Terrible security practice

  • Bucket keys/info are stored in plain view in the database of each child-site and are common amongst all children from the mainwp dashboard settings.

    This means that if someone gets access to one of your clients sites and are able to read the wp_options table, they have access to all the backups of the other mainwp children sites.

    This need to be rethought.

    I commend the ease of use, but this is just a no go for security reasons.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support tonyrobins

    (@tonyrobins)

    Hi @weetabix

    Thanks for pointing this out.

    Actually we are preparing a new version where the storage credentials will be encrypted in the database.

    The new version should be ready in the next 24 hours(around) and I am going to let you know once it’s live.

    Cheers,

    WPvivid Team

    Plugin Support tonyrobins

    (@tonyrobins)

    Hi @weetabix

    Just a quick update,

    As mentioned earlier, we have released a new version of the extension – 0.9.15 where the storage credentials have been encrypted in the database.

    Please update the extension and check it out. And many thanks again for helping make the plugin better!

    All the best,

    WPvivid Team

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Terrible security practice’ is closed to new replies.