Support » Plugin: WP User Manager - User Profile Builder & Membership » Are Users’ passwords stored in plain text?

  • Resolved Webcie Noordpole

    (@webcienoordpole)


    I noticed that when a user registers at our website, the confirmation mail they receive contains the user’s username and password in plain text.
    This is a huge red flag to me because it means that the passwords are stored in plain text in the database too.

    Is it possible to store the passwords in an encrypted way?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author WP User Manager

    (@wpusermanager)

    The password is not stored in the database as plain text.

    WP User Manager creates the user record on registration and generates a random password, that is then encrypted and saved in the database (as per the WordPress usual user system). But at the time the email is sent, the password has just been generated so it can be sent in the email for the user.

    This saves the new user having to reset the password to access the site for the first time.

    Thank you for your answer.
    So the password that the user chooses overwrites the randomly generated password and is then also encrypted?

    Plugin Author WP User Manager

    (@wpusermanager)

    You’re welcome. Yes correct, if they change the password from their account, once they have logged in with the initial password, their new password is encrypted and stored in the wp_users table.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.