How can I save a password securely as a settings field

Don’t do it? Passwords meant to be remembered not stored, and once you store them in extractable format (i.e. without hashing or other sort of many to one transformation) they become a less effective security measure.

As with any security related question, you have to start with defining what is it that you trying to protect against and only then you can decide how to set up your protection. If you store the password on your own hardware at home there is probably no problem with storing them as plain text (not much more then storing them in an excel file) but if you store it in some free hosting and you are in the habit of installing plugins without doing a security audit then probably nothing you can think of will be secure enough.

Related Posts:

  1. Using password protection to load different page elements?
  2. How to store username and password to API in wordpress option DB?
  3. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  4. How to properly validate data from $_GET or $_REQUEST using WordPress functions?
  5. Nonces can be reused multiple times? Bug / Security issue?
  6. Can someone explain what wp_session_tokens are, and what are they used for?
  7. WordPress and PHP Sessions – Security and Performance
  8. What is the difference between esc_html and wp_filter_nohtml_kses?
  9. Nonce in settings API with tabbed navigation
  10. Log in from one wordpress website to another wordpress website
  11. Problems after wp_set_password() containing an apostrophe
  12. Escaping built-in WP function return strings
  13. What is the difference between strip_tags and wp_filter_nohtml_kses?
  14. What are the default WordPress password requirements?
  15. WP Cron doesn’t save or in post body
  16. How to use wp_set_password in a plugin?
  17. WordPress restrict plugin file direct access
  18. Plugin development: is adding empty index.php files necessary?
  19. Confusion on WP Nonce usage in my Plugin
  20. WordPress password reset – why post rp_key?
  21. Coding a plugin on WordPress; when should I sanitize? [duplicate]
  22. Correct way check nonce (security) using old Options API
  23. Why do I need to check if wp_nonce_field() exists before using it
  24. Is there any way to check for user login and send him to login?
  25. WordPress security issue to output data from user input from theme option form
  26. Verify if user is wordpress logged in from another app since wordpress 4.0
  27. Secure Pages Best Practice
  28. wp_insert_user() function password never match
  29. Securing/Escaping Output of file content – reading via fread() in PHP
  30. best way to make a WordPresss multisite that is secure but at the same time supporting my plugin development efforts
  31. Video Security just like facebook [closed]
  32. Is disabling test_form in wp_handle_upload a security concern?
  33. How to connect my wordpress plugin to a remote database securely?
  34. wp_nonce_field displaying twice
  35. Is it necessary to do validation again when retrieving data from database?
  36. Checking a WordPress for OWASP top 10 vulnerabilities [closed]
  37. How do I have now a duplicated user entry if this is not allowed (and I cannot replicate it)?
  38. Add Password Generator on password protected page
  39. add_submenu_page hooked function must explicitly check user capabilities – why?
  40. Are there any security risks when submitting data-attribute data through AJAX?
  41. How to get all product in the woo-commerce? [closed]
  42. Why would you use esc_attr() on internal functions?
  43. Is it possible to use WP-CLI in a plugin (or theme)?
  44. Secruity Questions on a timer
  45. Using HTML links within translatable string
  46. HTML Elements in my WP Plugin being generated in JS. Security and Translated Text Question about this method being used
  47. How to store sensitive user data (passwords)
  48. How do I make secure API calls from my WordPress plugin?
  49. esc_attr() on hard coded string
  50. how to add security questions on wp-registration page and validate it
  51. WordPress Reset password Strength set to medium
  52. Use content filter on the post that is password-protected
  53. Experts opinions needed: How (in)secure is this approach?
  54. What is more secure checking capabilities of user or checking role of user in WordPress plugin development
  55. Data Validation, dynamically generated fields (select for example)
  56. Send retrieve password notification email with custom HTML email template
  57. esc_url, esc_url_raw or sanitize_url?
  58. apply_filters() and call_user_func() to define and call a function outside a class
  59. WP_List_Table Inside Metabox With Bulk Actions Not Working on Submit
  60. Showing results from json-string in WordPress search results page
  61. Can someone explain what’s the use of parse request function in WordPress?
  62. Attaching Image-file to userId
  63. Add parameters to 3rd party callback function
  64. Pass custom props to
  65. How to show only the last two categories in a menu?
  66. wp.media gallery collection sometimes undefined
  67. How to save page URL as a favorite
  68. Getting Post ID at “stylesheet” and “template” hooks
  69. Translations only load from `wp-content/languages/plugins` but not from the plugin’s languages folder
  70. Pass Values in URL on WooCommerce Product Page
  71. Get API auth_token token to renew weekly
  72. Ajax action has 200 status but response of No response data available for this request
  73. How to remove dynamic-css
  74. Custom post type change permalink query
  75. Help to Create a Simple Plugin to make a post
  76. Woocommerce place order update shipping price
  77. escape html in jQuery for WordPress
  78. How to display specific data from a custom table to logged in users with a custom role
  79. Upload product image from frontside for administrator only
  80. wp_schedule_event not executing function call, even with add_action
  81. Progress bar in plugin within admin
  82. add_filter postbox_classes multiple post types
  83. Generating a password-protected front-end page via a plugin
  84. Jquery php request is returning a weird result
  85. $wpbd->insert_id is returning null
  86. I need to combine Pages Listing and Main Menu from frontend in WordPress
  87. WordPress Does not grab the string sends useing AJAX response, wp_ajax hook
  88. Error code when migrate
  89. script seem not load with use wp_enqueue_script
  90. Count products with custom metadata field in an order
  91. Query String Filtering API
  92. Getting incorrect filepath inside custom block front-end output using @wordpress/create-block tutorial
  93. extraprops override existing props
  94. Add custom product data using javascript when add to cart button is clicked
  95. Insert and read media from the WordPress library and call in the plugin
  96. Include external po file for 3th party plugin to theme
  97. Creating a WP plugin and having issues linking CSS stylesheet within functions
  98. Posts form with AJAX request – Plugin development
  99. How to enhance a self developed plugin by its own plugin architecture
  100. Trigger function on Remove block or add new block in Gutenberg JavaScript
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)