- This topic has 6 replies, 3 voices, and was last updated 5 years, 6 months ago by
.
-
Posts
-
Good afternoon,
I recently received the following message from one of my subscribers.
Can you comment on it please…
“Upon registration I got an email with my password in cleartext. That means your server is not hashing/salting or encrypting passwords. This is an extremely unsafe practice and shouldn’t be used. Anybody who gains access to your database will have all passwords in cleartext and usernames. Which is extremely risky for all.”
Thank you
Tim Bennett
Hi, what would you like to happen instead? I just want to make sure I understand your question correctly.
Thank you
Thank you for your reply.
The issue here is that if a password is sent by email in cleartext, it is open to hacking.
I did some research on this and the security risk appears to be in 2 areas:
1: the email can be intercepted and the password discoverable;
2: hackers can drill into the database you have and suck out all the passwords and email addresses.It would seem this happens on a regular basis to many big companies and is a well known issue and that encryption can prevent it.
I am not a programmer of any kind, but it seems very odd to me that a plugin so prestigious as SMP would have use this system.
I am also aware from searching the forum, that it has been discussed before, however I don’t find any solutions to it.
Can you comment on the security of this as you see it and what can be done to protect my members. I have actually had 2 people unsubscribe in the last month due to this issue and I want to offer a secure site.
I am not being critical in any way, but asking with a view to help improve.
Thank you so much in advance
Tim
Hi, please read the following documentation. This explains the registration process.
https://simple-membership-plugin.com/membership-registration-process-overview/
If you are concern regarding the password sent via email and would like more security in your site. I recommend the following addon.
https://simple-membership-plugin.com/swpm-two-factor-authentication-addon/
Let me know if the above helps you.
Thank you
Thank you for your reply.
While 2 step authentication is a help, this does not solve the issue.
The big issue is that the passwords are sent to the member in cleartext format.
This means that they can be intercepted.
This is a security risk for all parties concerned.
It would be much better if the passwords are completely encrypted at your end and never send to the member.
Tim
The plugin DOES NOT not save passwords in plain text. SWPM uses the same encrypted password system as the core WordPress system.
What you are seeing is the result of using the {password} email merge tag in the email settings menu. When you use that merge tag, it simply sends to the user whatever they entered in that field by reading the form’s submitted value (it is only available on that registration form submission since it can read the submitted HTTP POST data before it is encrypted and stored). After that point, this field’s value cannot be read anymore.
This {password} email merge tag is a feature that many of our users requested because they want to use it on their site.
For your site, you simply have to go the “Email Settings” menu and remove that merge tag from the email settings to get what you are after.
Let me know if that explanation is clear.
Thank you so much for the explanation.
I am very pleased to hear that passwords are encrypted as you explained.
I would have been shocked had it not.
I have made the password email merge tag change and tested and agree that once edited it does not send the password.
Thank you for the explanation.
I might suggest that you have on your documentation an explanation about this, so that your users understand the potential risk of sending cleartext passwords.
Thank you for helping me with this and you can now mark this as closed.
Much appreciated.
Tim
- You must be logged in to reply to this topic.