How can I save a password securely as a settings field

Don’t do it? Passwords meant to be remembered not stored, and once you store them in extractable format (i.e. without hashing or other sort of many to one transformation) they become a less effective security measure.

As with any security related question, you have to start with defining what is it that you trying to protect against and only then you can decide how to set up your protection. If you store the password on your own hardware at home there is probably no problem with storing them as plain text (not much more then storing them in an excel file) but if you store it in some free hosting and you are in the habit of installing plugins without doing a security audit then probably nothing you can think of will be secure enough.

Related Posts:

  1. Using password protection to load different page elements?
  2. How to store username and password to API in wordpress option DB?
  3. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  4. How to properly validate data from $_GET or $_REQUEST using WordPress functions?
  5. Nonces can be reused multiple times? Bug / Security issue?
  6. Can someone explain what wp_session_tokens are, and what are they used for?
  7. WordPress and PHP Sessions – Security and Performance
  8. What is the difference between esc_html and wp_filter_nohtml_kses?
  9. Nonce in settings API with tabbed navigation
  10. Log in from one wordpress website to another wordpress website
  11. Problems after wp_set_password() containing an apostrophe
  12. Escaping built-in WP function return strings
  13. What is the difference between strip_tags and wp_filter_nohtml_kses?
  14. What are the default WordPress password requirements?
  15. WP Cron doesn’t save or in post body
  16. How to use wp_set_password in a plugin?
  17. WordPress restrict plugin file direct access
  18. Plugin development: is adding empty index.php files necessary?
  19. Confusion on WP Nonce usage in my Plugin
  20. WordPress password reset – why post rp_key?
  21. Coding a plugin on WordPress; when should I sanitize? [duplicate]
  22. Correct way check nonce (security) using old Options API
  23. Why do I need to check if wp_nonce_field() exists before using it
  24. Is there any way to check for user login and send him to login?
  25. WordPress security issue to output data from user input from theme option form
  26. Verify if user is wordpress logged in from another app since wordpress 4.0
  27. Secure Pages Best Practice
  28. wp_insert_user() function password never match
  29. Securing/Escaping Output of file content – reading via fread() in PHP
  30. best way to make a WordPresss multisite that is secure but at the same time supporting my plugin development efforts
  31. Video Security just like facebook [closed]
  32. Is disabling test_form in wp_handle_upload a security concern?
  33. How to connect my wordpress plugin to a remote database securely?
  34. wp_nonce_field displaying twice
  35. Is it necessary to do validation again when retrieving data from database?
  36. Checking a WordPress for OWASP top 10 vulnerabilities [closed]
  37. How do I have now a duplicated user entry if this is not allowed (and I cannot replicate it)?
  38. Add Password Generator on password protected page
  39. add_submenu_page hooked function must explicitly check user capabilities – why?
  40. Are there any security risks when submitting data-attribute data through AJAX?
  41. How to get all product in the woo-commerce? [closed]
  42. Why would you use esc_attr() on internal functions?
  43. Is it possible to use WP-CLI in a plugin (or theme)?
  44. Secruity Questions on a timer
  45. Using HTML links within translatable string
  46. HTML Elements in my WP Plugin being generated in JS. Security and Translated Text Question about this method being used
  47. How to store sensitive user data (passwords)
  48. How do I make secure API calls from my WordPress plugin?
  49. esc_attr() on hard coded string
  50. how to add security questions on wp-registration page and validate it
  51. WordPress Reset password Strength set to medium
  52. Use content filter on the post that is password-protected
  53. Experts opinions needed: How (in)secure is this approach?
  54. What is more secure checking capabilities of user or checking role of user in WordPress plugin development
  55. Data Validation, dynamically generated fields (select for example)
  56. Send retrieve password notification email with custom HTML email template
  57. esc_url, esc_url_raw or sanitize_url?
  58. Is there any plugin development framework
  59. Is wp-content/install.php a Drop-in?
  60. Handling results from data hooked into admin_post
  61. get_template_part from plugin
  62. Edit or Remove Plugin .htaccess Using The Admin Panel
  63. How to create collections that are edited in admin?
  64. How can i list current author’s categories?
  65. Rest Api How to get results of child categories with one api call
  66. How to store accumulate multiple option values in a single array using Options_API
  67. Add Post and Comments menu no longer visible
  68. What parameter should I pass to wp_enqueue_style to depend on the themes stylesheet?
  69. How do I obtain a list of categories assigned to the current post?
  70. Modify hard-coded conditionals for roles to custom roles
  71. Does wp_login only trigger before an user signs in into the admin panel?
  72. How to access noticeOperations from withNotices
  73. jQuery in WordPress Plugin
  74. Why is my plugin version 0.1?
  75. How to include jQuery into my plugin so I can use it on plugin page?
  76. Apply function to update_option Variable
  77. Duplicate shipping method logic to another shipping method [closed]
  78. REST Endpoint API 404
  79. Add a custom menu item that supports wildcards
  80. jQuery UI tab does not work in the plugin page
  81. Plugin to create Posts and Forums then choose category and parent forum
  82. Adding Permalink to Slides with ‘Simple Nivo Slider’ plugin?
  83. Include external po file for 3th party plugin to theme
  84. Adding the image selector/uploader to an admin back page
  85. setTimeout not working in jquery
  86. How to invalidate `password reset key` after being used
  87. How do I show the HTML descrption in wordpress photo gallery for my individual gallery pages?
  88. Javascript scroll eventHandler only working when I’m logged in in WordPress
  89. Add language localisation to javascript alert?
  90. redirect_to how to make it simply work with get parameter or similar?
  91. cancel place order proccess
  92. How I can give access to my custom plugin for editor roles user?
  93. Testing Plugins for Multisite
  94. WP: adding Javascript to specific woo commerce pages
  95. Calling dynamic_sidebar in plugin gives error
  96. Best way to handle a form post in plugin
  97. How To Remove The Filter That Adds JetPack Related Content To Dom [closed]
  98. Fixing plugin for wpdb::prepare
  99. Directory to store secure file
  100. WordPress plugin boilerplate AJAX functionality
tech