Security enhancement: Don’t show password in web interface

  • Resolved theemstra

    (@theemstra)


    7 years, 6 months ago

    Hi!

    It’d be great if the password that has been entered cannot be retrieved from the web interface. As you can see here and here, the password is actually written.

    So my request:
    Please do not load the password from the configuration into the web interface, only allow it to be changed by overwriting the old password.

Viewing 1 replies (of 1 total)
  • Plugin Author David Anderson

    (@davidanderson)

    Hi,

    That would not gain you anything… you’re talking about someone who has access to your UpdraftPlus page as an admin on your WP install. They can already download the WordPress database backup and read it (and everything else) out of there. Or they could use the “Export settings” facility in the “Advanced Tools” tab and get it from there.

    The best thing to do is not give WP admin credentials to people who can’t be trusted. Failing that, you can lock them out of your settings page with this add-on: https://updraftplus.com/shop/lockadmin/ .

    David

Viewing 1 replies (of 1 total)
  • The topic ‘Security enhancement: Don’t show password in web interface’ is closed to new replies.

Tags