[Plugin: SB Welcome Email Editor] Plaintext Password Storage | ww.wp.xz.cn

rmckenna
(@rmckenna)

14 years, 10 months ago

Why does this plugin store the user’s password in the usermeta table in plaintext? Isn’t the whole purpose of md5 hash to prevent access to passwords as opposed to storing in plaintext?

http://ww.wp.xz.cn/extend/plugins/welcome-email-editor/

Viewing 1 replies (of 1 total)

Sean Barton
(@seanbarton)

14 years, 10 months ago

Hi rmckenna,

WordPress stores it’s passwords as MD5’d strings because the idea is you put the password in and never get it out. Note the password reminder system within WordPress itself is actually one of those systems that forces you to change it once you confirm your email address. My system will literally send out the (current) password again if you opt to within the admin pages and the only way of doing this is to store the passwords in plaintext. Only administrator users have access to the resend email pages and even then they can’t see the user passwords… it’s merely a back end thing.

Any more questions by all means let me know. I would be happy to address any concerns you might have.

thanks
Sean

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: SB Welcome Email Editor] Plaintext Password Storage’ is closed to new replies.

1 reply
2 participants
Last reply from: Sean Barton
Last activity: 14 years, 10 months ago
Status: not resolved