Just tested signups after launch and noticed that

Just tested signups after launch and noticed that the passwords are stored in plaintext, and sent to the new user in plaintext. Is this by design or is there a setting somewhere I can modify to encrypt these passwords?

Had a junior dev at my dayjob sign up as well and made a comment lol.

Thanks!
Derek

  • Ash

    Hello @dkean

    Welcome to WPMU community!

    I hope you are well today and thanks for asking the question.

    WordPress never store passwords in plain text. if you see plain text in the database, then no one should not be able to login.

    About the email, the username and password sent by wordpress, not membership plugin. WordPress sends the password, before storing into the database. So it leave no clue of the password in the plain text :slight_smile:

    In default wordpress registration, there is no place to give password. So, it generates some random password, sends to user, encrypt with md5 and store into the database.

    Hope it helps :slight_smile: Please feel free to ask more question if you have any.

    Cheers
    Ash

  • Ash

    Hello @dkean

    I hope you are well today.

    As I said, WordPress sends an email when someone registers in your site. Would you please disable membership plugin and register an user to check if any email with password is sent? We can filter the default email too, but we just want to confirm that you are getting default email or email from this plugin.

    Also, would you please post a screenshot of the email that you received after registration?

    Cheers
    Ash

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.