Skip to main content
This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.
I've been trying to turn on password encryption for users, but have been having no luck - passwords are still being stored in my db in plaintext. I put the following in _config.php
further digging revealed that is deprecated in 2.4 ... but i have been struggling to find docs to say what I should be doing instead. If anyone could advise me, it would be greatly appreciated!
Passwords should be encrypted by default. If they're not, try adding
to your _config.
You can encrypt all the current plaintext passwords by running http://your-site/dev/tasks/EncryptAllPasswordsTask
Thanks for the reply, unfortunately I've tried what you've suggested and it doesn't seem to have had any impact. I added a new member afterward (through the admin cms) and the password was still stored in plaintext.
I have got default admin user set up ... would that have any impact?
If you're using 2.4.0 (or 2.4.1 IIRC), then that is a problem. There was a slight bug that caused the default admin to use plaintext passwords.
d'oh! Now I feel stupid :-(
thanks for the tip, sorted that problem now!