Any other way of storing plugin admin data setting

Not really, if you want it to be updatable via a form then the only alternatives are these which I do not recommend:

  • Files, very bad for security, easily stolen
  • Object Cache, while rarely done and esoteric by most peoples standards, if you have an object cache installed such as memcached or redis, and an object drop-in, you could use this. However, this is somewhat ephemeral, and not fully persistent, as well as requiring the installation of server software. This also runs the risk of the user using a caching plugin that caches to the disk, posing a security risk
  • Secure vaults, requires the set up and configuration of additional software on the server, e.g. https://www.vaultproject.io/, as well as a client library. Additionally you might need to store authentication details which lands you back where you started. Few users will be able to use this

I would store it in the database. If the app key and secret are stolen they can be revoked, and a new key/secret saved.

For completeness, there are 2 other alternatives that cannot be updated or set via the browser, both require server level access however to change and set, providing greater security:

  • wp-config.php constants, e.g. define( 'CHRIS_PLUGIN_APP_KEY','XXXXXX' );, this has greater security but can be difficult for users to set
  • Environment variables, define them at the system level not the WordPress level, $_ENV['CHRIS_APP_KEY'], this is potentially the most secure option

Neither of those options can be changed from WordPress however.

Warning: Some people might take this as a cue to try and modify wp-config.php in code, this is extremely bad practice and can easily kill a website, a lot of hosts prevent modifications to that file, and users can place wp-config.php in strange places or do odd things with it.

Related Posts:

  1. Checking if Database Table exists
  2. Staging sites, how do you manage synchronising updates in the DB?
  3. How to get the post publish date outside the loop?
  4. How To Export/Import WordPress (MySQL) Database Properly Via Command-Line?
  5. Using transients in conjunction with memcached
  6. How to define composite keys with dbDelta()
  7. Has parent field in the table wp_term_taxonomy has term_id or term_taxonomy_id
  8. Forcing nickname as display_name in custom edit profile template
  9. Syncing local content with development / staging sites
  10. Export WP database for import using WP-CLI on Vagrant Box
  11. What is the advantage of separating wp_users and wp_usermeta table?
  12. Showing content from another wordpress installation database in the page template loop?
  13. Multiple WP install with same users database
  14. Dynamic data in `wp_register_script` needed
  15. “MySQL server has gone away” since update to 3.8
  16. WordPress page title repeated in SOME pages
  17. Why is $wpdb->get_results failing on certain tables but not others (which have data)?
  18. How to correctly add a table to the WordPress MySQL database
  19. MySQL Syntax Error upon restoring database from backup [closed]
  20. Help running a MySQL query to update all wp_#_options tables in a Multisite install
  21. How to verify password outside WordPress?
  22. Is it safe to convert tables from MyISAM to InnoDB?
  23. Use one WordPress database with multiple instances of one site
  24. Who is responsible for data sanitization in WordPress development?
  25. How do I properly update the WordPress database password?
  26. wpdb_prepare with multiple or condition
  27. $wpdb->insert is not working
  28. WordPress Install and Database on separate hosting?
  29. Moving a site from a temporary domain to the live domain [duplicate]
  30. Error establishing a database connection on Installation
  31. What is this in my tables
  32. what is the best way to store user created data?
  33. WP get stuck with a query on MySQL when the site is resumed
  34. Using GROUP CONCAT in my-sql query with wp_usermeta table
  35. Routine to convert custom post meta from old to new value
  36. How to move the WordPress site Layout from test site to Production site?
  37. Trying to change database tables storage engine to innodb gives error “invalid default value for ‘post_date'”
  38. database connection [closed]
  39. sanitize POST arrays
  40. Your PHP installation appears to be missing the MySQL extension which is required by WordPress
  41. Able to use all admin pages but in the frontend there is a “Error establishing a database connection”-Error
  42. Retrieve data from the database to table such as comments in the admin control panel
  43. Need to store custom user information (many-many relationsips), preferably not as user meta
  44. charset problem with new custom table
  45. Undefined Variable: mysqli error when connecting to database
  46. Localhost to Staging to Development Dynamic WP-CONFIG
  47. WordPress and user security
  48. How to share plugin created database tables between two WordPress sites
  49. How to connect to a remote database in WordPress?
  50. Migrating from PDO using SQLite to clean new install using MySQL
  51. Selectively restoring original posts from a compromised site to a freshly installed WordPress database
  52. Change WordPress URL in sql file via Terminal
  53. $wpdb->insert Giving duplicates
  54. Which data is written and stored in the database when read-only (non-posting, non-commenting) users visit the site?
  55. $wpdb is not initiating
  56. Duplicated site isn’t recognized as a site
  57. My options table is huge. What can I do?
  58. Where is phpMyAdmin inside WordPress?
  59. What can I do when an outside party hacks into my weblog and changes my display name?
  60. Cannot restore wordpress database from sql dump [closed]
  61. WooCommerce: remove sample & dummy data
  62. multiple wordpress installation with shared usertable on an different database
  63. Is database deleted on clicking “reinstall” button in WordPress updates?
  64. wordpress database restore – broken link
  65. 6 random character prefix automatically added to entire DB tables, how / why? [closed]
  66. Insert Custom Data into wpusers
  67. Is my way to change WordPress server is correct?
  68. WordPress database products structure
  69. I cannot find the difference between these wp_capabilities values in wp_usermeta
  70. What unexpected data might be stored in terms table and related tables?
  71. Files on Localhost, Database on Server
  72. No users table in WordPress’s database
  73. Copying blog from root to /folder (Not moving)
  74. Is there any way to monitor a MySQL db and check what has changed?
  75. DB prefix not updating
  76. local wordpress broke after changing URL
  77. pre_get_posts causings DB error when using ( ‘posts_per_page’, -1)?
  78. generate PDF from member information
  79. Is it safe to add INDEX to a column in WordPress database?
  80. Help posting values to DB on submit using $wpdb->query
  81. Restore Old Database Over Newer WP & Plugin Files
  82. wpdb query to insert images in to post/page gallery
  83. Creating a database in my plugin not working
  84. How to create index (sql) to a meta_key?
  85. Not sure what to do next to optimize
  86. Database structure for thousands of posts
  87. get_user_meta and umeta_id
  88. $wpdb not working
  89. Accessing content from third party as native posts in WordPress
  90. Extracted CSV as Array for Custom Query Loop
  91. Hang Up Followed By Can’t select database
  92. One WP Database outside localhost and two connections
  93. Send data to database after redirect (and popping out of iframe)
  94. Fetch data from another site, but the same database
  95. Simple email input store in database
  96. Every time I update or install a plugin I get “Error Establishing a Database Connection in WordPress”
  97. $wpdb->insert not working for last select option
  98. How to create a table [closed]
  99. Upload wordpress from localhost to 000webhost
  100. wp_usermeta key problem