Support » Plugin: WP Mail SMTP by WPForms » [Plugin: WP Mail SMTP] Possible alternative to storing plaintext password

  • Thanks for creating this great a plug-in!

    I noticed that the plug-in stores the SMTP password in plaintext (and the related forum messages that point out that this is necessary, since it needs to be sent to the e-mail host to authenticate the account).

    Would it be worth using a symmetric encryption for the password. The key obviously wouldn’t be able be formed from anything stored in the database (defeats the purpose) and would be site-specific rather than user specific.

    For example it could be formed from a fixed plug-in string (appended to the database password) then hashed with wp_hash (which uses site-specific salts). The database password & salts are stored in wp-config.php – so the encryption would only be as secure as that file – but would protect the password if the database was stolen (or simply just viewed).

    But presumably if the database was read/stolen then the password is protected?

  • The topic ‘[Plugin: WP Mail SMTP] Possible alternative to storing plaintext password’ is closed to new replies.