[wp-trac] [WordPress Trac] #64789: Security audit for API key storage on the Connectors screen
WordPress Trac
noreply at wordpress.org
Wed Mar 4 20:15:40 UTC 2026
#64789: Security audit for API key storage on the Connectors screen
--------------------------+---------------------
Reporter: gziolo | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 7.0
Component: Security | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+---------------------
Comment (by westonruter):
Replying to [comment:4 gziolo]:
> > The only thing that I think we should fix here is the display in
plaintext in wp-admin/options.php. That's of course not encryption, but a
small tweak we should add in for parity with how these values are
displayed elsewhere.
>
> @jorgefilipecosta is working on the fix in https://github.com/WordPress
/wordpress-develop/pull/11158. He even created a dedicated ticket #64793
for that, as it looks like we will move this one to the 7.1 release.
An alternative to this would be to store all the keys in a single
`connectors_api_keys` option, which would result in them getting stored as
a serialized array, and thus appear as `SERIALIZED DATA` on the
`options.php` screen.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64789#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list