SMTP Password is stored in clear | WordPress.org

ted_smith
(@ted_smith)

11 years, 2 months ago

Hi

The SMTP Authentication password appears in plain text in the settings. Is the password then transmitted in a “public” way? i.e. if the site is used over http instead of https, is there a realistic possibility that without too much difficulty the password could be seen by anyone using my contact form? Or would they only be able to do so if they had compromised my system or my network etc in the first place? What I’m getting at is, could Joe Public see this password just by visiting my website?

http://wordpress.org/extend/plugins/wp-mail-smtp/

Viewing 1 replies (of 1 total)

andrew_wilkes
(@andrew_wilkes)

10 years, 11 months ago

The password is transmitted from the web server of the website to the SMTP server, so Joe Public cannot see it since he is connected to the web site via another path.

As Joe Public, all you can see is the web page source or data traffic between your browser and the website server (if you use a packet sniffing tool such as WireShark).

Viewing 1 replies (of 1 total)

The topic ‘SMTP Password is stored in clear’ is closed to new replies.

Tags

In: Plugins
1 reply
2 participants
Last reply from: andrew_wilkes
Last activity: 10 years, 11 months ago
Status: not resolved