It stores the password in plain text format even in the database.
Oh great! Even better! Why not just put the password on the front page of your wordpress site for everyone to see. You might as well.
hahaha .. I found Mail Bank better as it encrypts the password before storing it in the database.
Also, in many other SMTP plugins, even if the password shows as hidden (*****), you can still see it using view-source. Whereas in Mail Bank, it shows the password as ***** even when you view the page source.
So, Mail Bank is definitely better.
Thanks for the tip Vinayy. I’m going to check out Mail Bank right now.
It is a serious claim.
Doesn’t the developer want to respond?
It would be helpful if they confirmed or denied the above claims.
The password is stored unencrypted because it has to be sent clear text down the road to send an email. That’s how it works. There is NOTHING you can do with that.
Other plugins are not more secure because they are using reversible encryption, which is useless as their plugins are open-source (anyone can take a look and see how they “encrypt” yours). Reversible encryption might be a bit more secure if all the passwords are stored on 3rd party server with extra several layers of security (same as 1Password, KeePass, LassPass etc – with a master password and other hardening techniques). But no one is doing that for a free plugin, as it’s extremely complicated.
You can define the password in a php file, like wp-config.php, using constants. Read the instructions in WP Mail SMTP plugin file header. So it won’t be in a database, but will be in a php file. WordPress uses the same scenario to store your DB credentials, do you consider this being safe? It still needs to be stored in plain text.
-
This reply was modified 7 years, 8 months ago by
Slava Abakumov.
-
This reply was modified 7 years, 8 months ago by Slava Abakumov. Reason: typos and more details
-
This reply was modified 7 years, 8 months ago by Slava Abakumov.
-
This reply was modified 7 years, 8 months ago by Slava Abakumov.
@slaffik – good on you for even dignifying this review with a response. This review and the others like it are either (a) written by people whose knowledge of security seems to be limited to “plaintext passwords are evil”; or (b) people who are just trying to lower this plugins review for some other reason.
You could probably prevent these idiots from saying anything if you set the input type=password on the settings page and provide a different input element for updating it.
@slaffik
While I do see the problem I would at least like to see it hidden in the settings screen.
There is a difference between somebody needing to have access to your database (or the technical ability for an admin user to see it through a plugin in WordPress) and anyone who has access in the backend or – even worse – someone just looking over my shoulder while I am in that screen. I am setting this up while I am in a coffee shop for example (using SSL).
I would at least like to see it being a password field instead of being a plain text field just for basic over-the-shoulder security.
Encrypted in the database is again a bit better than plain text since I think more people are able to use a database browser than reading PHP and decrypting the password by hand, but that just depends on how much time you have available. I personally would appreciate a reply-to field more than the password encrypted in the database. But a *password* field in the form even more.
Again – these are incremental increases in security and nothing can make it truly secure since you do need to be able to access the password to send mail.
Apart from that – great plugin đ
@markcanada
Thank you for constructive and deliberated feedback.
I will make the password input as the type="password".
Regarding Reply-to – lots of plugins are redefining this property, like all forms plugins. But I will see what can be done.
