Home > database >  Does Wordpress encrypt the login-credentials in the browser before they get send to the server?
Does Wordpress encrypt the login-credentials in the browser before they get send to the server?

Time:04-15

I am wondering if someone who hacks a Wordpress site and who installs a Wordpress module on the server is able to read all user credentials from the users who logon. I know the passwords are stored as hash in the database and are more or less useless if they read out, but I mean users who logon as long as a threatening Wordpress module is active.

Does Wordpress send the user login data as clear text to the server (I know that via TLS is the traffic encrypted, but it gets decrypted on the server), or does some hashing or similiar operation already happen in the browser (Challenge-Response) that the user credentials never leave the computer/browser where they got entered?

CodePudding user response:

Does Wordpress send the user login data as clear text?

Yes. Logging in is a pure form post.

Page link:https//www.codepudding.com/database/372542.html

Prev:How do I parse for a dynamic variable based on constant variables in shell?
Next:How to pass initializers for the C template class member in the constructor?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding