How to make SMTP Authentication hide password

  • I was really annoyed that passwords are visible in the backend, so here is a guide on how to hack it, and change that.

    This is literally 3 words added to the code, and its disappointing that the dev has not already implemented this in an update.

    In the plugin editor for WordPress, edit the only PHP file for WP Mail SMTP plugin.

    Search for this: input name=”smtp_pass” and you will find one match. after the last quotation mark, add a space an insert this: input type=”password”

    That same line of code should now look something like this: input name=”smtp_pass” input type=”password”

    Save the file and your changes have been made.

    https://www.ads-software.com/plugins/wp-mail-smtp/

Viewing 1 replies (of 1 total)

  • Thanks. But this solution only affects visual admin. Anyone with access to DDBB can still see the password in plain text, which is a huge security hole nowadays with wordpress.

    As a good (and recent) example, check how the hackers in the infamous #Panamapapers leack, accesed the email server. They got the DDBB access through an outdated revslider plugin. Then, a smtp plugin (not this one, but similar) that also stored the password in plain text, gave them access to the email servers… ??

    https://www.wordfence.com/blog/2016/04/panama-papers-wordpress-email-connection

Viewing 1 replies (of 1 total)
  • The topic ‘How to make SMTP Authentication hide password’ is closed to new replies.

Tags