WordPress.org

Forums

username and password in plain text (wp-config.php) (3 posts)

  1. astable
    Member
    Posted 10 years ago #

    Hi,

    I have seen than username and password of the database are stored in plain text in wp-config.php file.
    Is there any way to store it with md5? I think to store a password in plain text is not a good idea. Mainly, in a shared hosting where, often, users can read (but no write) other users directories.
    I have though in hacking wordpress to suport md5 to store password and to validate login. What do you think about?

    Thank you very much

  2. vkaryl
    Member
    Posted 10 years ago #

    Try visiting your wp-config.php in your browser. It's not as insecure as you think....

  3. astable
    Member
    Posted 10 years ago #

    Yes, I have already tried it (and it's secure). But, for example, If I host my blog in a shared web hosting, other users can see my wp-config.php (in some cases) and, then, see my password.

    A password stored in a database is secure and however it isn't stored in plain text. I think admins shouldn't be able to see password of the users.

    making a md5 (or another one method) of the password is one lawer more of security for a web site, I think. If ever someone hack my web hosting, I dont want he can read my password.

    I now wp-config.php is very secure, but I think my reasons are reasonable. I don't doubt about security in wordpress, of course, I really doubt about hosting and admins xD

Topic Closed

This topic has been closed to new replies.

About this Topic