OK I see now that this is an ongoing concern by many. So my next question: is there another more secure option out there for people that want to use a contact form on their wordpress site? Right now I’m using Contact 7.
I’d like to add my vote to this request please. I also need to have the contents of that password field hidden, as it’s a security risk to me when the password is visible.
If you open up the code in the plugin editor, on line 305, change the input type from “text” to “password”:
<td><input name="smtp_pass" type="password" id="smtp_pass" value="<?php print(get_option('smtp_pass')); ?>" size="40" class="code" /></td>
That will make the password appear as discs instead of the actual password. Keep in mind that until the plugin author does this, you’ll have to re-add the password type to the plugin every time it’s upgraded.
Another thing worth mentioning is that anyone who has access to your plugins directory would be able to change it back. Your best bet would be to make sure no one but yourself can access sensitive information like that. It would also be a good idea to use an email address that’s dedicated to emails from your website and not connected to anything else.
Can you fix this ASAP? It is quite dangerous…
I created a ticket for this in the WP track.
The ticket you created says “Plugin: not listed”. I don’t see any connection between the ticket and this plugin.
Thank you for pointing that out. Something must have gone wrong with the creation, I guess 😉
fixed.
This has been asked and requested many times on the plugin’s support page. It is a very bad idea, and will not be implemented.
@callum, how about modifying your plugin’s behaviour regarding the password, so that it stores the password securely in the database but doesn’t need to display it at all on the page. Instead, you can have a field for changing the existing password, once that has been entered and saved – so basically the same functionality as the New Password field on everyone’s WordPress User Profile page, or the way every website account on the internet works. This would be the most secure method of all, and it would set your plugin apart from all the other WP SMTP plugins which do currently show stars/dots to hide the password.
What do you think?
Failing that idea, I’d like to point out that there are security benefits to hiding the password behind dots, even if the password is still visible in the source code. The main benefit is to prevent the password from being read by others (eg. your client) over your shoulder, when you’re on that page. An insecure but hidden password is still better than a plainly-visible password.
Perhaps you can just add a big warning text in bold letters underneath the password field, that explains that although the password is hidden with dots, it’s still insecure (etc etc – whatever warning text is appropriate). This would solve your concern that hiding the password “simply hides the issue from users”, as you wrote. If you make sure the user is fully aware that it’s still insecure, then you can safely provide the hidden password for them. Right?
I think it’s worth noting that literally every other WP SMTP plugin at wordpress.org hides its SMTP password behind dots. WP Mail SMTP is the only one that doesn’t do this. Which sadly makes it look less secure than the others, even if that may not actually be the case.
I hope that one of the above ideas (ideally the idea in my first paragraph) might work as an acceptable solution for you. Could you please respond with your thoughts, Callum?
