WordPress.org

Support

Support » How-To and Troubleshooting » username and password in plain text (wp-config.php)

username and password in plain text (wp-config.php)

  • Hi,

    I have seen than username and password of the database are stored in plain text in wp-config.php file.
    Is there any way to store it with md5? I think to store a password in plain text is not a good idea. Mainly, in a shared hosting where, often, users can read (but no write) other users directories.
    I have though in hacking wordpress to suport md5 to store password and to validate login. What do you think about?

    Thank you very much

Viewing 2 replies - 1 through 2 (of 2 total)
  • Try visiting your wp-config.php in your browser. It’s not as insecure as you think….

    Yes, I have already tried it (and it’s secure). But, for example, If I host my blog in a shared web hosting, other users can see my wp-config.php (in some cases) and, then, see my password.

    A password stored in a database is secure and however it isn’t stored in plain text. I think admins shouldn’t be able to see password of the users.

    making a md5 (or another one method) of the password is one lawer more of security for a web site, I think. If ever someone hack my web hosting, I dont want he can read my password.

    I now wp-config.php is very secure, but I think my reasons are reasonable. I don’t doubt about security in wordpress, of course, I really doubt about hosting and admins xD

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘username and password in plain text (wp-config.php)’ is closed to new replies.
Skip to toolbar