New to the community? Start here

[Branda Pro] Hide the SMTP Password field

0

In case there is a security breach hackers could easily locate the SMTP password and use it for their own purposes. I believe a solution similar like Easy WP SMTP would be better – where once you put password you can’t see it again :)

Mon, 15 May 2023 6:41:15
More Branda Pro discussions
Branda Pro
  • Adam
    • Support Gorilla

    Hi Leonardo

    I hope you’re well today!

    In case of security breach it would still be possible to retrieve the password even if it’s hidden. That’s mostly because such password, unfortunately, has to be stored in the DB in a way that makes it possible to “decrypt” it – even if it’s encrypted (hashed), it has to be symmetric encryption so code could actually read and use password to make connections.

    So the password will still exist somewhat “readable” form in the DB.

    However, hiding it from the configuration page would certainly be an obstacle as it wouldn’t be that easy to get it (and would still require not only getting unauthorized access to the wp-admin itself but also to DB – directly or via some additional script/plugin – and knowing what to look for).

    All in all, I think that even though it’s not really a major security improvement, it still is something worth adding to the plugin so thank you for suggesting it.

    I’ll keep this feature request open so other Members could vote for it but I have also already forwarded it to our Branda Team to look into and consider adding in one of the future updates.

    Best regards,
    Adam