Support » Everything else WordPress » Protecting keys before publishing a plugin

  • Resolved Airbuy Africa

    (@kabztyrogr)


    I’d like to upload a plugin in the WordPress directory. Since we are advised not to obfuscate the logic behind certain functions, how do I go about protecting secret keys and any other sensitive information within the PHP code from being meddled with?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    You don’t. Ever. And your plugin would be likely rejected for that reason. That’s not a GPL friendly thing to do.

    If you need to communicate with a 3rd party service then read up on Oauth2 and in your plugin write the code to walk the user through obtaining that token or do it in code.

    But do not look to obfuscate anything in your plugin. It has to be readable and clearly understood in the source and protecting secret keys aren’t that.

    You can ask the plugins team via plugins@wordpress.org for more information.

    That is understandable. I’ll read up on Oauth2. Thank you

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Protecting keys before publishing a plugin’ is closed to new replies.