WordPress.org

Forums

SB Welcome Email Editor
[resolved] Plain text password stored (2 posts)

  1. groovymoose
    Member
    Posted 3 years ago #

    Hi

    I really like the plugin - enhances the user experience and it works.

    However I would like you to add a warning - in BIG LETTERS - that enabling the 'Remind PW' feature results in the plain text version of passwords being stored. This is generally considered to be a poor security practice.

    Clearly a moment's thought should have been enough for most people to realise that enabling this feature means that the password will be stored in plaintext (or encrypted but with a plaintext key I guess). I must confess that I did not expend a moment's thought!

    I have now disabled it and deleted the plaintext from the user meta table.

    I can see that some admins for some sites would welcome this feature, but I really think a big warning should be out there to explain the consequences of enabling it.

    Many thanks

    http://wordpress.org/extend/plugins/welcome-email-editor/

  2. Sean Barton
    Member
    Plugin Author

    Posted 2 years ago #

    I agree. This is why I added the ability to turn off the reminder system so it doesn't store anything. Of course there is no other way to remind people of their password like this than to store it. I suppose people can now, using this switch, make their mind up as to whether they want it on or not.

    Thanks for voicing your concerns.

    Sean

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • SB Welcome Email Editor
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic