I am brand new to WordPress (trying to teach myself and get a better idea of its suitability for a project). I did some web searching on this, but was left still not understanding what to do. I have installed WordPress on my Ubuntu system (already had apache2, PHP 5.4.6, MySQL 5.5.29) and it appears to be running fine. What is bothering me is that when I look at line 25 of wp-config.php, I see my database password in clear text. I realize that WordPress has to be able to authenticate itself to the database somehow and this seems like the most obvious way to make that happen. Is there not some more secure way that doesn’t leave such sensitive information sitting out there all the time? I could make the file readable only by www-data, but that doesn’t seem like much protection. Something I read seemed to have MySQL storing the MD5 hash of the password, but I don’t understand how this solves the problem. Maybe there’s a document someone can point me to.
Thanks from a newbie.
- The topic ‘DB password is in clear text’ is closed to new replies.