Title: DB password plaintext
Last modified: August 18, 2016

---

# DB password plaintext

 *  [eliben](https://wordpress.org/support/users/eliben/)
 * (@eliben)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/db-password-plaintext/)
 * Hello,
 * Why does the MySQL password stored as plaintext in the configuration file ? Isn’t
   it safer to store a (salted) hash of it (say SHA-256) ?

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [theapparatus](https://wordpress.org/support/users/theapparatus/)
 * (@theapparatus)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/db-password-plaintext/#post-661967)
 * The password doesn’t go anyway. It’s not sent as traffic when folks visit your
   site. It’s contained within a php file so a trouble maker would have to gain 
   access to the server to be able to read that file and, if they have that level
   of access, you’ve got worse issues to think of.
 * Gotta admit that I can’t think of any software that stores their mysql password
   within a hash. Interesting idea though.
 *  Thread Starter [eliben](https://wordpress.org/support/users/eliben/)
 * (@eliben)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/db-password-plaintext/#post-662031)
 * However, what’s the harm in keeping it as a hash ? This way I can protect the
   password of the database from the people who hacked into the server, or the host
   company that hosts my DB, for that matter.
 * Isn’t this just better in all senses ?
 *  [tank71](https://wordpress.org/support/users/tank71/)
 * (@tank71)
 * [18 years, 5 months ago](https://wordpress.org/support/topic/db-password-plaintext/#post-662052)
 * I think it would add a layer of complication that is not needed. However, I could
   see your idea working as an advanced option.
 * It really isn’t needed by the average WordPress users. As theapparatus pointed
   out, if someone already has access to your server then you have bigger problems
   to worry about. That being said, I don’t think its high on the development teams
   TO-DO list. Maybe make a suggestion in the proper forum and see what others think?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘DB password plaintext’ is closed to new replies.

 * In: [Installing WordPress](https://wordpress.org/support/forum/installation/)
 * 3 replies
 * 3 participants
 * Last reply from: [tank71](https://wordpress.org/support/users/tank71/)
 * Last activity: [18 years, 5 months ago](https://wordpress.org/support/topic/db-password-plaintext/#post-662052)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics