How do I safely allow the user to enter the API key of an external application into a Wordpress plugin?

Question

How do I safely allow the user to enter the API key of an external application into a Wordpress plugin?

I am creating a Wordpress plugin that will allow a custom button to be displayed on a page.

I have a job with a simple HTML dump using the Wordpress shortcode method. Here's the problem I'm running into: I want the user to be able to customize the button name, quantity, and other options. All this can be done with a shortcode that will send parameters to our external site API and generate a button. However, I also have to let them connect their button using their API key from our service. It cannot be stored in plaintext because it can be used maliciously if compromised. Is there a good way to let the user enter sensitive information like this but not store it in plain text?

+3

security php wordpress

Mellop 13 Feb 13 at 19:56

source to share

1 answer

Jrod · Accepted Answer · 2013-02-13T20:15:27+0000

I would use wordpress built-in functions to handle passwords.

http://codex.wordpress.org/Function_Reference/wp_hash_password

If you already have a plugins page where a user can customize your plugin, that would be a good place to enter the input to enter their api key. Once they save the settings, you can run the hashing and then store the hash in the database.

How do I safely allow the user to enter the API key of an external application into a Wordpress plugin?

More articles: