- This topic has 3 replies, 3 voices, and was last updated 4 months ago by Vanessa.
-
Posts
-
Hi Updraft support team,
in reply to the (closed) postI got further questions:
If i connect to UpdraftPlus via the Premium/Addons Tab and save the form, the password does not get exchanged by a “one-time token”. The password could be read in cleartext in the dev tools of the browser.This is critical. Every customer can get the password if he/she only knows a bit about his/her WordPress system. Even if i have setup up 2FA on updraftplus.com i got a bad feeling about the cleartext password.
Every user can install UpdraftPlus on his own/new sites with my license.Is there a workaround to not store the password in cleartext?
Deleting the password is not a choice because then, i can’t update the plugin anymore.Best regards
Your post contains a link that contains a link with wp-admin in it, linking to a WordPress admin dashboard. Such links can only be accessed by someone who is logged into WordPress. If you are wanting us to visit your WordPress admin dashboard, then please make a private reply with the necessary credentials (do not post them in a public post). Otherwise, please post again to confirm that no credentials are needed for us to visit the link.
Hi,
I have been trying to replicate this without success.
Can you provide step by step instructions (as if I have never connect my site to to UpdraftPlus before), telling me what I should expect to see (what you are reporting)
- The topic ‘Premium password in cleartext in the backend’ is closed to new replies.