, and it's 100% nonsensical.

    Let's think this through. In order to send an email WordPress needs to know the password. Therefore, we need to store the password so that WordPress can use it later in plain text. So, it's not possible to encrypt it, secure it, or otherwise hold it "safely" short of some incredibly complex solution which won't work on shared hosting, would require extensive server configuration, etc.

    Thus, as the plugin developer, I have 2 choices. Choice one, I could put add the type="password" and then the ignorant user thinks, oh awesome, my password is "safe". But anyone who looks at the source code of the page, or at the /options.php page easily finds the password. Or, I could simply leave the password in plain text as it must be stored anyway.

    I'm about to release a new version which makes it clear on the admin page to avoid this issue. Seems like many people don't bother looking up or thinking through the issue and just complain.

  4. eminozlem
    Member
    Posted 1 year ago #

    @Callum Macdonald

    I am totally with you on this one. Besides, even if this was a defect, it's not as a big one to rate 2 stars.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.