Does s2Member store passwords Encrypted??

After the recent Tutsplus/Amember fiasco, where thousands of members usernames, email addresses and passwords were stored in cleartext, rather than encryped by the Amember wordpress plugin, which were maliciously hacked and stiolen. I wanted to make sure that this NEVER happens to my membership site.

So the question is, does s2Member store members sensitive data in cleartext or is it encrypted?? I’m pretty sure that I remember reading something, somewhere about it being encrypted but I just want to reinforce my suspicions and make sure that I have “fire insurance” before my house burns down, so to speak.

Thanks!
Matt

Hello Matthew,

I’m pretty sure s2Member doesn’t store the passwords, instead WordPress does, and WordPress I believe it encrypts it with the MD5 encryption method.

Hope this answers your question. :)

Eduan, thanks for the reply, but… “pretty sure” and “I believe” are more of opinion statements than facts. Is there anyone who can definitively state the facts? Linkedin has a $5 million dollar lawsuit on their hands for a similar issue and I’m “pretty sure” that sucks for them. I don’t want to be up this same creek EVER, if I can help it. Thanks anyway, though.
-Matt

• This reply was modified 4 years, 6 months ago by  Matthew Hobbs.

Hello Matthew,

I understand why you want to make sure.

I once made a post about this in the old forums, but I can’t seem to find it, I do remember I mentioned that s2Member encrypts everything important/private in 2 types of encryption, both very secure.

And I am pretty sure WordPress stores the passwords, s2Member simply adds roles, and functionalities to protect content from or for those roles. Atleast that’s how I understand it.

But I assure you, s2Member is very secure. I have never run into any problems, nor have I seen someone complain. You won’t regret buying it, trust me on that. lol

Hope this helps. :)