Works As It Should (4 posts)

  1. BenNieIV
    Posted 3 years ago #

    But the password field is not hashed let alone hidden. Anyone with Admin control can view the email password. That alone makes this plug-in unusable.

  2. Ewout
    Posted 3 years ago #

    hiding the password field is easy, just change type=text to type=password, but I too would like to see the password saved more securely. I have no idea if most SMTP servers accept a hashed password, perhaps it could be an option?

  3. Callum Macdonald
    Plugin Author

    Posted 3 years ago #

    This is a very commonly quoted issue, and it's 100% nonsensical.

    Let's think this through. In order to send an email WordPress needs to know the password. Therefore, we need to store the password so that WordPress can use it later in plain text. So, it's not possible to encrypt it, secure it, or otherwise hold it "safely" short of some incredibly complex solution which won't work on shared hosting, would require extensive server configuration, etc.

    Thus, as the plugin developer, I have 2 choices. Choice one, I could put add the type="password" and then the ignorant user thinks, oh awesome, my password is "safe". But anyone who looks at the source code of the page, or at the /options.php page easily finds the password. Or, I could simply leave the password in plain text as it must be stored anyway.

    I'm about to release a new version which makes it clear on the admin page to avoid this issue. Seems like many people don't bother looking up or thinking through the issue and just complain.

  4. eminozlem
    Posted 3 years ago #

    @Callum Macdonald

    I am totally with you on this one. Besides, even if this was a defect, it's not as a big one to rate 2 stars.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • WP Mail SMTP
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic


No tags yet.