I noticed that the Amazon aws credentials are stored in the clear and visible simply by looking at the HTML source code. Is there a way to secure these outside the db and put them in wp-config.php or somewhere else that is not so easily accessible?
Thank you for reaching out and I am happy to help! Can you please share if you are seeing this while logged in and can you please let me know the website URl?
Thank you for your feedback. Since those credentials are added there manually, yes, they may be showing in the source.
However, this is the only opion to use the CDN with the credentials added, since the plugin is pulling the information from the configuration and not the wp-config.
Let me check this more and I’ll get back to you with more info.
Thanks. Yes, I’d prefer to not add the credentials through the interface. This makes them accessible to any admin. Even if the admins can be trusted, if their account is compromised, the credentials are then accessible to a hacker.
It would be great if there was an option to add these credentials through the wp-config file instead. Thanks for looking into this.
Viewing 4 replies - 1 through 4 (of 4 total)
The topic ‘How can I remove AWS credentials from HTML source?’ is closed to new replies.