Hi,
Please see this FAQ: https://updraftplus.com/faqs/in-the-administration-section-it-shows-my-amazon-ftp-etc-passwords-without-using-stars-is-this-safe/
Basically, it explains that any admin can also see starred passwords very easily. If you are relying on browser-starring for security, then it is a false sense of security – it takes about 5 seconds for an admin to undo.
The real solution is either: 1) to make sure that untrustworthy admins are demoted to editors instead of being allowed to continue to be admins or 2) for each site you backup to have its own separate WebDAV username/password, so that a malicious admin on one site cannot access backups from another site. (If you must have malicious admins, that is).
David
