Possible alternative to storing plaintext password (1 post)

  1. Stephen Harris
    Posted 4 years ago #

    Thanks for creating this great a plug-in!

    I noticed that the plug-in stores the SMTP password in plaintext (and the related forum messages that point out that this is necessary, since it needs to be sent to the e-mail host to authenticate the account).

    Would it be worth using a symmetric encryption for the password. The key obviously wouldn't be able be formed from anything stored in the database (defeats the purpose) and would be site-specific rather than user specific.

    For example it could be formed from a fixed plug-in string (appended to the database password) then hashed with wp_hash (which uses site-specific salts). The database password & salts are stored in wp-config.php - so the encryption would only be as secure as that file - but would protect the password if the database was stolen (or simply just viewed).

    But presumably if the database was read/stolen then the password is protected?


Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WP Mail SMTP
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic

  • RSS feed for this topic
  • Started 4 years ago by Stephen Harris
  • This topic is not resolved
  • WordPress version: 3.4.1