Is the content in functions.php visible?

  • Resolved xemita

    (@xemita)


    8 months, 3 weeks ago

    Hi,

    I’m having problems with the emails headers sent from woocommerce.

    I’ve found a solution in this forum and implies adding the email password in the functions.php file.

    Is this safe? Can anyone see my email password? If not, how can I solve this?

    Thanks in advance.

    This is the code:

    function my_phpmailer_example( $phpmailer ) {
    $phpmailer->isSMTP();     
    $phpmailer->Host = 'smtp.example.com';
    $phpmailer->SMTPAuth = true; // Ask it to use authenticate using the Username and Password properties
    $phpmailer->Port = 25;
    $phpmailer->Username = 'yourusername';
    $phpmailer->Password = 'yourpassword';
 
    // Additional settings…
    //$phpmailer->SMTPSecure = 'tls'; // Choose 'ssl' for SMTPS on port 465, or 'tls' for SMTP+STARTTLS on port 25 or 587
    //$phpmailer->From = "[email protected]";
    //$phpmailer->FromName = "Your Name";
}
add_action( 'phpmailer_init', 'my_phpmailer_example' );
Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator James Huff

    (@macmanx)

    I recommend getting in touch with WooCommerce’s support about this via https://woo.com/my-account/contact-support/ if you have any of their paid WooCommerce products or https://www.ads-software.com/support/plugin/woocommerce/ if you do not.

    Thread Starter xemita

    (@xemita)

    Thank you.

    Regarding wordpress, is the file functions.php visible for everyone by default? Can that information be seen anyhow? I can see it is set to 644 permission, should we declare it 600?

    Thanks in advance.

    No, the functions.php file in WordPress is not directly visible to everyone by default neither it is accessible through direct browsing by users
    The file is accessible by the server itself to execute the code it contains when necessary for website functionality.


    Now coming to the permissions. The recommended permission for functions.php is 644. Because it allows the web server user (e.g., Apache or Nginx) to read and execute the file, while other users on the server (e.g., FTP users) can only read it. If you change it to 600 it will prevent even the web server from executing the file, causing your website to malfunction entirely.

    Thread Starter xemita

    (@xemita)

    Thank you so much!

    Thread Starter xemita

    (@xemita)

    I’m sorry but I’m a bit confused and I have to reopen this thread.

    I just received this reply from the Woo team saying that putting my email password in functions.php is not safe:

    While the solution you have works, your suspicions that it’s insecure is correct. If WordPress can read it, so could a hacker or a compromised plugin. It also may get your email account suspended if your site sends a high volume of emails.?
    For large numbers of emails we recommend a dedicated high volume SMTP provider which can use your site’s domain name email addresses. See our Email FAQ for more info:?
    ?
    https://woo.com/document/email-faq/#section-5
    ?
    I use the MailJet plugin and their free level of service for my own sites.?

    So, please confirm if it’s safe or not.

    Thanks in advance.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Is the content in functions.php visible?’ is closed to new replies.