username and password in plain text (wp-config.php) (3 posts)

  1. astable
    Posted 10 years ago #


    I have seen than username and password of the database are stored in plain text in wp-config.php file.
    Is there any way to store it with md5? I think to store a password in plain text is not a good idea. Mainly, in a shared hosting where, often, users can read (but no write) other users directories.
    I have though in hacking wordpress to suport md5 to store password and to validate login. What do you think about?

    Thank you very much

  2. vkaryl
    Posted 10 years ago #

    Try visiting your wp-config.php in your browser. It's not as insecure as you think....

  3. astable
    Posted 10 years ago #

    Yes, I have already tried it (and it's secure). But, for example, If I host my blog in a shared web hosting, other users can see my wp-config.php (in some cases) and, then, see my password.

    A password stored in a database is secure and however it isn't stored in plain text. I think admins shouldn't be able to see password of the users.

    making a md5 (or another one method) of the password is one lawer more of security for a web site, I think. If ever someone hack my web hosting, I dont want he can read my password.

    I now wp-config.php is very secure, but I think my reasons are reasonable. I don't doubt about security in wordpress, of course, I really doubt about hosting and admins xD

Topic Closed

This topic has been closed to new replies.

About this Topic