Webservice credential storage [duplicate]

Try looking at this: How to store username and password to API in wordpress option DB?

tl;dr:

  • use OAuth, if the web service supports it, or if the web server is run by yoursefl
  • Store the data encrypted in the database, using as encryption wordpress installation-wide unique keys, ad you can see in the link.

Related Posts:

  1. What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
  2. What Are Security Best Practices for WordPress Plugins and Themes? [closed]
  3. Are WordPress Plugins essential?
  4. I found this in a plugin. What does it do? is it dangerous?
  5. What are the common security flaws I need to look for? [closed]
  6. What could a hacker do with my wp-config.php
  7. Why “Contact Form 7” doesn’t update PHPmailer library?
  8. Secure WordPress paid plugin
  9. How to make media upload private? [duplicate]
  10. Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
  11. What does a security risk in a plugin look like?
  12. WordPress Capabilities: edit_user vs edit_users
  13. How to check plugins for malicious code?
  14. Should I install plugins to my WordPress installation from web sites having in URL “nulled” or, “null”?
  15. Disabled plugins are security holes – rumor or reality?
  16. Why am I sometimes getting a 404 error when I try to update a page with Elementor?
  17. Should I use RIPS tool to test my themes and plugins?
  18. Why users disable the WordPress update?
  19. How many security plugins are too many? [closed]
  20. Will WordPress username displayed somewhere in the site?
  21. Upgrading WordPress 4.0 asks for FTP password
  22. Is revealing just the AUTH_KEY a security issue?
  23. How Restrict access to admin dashboard by specific static ip?
  24. When is it useful to use wp_verify_nonce
  25. Protecting against malicious code in WordPress plugin updates
  26. Questions about brute force attacks on the admin username, coming from amazon IP addresses
  27. Why Better WP security plugin returns 418 I’m a Teapot “error”?
  28. How to limit WordPress pages during updates?
  29. rms_unique_wp_mu_pl_fl_nm.php
  30. How can we deal with unmaintained plugins with vulnerabilities?
  31. Security issues with WP sites
  32. Security checking in meta_box save is reluctant?
  33. Escape when echoed
  34. How can I make uploaded images in the editor load with HTTPS?
  35. Can we use a webservice with WordPress?
  36. How To Clean The Malware Infected & Hacked WordPress Websites? [duplicate]
  37. The safest way to automate WordPress backups
  38. wp_create_nonce function doesn’t work inside a plugin?
  39. Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
  40. Upgraded to latest version – 3.0.3 and Now I get a “sufficient permissions to access this page” error
  41. Headers Content-Security-Policy CSP Major Issue
  42. Nonce failing on form submission
  43. Why can’t I access my Intranet LDAPS with NADI?
  44. Hack-Proof OR Security in WordPress — is it real?
  45. I should enable automatic updates?
  46. Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
  47. Security and Must Use Plugins
  48. Is Timthumb still broken? What security measures should be taken?
  49. Prevent direct access to WordPress plugin assets?
  50. Is it safe to use admin-ajax.php in the frontend?
  51. Specific way to allow WordPress users to view their current password? And edit it?
  52. Too many login attempts
  53. Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
  54. How to prevent plugins from sniffing/stealing other plugins’ options?
  55. Custom API plugin to execute 3rd party API to retrieve data
  56. Alternate email sending service – eg: AWS SES [closed]
  57. How to deal with Slow HTTP POST (slowloris) vulnerability
  58. Running multiple security plugins
  59. how do I secure my WP website from hackers? [closed]
  60. Regarding plugin security
  61. How do I determine if the user who registered is not spam?
  62. If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
  63. Is this plugin safe to run?
  64. Is the Block Bad Queries Plugin Still Relevant?
  65. WP Insert Post If user refreshes override new post
  66. Hide plugins and theme from public
  67. WordPress search shows protected content
  68. Security of a WordPress Plugin
  69. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  70. WordPress disable direct access of files in WordPress installation path
  71. Asking help regarding potential malware
  72. prevent anonymous access to WordPress site (non-admin site)
  73. Bing/msn bots is heavily requesting random of my website
  74. CRUD from WordPress to Business Central 365 through OData REST API
  75. “Fire Secure” menu item
  76. Securing a plugin pop-up window
  77. https rewrite not working for All in one security Brute force > rename login url
  78. Building a dynamic web app for questionnaire
  79. GET web api method from a WordPress PHP script
  80. Being hacked. Is there a list of WordPress security holes I can check against?
  81. create web service for android app using wordpress website
  82. How can i see/log all requests coming from a registration form (not from the UI)?
  83. Write mysql credentials in plugin
  84. Site is continuously accessing by several IPs
  85. using .htaccess only for wordpress security no plugins
  86. SWF in wordpress post
  87. Unwanted Links and Spam WordPress Pages and Posts
  88. File permissions for wp-minify plugin
  89. What is the recommended way to be notified of security updates to my plugins? [closed]
  90. Creating a full business website
  91. How I can hide my wp folders from Inspect Element (Developer Tools)
  92. How to Find WordPress site has backdoor login Codes
  93. How to delete Password Protected posts cookies when a user logged out from the site
  94. Auto-scroll to beginning of accordion item
  95. Stop the user if login from the cookies
  96. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  97. Block Root REST API Route using custom &/or iThemes
  98. How to fix a Wordfence scan that doesn’t finish?
  99. WordPress.Security.NonceVerification.Recommended
  100. Secure way to add JS Script to WordPress filesystem