Membership Plugin

WordPress Membership Plugin

You are here: Home

argontv

Forum Replies Created

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • December 9, 2020 at 3:36 am in reply to: Password In Cleartext #21681
    argontv
    Participant

    Thank you so much for the explanation.

    I am very pleased to hear that passwords are encrypted as you explained.

    I would have been shocked had it not.

    I have made the password email merge tag change and tested and agree that once edited it does not send the password.

    Thank you for the explanation.

    I might suggest that you have on your documentation an explanation about this, so that your users understand the potential risk of sending cleartext passwords.

    Thank you for helping me with this and you can now mark this as closed.

    Much appreciated.

    Tim

    December 9, 2020 at 2:48 am in reply to: Password In Cleartext #21678
    argontv
    Participant

    Thank you for your reply.

    While 2 step authentication is a help, this does not solve the issue.

    The big issue is that the passwords are sent to the member in cleartext format.

    This means that they can be intercepted.

    This is a security risk for all parties concerned.

    It would be much better if the passwords are completely encrypted at your end and never send to the member.

    Tim

    December 8, 2020 at 3:53 am in reply to: Password In Cleartext #21676
    argontv
    Participant

    Thank you for your reply.

    The issue here is that if a password is sent by email in cleartext, it is open to hacking.

    I did some research on this and the security risk appears to be in 2 areas:

    1: the email can be intercepted and the password discoverable;
    2: hackers can drill into the database you have and suck out all the passwords and email addresses.

    It would seem this happens on a regular basis to many big companies and is a well known issue and that encryption can prevent it.

    I am not a programmer of any kind, but it seems very odd to me that a plugin so prestigious as SMP would have use this system.

    I am also aware from searching the forum, that it has been discussed before, however I don’t find any solutions to it.

    Can you comment on the security of this as you see it and what can be done to protect my members. I have actually had 2 people unsubscribe in the last month due to this issue and I want to offer a secure site.

    I am not being critical in any way, but asking with a view to help improve.

    Thank you so much in advance

    Tim

    November 26, 2020 at 9:08 pm in reply to: Restricted Post (Not Logged-in) Formatting Issue #21590
    argontv
    Participant

    Thank you for your reply…

    I did some further testing and noticed that this issue seems to happen when I am logged into WordPress as an administrator.

    If I log out, then it would appear that as a guest I don’t see it.

    If you want to check it the site is https://argontv.com

    Thank you

    Tim

    November 25, 2020 at 2:48 am in reply to: Restricted Post (Not Logged-in) Formatting Issue #21580
    argontv
    Participant

    Thank you for your answer, I appreciate your time, however it doesn’t help…

    I am not a CSS programmer and I think I should not have to be to add two lines of whit space.

    If you know CSS, could you assist by letting me know what code I need to use and where I put it,

    Thank you so much

    Tim

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)