1

I wonder why the database password and login data is stored in plain text in the wp-config.php file. Isn't this a security issue and is it good practice to solve it?

I am not a pro concerning security but what I have learned is, that a first security step would be to store the password not as plain text. Second, use another file to store the password in. And I know that up to date security uses hashing including salting the password.

Or are there any other security measures installed I do not know of?

cabrerahector
  • 3,653
  • 4
  • 16
  • 27
mrks
  • 141
  • 2
  • 15
  • 1
    Another way to look at this is... "how do I avoid storing the password in plain text?". There are many options but, frankly, they mostly just move the problem, rather than actually deal with it. Examples here https://stackoverflow.com/q/97984/1301076 – rjdown Sep 02 '19 at 20:02
  • Are you asking from a development standpoint as well? If so, and if you are using a version control system (which you should be using) such as GIT, then this file and other configuration sensitive files should be ignored from the repository. By doing so, no developer will know the actual password used in the production system. – jasonwubz Sep 02 '19 at 22:45
  • @jasonwubz not yet but good point for the future. – mrks Sep 03 '19 at 07:03

2 Answers2

6

If your users can read your wp-config.php you've already lost from a security perspective.

Let's say the database credentials weren't stored in plain text and were, say, stored as an encrypted string that would be decrypted by Wordpress itself. If the potential attacker can read the wp-config.php they can probably read the decryption key as well as there's no reason to suspect that that would be stored any more securely.

When people talk about how up to date security mechanisms use hashing and salting that is only relevant to when you are the effective server. Hashing is a one way process of taking a password and converting it into something that is impossible to reverse back into the password. If you're a client rather than a server, there's no way to get around the fact that you need to have a way of getting the plain text password.

Doug
  • 3,312
  • 1
  • 24
  • 31
  • My concern is not that users can read the wp-config.php file (which would of course be a fatal security issue) but rather an attacker gaining somehow access to the server. In this case he could just read the wp-config.php and also gets access to the database. Shouldn't that be prevented or are todays servers that secure? – mrks Sep 03 '19 at 07:02
0

When we say to always properly hash user passwords, this means when you store them in the database. When you connect to the database, you need to provide the password (not the hash), so the password is stored in this file.

Because it's a PHP file, if a user attempts to open this file via we server, it wouldn't work because they are just PHP constants. They are not printed to the screen.

You can figure the security by making the database server only accept connections from your server (often localhost) only. Some server setups set the database credentials in environment variables. This doesn't make things anymore secure, but it keeps your wp-config file clean

AKS
  • 4,618
  • 2
  • 29
  • 48