Read SGS_ENCRYPTION_KEY from constant instead of file

  • Resolved luistar15

    (@luistar15)


    1 year, 4 months ago

    Is there any issues for reading the value for SGS_ENCRYPTION_KEY directly from a constant?

    My project is under a git repository and I don’t want to pollute the .gitignore with entries, for this reason instead of storing the value in wp-content/sgs_encrypt_key.php it would be more convenient to use a constant in wp-config.php.

    So I have modified the code to allow this behavior. Basically I copied the generated value from sgs_encrypt_key.php and put it in a constant in wp-config.php

    define( 'SGS_ENCRYPTION_KEY', '...' );

    I known there is a proper way of implementing this, but for now I have hacked the code (here is the diff):
    https://gist.github.com/luistar15/6cec794a6241dc00f73671eab5e42bef

Viewing 1 replies (of 1 total)
  • Plugin Support daniellaivanova

    (@daniellaivanova)

    Hello @luistar15,

    Defining the encryption key in a wp-config.php file is something that we purposely avoid because it is considered a security breach. Besides that, it is not a good idea to declare it as a constant in the configuration file because another plugin might interfere with it and cause unwanted behaviour.

    Instead, you can consider moving the sgs_encrypt_key.php file to a more convenient location and then defining the new path to the encryption file by using the SGS_ENCRYPTION_KEY_FILE_PATH variable.

    Best regards,
    Daniela Ivanova

Viewing 1 replies (of 1 total)
  • The topic ‘Read SGS_ENCRYPTION_KEY from constant instead of file’ is closed to new replies.