Properly encrypt API keys and SMTP passwords | WordPress.org

Resolved Eusebiu Oprinoiu
(@eusebiuoprinoiu)

1 month, 3 weeks ago

Hello!

I just noticed you are using base64 encoding for API keys and SMTP passwords. This is very insecure.
Please consider using a proper encryption method.

You can check this article from Felix Arntz, one of the developers of Google SiteKit, on how this can be achieved:
https://felix-arntz.me/blog/storing-confidential-data-in-wordpress

Viewing 2 replies - 1 through 2 (of 2 total)

Harish Sugandhi
(@harishsugandhi)

1 month, 3 weeks ago

Hello Eusebiu, Harish here,

Thank you so much for bringing this to our attention. Yes, we’ve already evaluated this and have planned to move to a more secure encryption approach. You’ll be able to see these improvements in one of our upcoming releases.

We genuinely appreciate your feedback – it helps us strengthen SureMail and deliver a better experience for everyone. Thank you for using SureMail!

Regards,
Harish.

Thread Starter Eusebiu Oprinoiu
(@eusebiuoprinoiu)

1 month, 3 weeks ago

Thank you, Harish!
I appreciate it. I am looking forward to the update that fixes this.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

2 replies
2 participants
Last reply from: Eusebiu Oprinoiu
Last activity: 1 month, 3 weeks ago
Status: resolved