Way to hide the API key on our sites?

  • Resolved dangrimes

    (@damonmaldonado)


    4 months, 1 week ago

    Good morning! One thing I’ve noticed with the plugin is that it in pain view shows the API key in our settings meaning any user can go in and see that and copy it to use on their own sites.

    Most plugins hide this key with asterisks/etc. but for some reason the akismet plugin shows the key in plain site. Is this something we can change or maybe a possible feature request? I find it to be not very secure having this key available for anyone to see.

    I do know we can block access to URL’s in the settings on the akismet website in our account, but if we forgot to check this (for example), then another website can make use of our key (since it’s unlimited websites).

    Looking forward to your thoughts, thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author kbrownkd (a11n)

    (@kbrownkd)

    4 months, 1 week ago

    Hi there! Users with the Administrator role should be able to see the plugin settings, including the API key. Since administrators need to have the ability to manage the site’s settings, they need to have access to the API key. However, users with other roles should not be able to access the Akismet settings page.

    Have you noticed that non-administrator users are able to access the Akismet plugin settings on your site?

    Plugin Author Christopher Finke

    (@cfinke)

    1 month, 3 weeks ago

    Closing due to lack of response. @damonmaldonado, if you still need help with this, let us know.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.