WP Tavern › Forums › Create Topic
Gary Encrypted passwords (as opposed to hashed passwords, which can’t be decrypted, and which WordPress uses for user passwords, for example) have very little security value in this instance. The decryption key would need to be stored with WordPress (probably in the wp-config.php file), so in the event of a server breach allowing MySQL access, it’s reasonably likely they’d have access to the key, too. At the very least, they’d have access to the post content. There are also downsides to encrypting the password: – If the decryption key is ever changed, every password on every post would need to be changed. – The passwords aren’t readable if you’re browsing the database – that’s a significant change from being able to see them from phpMyAdmin.
Gary
Encrypted passwords (as opposed to hashed passwords, which can’t be decrypted, and which WordPress uses for user passwords, for example) have very little security value in this instance. The decryption key would need to be stored with WordPress (probably in the wp-config.php file), so in the event of a server breach allowing MySQL access, it’s reasonably likely they’d have access to the key, too. At the very least, they’d have access to the post content.
There are also downsides to encrypting the password: – If the decryption key is ever changed, every password on every post would need to be changed. – The passwords aren’t readable if you’re browsing the database – that’s a significant change from being able to see them from phpMyAdmin.
Name *
Email *
Website:
Topic Title (Maximum Length: 80):
Forum: — No forum —AI and WordPress Articles Blocks Showcase Discussions Events Introductions Jobs and Working in WordPress Podcast Episodes Site and Block Editor
Enter your email address to subscribe to this blog and receive notifications of new posts by email.
Email Address
Submit
Enter the destination URL
Or link to existing content
