Potential security issue | WordPress.org

Resolved thorm
(@thorm)

10 years, 8 months ago

In log file reg-handler-api.log I can read user password.

ws_plugin__s2member_custom_reg_field_user_pass1 and ws_plugin__s2member_custom_reg_field_user_pass2 sections are not crypted.

P.s. they are NOT custom fileds

https://wordpress.org/plugins/s2member/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author JasWSInc
(@jaswsinc)

10 years, 8 months ago

Hi Thorm 🙂

Thank you for the report. However, this is known to be the case. Please read over this area of your Dashboard and disable logging in your s2Member configuration on a production site. Logs may contain other sensitive data too. Not a good idea to keep these enabled once you go live.

See: **Dashboard → s2Member → Log Files (Debug)**

Thread Starter thorm
(@thorm)

10 years, 8 months ago

Thanks

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Potential security issue’ is closed to new replies.

Tags

2 replies
2 participants
Last reply from: thorm
Last activity: 10 years, 8 months ago
Status: resolved