Title: Integrate Firebase security
Last modified: October 20, 2023

---

# Integrate Firebase security

 *  [rmanno](https://wordpress.org/support/users/rmanno/)
 * (@rmanno)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/integrate-firebase-security/)
 * The main page for integrate-firebase says this:
 * `If you want a secured implementation, with much more features, check the [Interate Firebase PRO](https://firebase.dalenguyen.me/)
   version.`
 * I was wondering, in what way(s) is Integrate Firebase not secure?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Thread Starter [rmanno](https://wordpress.org/support/users/rmanno/)
 * (@rmanno)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/integrate-firebase-security/#post-17148208)
 * In the absence of a response on this question, I thought I’d reply back with 
   what I’ve found in playing around with the plugin.
 * I found a security issue where the login form will put the email address and 
   password in the URL query params in the address bar if there is an error during
   the login process, leaving the user’s password on full display for all to see.
   I view this as a pretty serious security issue.
 * It is relatively easily remedied. You can either modify the class.shortcodes.
   php file, adding a method=’post ‘ attribute to the <form id=’firebase-login-form’
   > tag. This will prevent the form from modifying the query string when it encounters
   an error.
 * Alternately, if you would prefer not to modify the plugin itself, you can add
   some javascript to your wordpress site which simply adds the attribute to the
   tag programmatically at runtime. I did it by adding the following:
 * jQuery(document).ready(function () {
    jQuery(“#firebase-login-form”).attr(“method”,“
   post”);});
 * I would highly recommend everyone using this plugin to remedy the issue as outlined
   above until the author can release a fixed version of the plugin.
 *  Plugin Author [Dale Nguyen](https://wordpress.org/support/users/hanthuy/)
 * (@hanthuy)
 * [2 years, 7 months ago](https://wordpress.org/support/topic/integrate-firebase-security/#post-17148349)
 * Thanks, [@rmano](https://wordpress.org/support/users/rmano/). I have plugin open
   on Github. It would be great if you can help to improve it. 
   [https://github.com/dalenguyen/firebase-wordpress-plugin](https://github.com/dalenguyen/firebase-wordpress-plugin)

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Integrate Firebase security’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/integrate-firebase.svg)
 * [Integrate Firebase](https://wordpress.org/plugins/integrate-firebase/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/integrate-firebase/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/integrate-firebase/)
 * [Active Topics](https://wordpress.org/support/plugin/integrate-firebase/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/integrate-firebase/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/integrate-firebase/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Dale Nguyen](https://wordpress.org/support/users/hanthuy/)
 * Last activity: [2 years, 7 months ago](https://wordpress.org/support/topic/integrate-firebase-security/#post-17148349)
 * Status: not resolved