Hi Danilo Schwabe,
there is no password storage for wordpress instances in the psa - database. Wordpress instances use their own database and YES, these passwords are encrypted.
I understood you very well in the first place and still the answer remains the very same.My question is rather about the following when saving the PWs in the WP Toolkit:
Hi Danilo Schwabe,
pls. remember, that this forum is an ENGLISH - only language forum, so pls. consider to translate your recent post, so that all forum users are able to understand what you write.
Well the password IS already stored in your wordpress - related database, which you are going to access, when you connect the wordpress toolkit with the wordpress instance.I mean what is it good for to have admin access if one cannot access the admin interface directly through the WP toolkit.
Hi Danilo Schwabe,
Well the password IS already stored in your wordpress - related database, which you are going to access, when you connect the wordpress toolkit with the wordpress instance.
I don't know the exact code here, but my answer, that your wordpress password is not stored in the psa - database has to be correct, because I can't find any storage in the psa - database for it.
I can confirm this statement.your wordpress password is not stored in the psa
I can confirm this statement.
WP users passwords are stored in wordpress_XXX database in table XXXX_users as crypted content of user_pass field. For example:
select * from BQE5cB2_users\G
*************************** 1. row ***************************
ID: 1
user_login: jlennon
user_pass: $P$BNk13dPKncXqutEAgDCDutXflwV8wA.
user_nicename: John Lennon
Could you pls. explain, WHY it is relevant for you to know, "HOW Plesk is able to decrypt the stored ( encrypted ) password in the corresponding Wordpress DB" ?how it is possible for Plesk to show the Wordpress admin password in cleartext in Plesk?
Could you pls. explain the ( possible ) issues/errors/problems, when trying to use the link from your Plesk Wordpress Toolkit?As well I'd expect to be logged in directly when clicking on "Log in to Admin Dashboard" with the password that one just saved to the WP toolkit (It says so in the description as well).
What else is it good for to have the password stored here?
Hi Danilo Schwabe,
Could you pls. explain, WHY it is relevant for you to know, "HOW Plesk is able to decrypt the stored ( encrypted ) password in the corresponding Wordpress DB" ?
Could you pls. explain the ( possible ) issues/errors/problems, when trying to use the link from your Plesk Wordpress Toolkit?
Sorry... wrong conclusion. The Plesk Wordpress Toolkit just makes sure, that you use the correct credentials as stored in your existent Wordpress - Database - see it as a sort of "confirmation", pls. - If the credentials are wrong, you will not be logged in. Changing the password will certainly work, due to the fact that the Wordpress Toolkit is able to use the global "admin" MySQL - user, who has access to all databases on your database - server.WP toolkit asks for the admin users password (or the user that one selects)
- If it would be able to decrypt the pw it wouldn't need to ask for the password
We are turning in circles here. You already have the valid answer, that Plesk doesn't store Wordpress - passwords in it's own database.Plesk has to store the password the user then enters somewhere
- Since Plesk is by logic (to point one) not able to decrypt passwords from the WP db: Where is this password stored?
Correct - only if you previously entered the correct admin - username and password, the option "true" is set for further options ( i.e.: changing the password ).The password the user enters does surely not overwrite the current admin password, as one did not tell the WP toolkit to change the password.
- Does it?
It IS secure and ( again as already answered! ), the password is not stored in the Plesk database. You might want to present and discuss all the other possibilities, but this does not change the fact that Plesk does not store the passwords of Wordpress users in its own database.Is it a good idea to show WP admin pws in cleartext or even to make this possible?
- Depending on where and how these PWs are stored this can produce a securtiy issue.
- Admins pws should only be stored in encrypted form, either an ecrypted db or external tools like Keepass.