Storing a password for use with a WordPress plugin

I’m writing my first WordPress plugin which will be a newsletter-type plugin. It’ll continuously add members who fill out a form to a database table that keeps track of the following:

  • cell ID
  • Time
  • MemberName
  • MemberEmail.

When I send out the email to the newsletter participants, I want to send it using SMTP. Is there a way I can store a single $smtp_password in one of my plugin’s php files without having it be available to the public? Or maybe store the password in the SQL database, but I don’t think creating an entirely new table for it would be necessary, right?

How would you store a simple password?

1 Answer
1

If you store the password in the PHP, it will be accessible to anyone who has the PHP (i.e. anyone who has the plugin). If you store it in the database, it will be accessible to anyone who has direct access to the database (i.e. anyone who installs the plugin and knows how to use phpMyAdmin).

However, to store a simple password for a plugin, I’d use a WordPress option. This allows you to easily retrieve the password with code and makes things very flexible. It also allows you to let the user change the stored password if necessary.

// Retrieving the password
$smtp_password = get_option( 'my_smtp_password' );

// Setting the password
update_option( 'my_smtp_password', $new_smtp_password );

Just don’t use your regular email password for this. I recommend you set up a dedicated email account for your site to send messages through and keep both the name and password separate from anything you use personally.

Leave a Comment