---
date: 2024-03-08T17:12:17+00:00
modified: 2024-03-09T09:18:54+00:00
permalink: https://kaspars.net/note/mastodon-social-112030541250691706
post_type: note
author:
  name: Kaspars
  avatar: https://reverse.kaspars.net/gravatar/avatar/92bfcd3a8c3a21a033a6484d32c25a40b113ec6891f674336081513d5c98ef76?s=96&d=mm&r=g
---

# On March 3, 2024 at 07:19

[@janboddez](https://indieweb.social/@janboddez) There are a few individuals and companies who are batch-submitting “vulnerability reports” that rely on DB read access. Plugins storing any kind of secrets in WP options are all targeted.

I do understand the benefits of encrypting those secrets but that would require asking site owners to update wp-config.php which is the only “safe” place to store secrets in WP. Imagine each plugin asking for its own constant…