Question about security

  • Resolved joy0114

    (@joy0114)


    6 months, 1 week ago

    Hi,

    I’m wondering what the most secure solution is for storing usernames, passwords, and API keys for SMTP accounts.

    In the plugin configuration (i.e., in the database), or in wp-config.php (with permissions 600) ?

    I am only concerned about external risks, as there is only one WordPress administrator.

    Thank you very much in advance for your advice.

    Best regards

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Shahjahan Jewel

    (@techjewel)

    6 months, 1 week ago

    Using wp-config.php is more secure. But we also encrypt your credentials and save to Database. So even your database get compromised the credentials can’t be decrypted unless someone has the WP Salts (which strored in wp-config).

    Thread Starter joy0114

    (@joy0114)

    6 months, 1 week ago

    So that means that database storage is more secure since you have to hack both the database AND the wp-config.php file ?

    Am I wrong ?

    Thread Starter joy0114

    (@joy0114)

    6 months, 1 week ago

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Question about security’ is closed to new replies.