astable
Forum Replies Created
-
Forum: Installing WordPress
In reply to: Security – Should I delete my ‘wp-config.php’Yes, I know that an Apache/PHP error is not very probable but it’s possible, no?
I’m searching the way to connect with mysql passing a md5 password but I don’t know if it’s possible.
Maybe, I am a little crazy (xD) but I think the password (and protect it) is the most important thing is a website. The other things in a website or blog are public and I can do a backup.
Forum: Installing WordPress
In reply to: Security – Should I delete my ‘wp-config.php’I am not agree about security in wp-config.php.
In wp-config.php, our passwords are always visible for the admins and, for example, if an error about Apache/PHP configuration occurs, code of php pages can be visible for visitors. It’s very dangerous.I think There should be a solution for that, right?
Forum: Fixing WordPress
In reply to: username and password in plain text (wp-config.php)Yes, I have already tried it (and it’s secure). But, for example, If I host my blog in a shared web hosting, other users can see my wp-config.php (in some cases) and, then, see my password.
A password stored in a database is secure and however it isn’t stored in plain text. I think admins shouldn’t be able to see password of the users.
making a md5 (or another one method) of the password is one lawer more of security for a web site, I think. If ever someone hack my web hosting, I dont want he can read my password.
I now wp-config.php is very secure, but I think my reasons are reasonable. I don’t doubt about security in wordpress, of course, I really doubt about hosting and admins xD