WP admin username in page source

  • Resolved mevans567

    (@mevans567)


    7 years, 1 month ago

    Hi,
    We just installed the HubSpot Tracking Code for WordPress v 1.1.2. Thank you for creating it, as it will be very helpful.

    However, when examining the home page source code, I noticed that the username for wp-admin is in the source code, in cleartext.
    Adjacent to the username is an email address related to our domain, also in cleartext.

    This is just really concerning. While we have a strong password, and will rotate it frequently, I simply cannot imagine why these information elements are in cleartext.

    I strongly urge an upgrade so that these elements are either not used, or are encrypted, ASAP.

    Is this security improvement possible? Any idea on timeframe?

    Thank you.

    <!– DO NOT COPY THIS SNIPPET! — HubSpot User Identification Code –>
    <script type=”text/javascript”>
    (function(d,w) {
    w._hsq = w._hsq || [];
    w._hsq.push([“identify”, {
    “email” : “xxxxxx”,
    “name” : “xxxxxxxxxx”,
    “id” : “xxxxxxxxxx”
    }]);
    })(document, window);
    </script>
    <!– End of HubSpot User Identification Code — DO NOT COPY THIS SNIPPET! –>

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter mevans567

    (@mevans567)

    7 years, 1 month ago

    Sorry for the post above.
    I discovered that this is the result of the plugin determining that I, as WP admin, was on the site being tracked by Hubspot while logged in as the WP admin user, so the code is present only in the HTML of the page that that specific user is viewing, and visible only to that user.
    (Hmm, that may not be the most clear explanation, but TL;DR is: my security concern was unfounded, there is no problem.)
    Thank you.

    Plugin Author Gregory Cornelius

    (@gcorne)

    7 years, 1 month ago

    Glad that you figured it out.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘WP admin username in page source’ is closed to new replies.