Title: Security weakness
Last modified: February 18, 2025

---

# Security weakness

 *  Resolved [tufty](https://wordpress.org/support/users/tufty/)
 * (@tufty)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/security-weakness/)
 * Hi, first of all, this is a GREAT plugin, thank you.
 * My only issue with it is that if an error occurs from a url with an auth_secret
   on the end of it, then the auth secret is sent by email over the open internet,
   which I don’t think is good practice. Maybe it would be good to strip by default
   any query containing the words auth or secret, and the pro version to allow additonal
   customisation.

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [EchoDash](https://wordpress.org/support/users/echodash/)
 * (@echodash)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/security-weakness/#post-18314930)
 * Thanks [@tufty](https://wordpress.org/support/users/tufty/) !
 * Yes actually this was pointed out by one of our Pro customers last year, and 
   we have updated it already in that plugin.
 * It’s not 100% infallible but we now strip out any parameters in the URL or error
   notification message (in the case of HTTP timeout errors) that match (in whole
   or part):
 *     ```wp-block-code
       'password','api_key','apikey','secret','access_token','client_secret','auth','authorization','key','token'
       ```
   
 * And these are replaced by `[REMOVED]`. We are overdue for an update to the free
   plugin, I will try to get that sent out in the next few weeks. Thanks for pointing
   it out 🙂
 *  Plugin Author [Jack Arturo](https://wordpress.org/support/users/verygoodplugins/)
 * (@verygoodplugins)
 * [1 year, 2 months ago](https://wordpress.org/support/topic/security-weakness/#post-18314932)
 * Apologies, I was logged into the wrong .org account when I replied, and it doesn’t
   look like I can delete it. That comment above was from me (Jack), the developer
   🙂

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security weakness’ is closed to new replies.

 * ![](https://ps.w.org/fatal-error-notify/assets/icon-256x256.png?rev=3459916)
 * [Fatal Error Notify](https://wordpress.org/plugins/fatal-error-notify/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/fatal-error-notify/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/fatal-error-notify/)
 * [Active Topics](https://wordpress.org/support/plugin/fatal-error-notify/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/fatal-error-notify/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/fatal-error-notify/reviews/)

 * 2 replies
 * 3 participants
 * Last reply from: [Jack Arturo](https://wordpress.org/support/users/verygoodplugins/)
 * Last activity: [1 year, 2 months ago](https://wordpress.org/support/topic/security-weakness/#post-18314932)
 * Status: resolved