Password remains in database

  • Resolved motivmedia

    (@motivmedia)


    5 years, 4 months ago

    Hey,
    just set up your plugin and actually entered the SMTP credentials into the plugin for testing purposes. Afterwards I added the constants to wp-config.php.

    After that the password field is read-only. I would have guessed that adding said constants would delete the password from the database. But I checked and the password was still stored there in plain text. You might want to look into that or at least notify users of this ??

    For the record, I also tried to comment out the additions to wp-config.php, reload the settings page, cleared username and password, saved that and the uncommented the constants. The password still remained in the database.

    Best regards
    Floutsch

    • This topic was modified 5 years, 4 months ago by motivmedia.
    • This topic was modified 5 years, 4 months ago by motivmedia.
Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi Floutsch,

    I apologize for any confusion. When you add the password first and then defined the constant and reload the page, the password will remain in the database until you save the settings. After you saved the settings, the password field will be read-only and an empty string will be stored in the database. So, even if you remove the constants from the wp-config, only the empty value will be stored and there is no way to recover the original password.

    Please make sure you’re using the latest version of the plugin, and you’re looking into the correct database and options.

    I hope this helps!

    Thread Starter motivmedia

    (@motivmedia)

    Hi Sanjeev.
    Are you sure that’s the case? As said, the password remained after setting the constants, after settings apge was reloaded and even after the form was submitted empty, the value remained.

    I definitely had the newest version (installed from repo minutes earlier). Another database would not have the option and there or in the right database there wouldn’t have been the password.

    Don’t get me wrong, the plugin now works like a charm, it’s great! Just wanted to share my finding with you so that you can check. My “problem” is solved as I manually removed the value from the option. Maybe I really did something wrong, but better safe than sorry, that’s why I wrote ??

    Cheers
    Floutsch

    Plugin Author Slava Abakumov

    (@slaffik)

    Hi @motivmedia

    With 1.5.0 release we are removing values from DB when they are set via constants.

    Thread Starter motivmedia

    (@motivmedia)

    Hi.
    I think that might be the best way to do it. No ambiguities ?? Oh, and I checked, this just released! Awesome!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Password remains in database’ is closed to new replies.