Why are my email SMTP PWs wiped out?

  • Resolved mobizma

    (@mobizma)


    8 months, 2 weeks ago

    Sadly, more than once in the past year, across my various websites, for no fault of my doing, the plugin simply wipes out my long secure passwords (PWs), so no emails get sent and I am not notified of this failure by plugin and only learn of it if cannot login (use an email 2FA and do not receive login code) …

    Or if an angry customer emails me since their TY email is not sent!

    No idea why this occurs. Just out of the blue and PW are gone. Replaces by 5 stars.

    I tried adding to my config file, but 1 email works. If I add 3 more – fatal errors and the entire plugin goes screen of death in stats and logs.

    For example:

    Warning: Constant FLUENTMAIL_SMTP_USERNAME already defined in?/home/….com/public_html/wp-config.php?on line?87

    Warning: Constant FLUENTMAIL_SMTP_PASSWORD already defined in?/home/….com/public_html/wp-config.php?on line?88

    I had to remove the 3 email records from wp-config to restore your plugin and the issues it caused with clearing redis cache from my top admin bar. Something about an excaped <br>.
    Never ever before had I any issues clearing my cache.

    I reset it to the DB saving and finally see stats and the send email summary settings etc.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Amimul Ihsan Mahdi

    (@amimulihsanmahdi)

    Hello there,

    Please ensure that your WordPress salt hasn’t been modified by any security or third-party plugins. To ensure the safety of your password/secret key, FluentSMTP encrypts them before storing and utilizes WP SALT keys (specified in wp-config.php) for encryption and decryption. Consequently, if your SALT keys have been altered, your password will become invalid.

    Thank you

    Thread Starter mobizma

    (@mobizma)

    Not even an apology for damages you cause, due to failing to warn users that if WP salt changes, all their configured emails will FAIL to send and function.

    SALT SHAKER or other plugins for WP security are a GOOD thing for SAFETY.

    You are basically saying we should lower and COMPROMISE our site & server’s security for your plugin?!

    Much smarter if YOU alter your code to have it re-check for salt changes and then re-encrypt the email data instead of destroying the email PWs set up in your plugin, by changing my email’s PW to God-knows-what.

    I imagine this is why people give you a 1-star rating, thinking your plugin no longer works…
    And move to using a competitor one!

    Because one bright day the email got corrupted for no reason out of thin air.

    You should WARN users about salt issue and you don’t do that.

    This semi-reply of yours still does not address the 2nd issue:
    WHY I can only enter into wp-config.php file 1 single email [email, PW] set and when I add more to config file it destroys entire log display [all vanishes], settings, and all not functioning till the additional records are removed from config file??? This IS a bug, regardless of salts. I used same email&PW sets all correct, but it throws an error in WP top admin bar of a missing ‘br>’. Dev had no opening one in my config file.

    Plugin Author Shahjahan Jewel

    (@techjewel)

    Hello @mobizma,

    As we stated, we encrypt the SMTP credentials and use the salts as key for this encryption / decryption. Plugins should not store the SMTP credentials directly to the database.

    I am not sure why you ever need to regenerate the salts unless you get hacked. There is a very good technical article about it here. Please read: https://snicco.io/blog/wordpress-salts

    About the 2nd part of your question: Yes, we only allow one SMTP credential for each driver to store in wp-config.php and that is by design.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Why are my email SMTP PWs wiped out?’ is closed to new replies.