Why is database password stored in plain text in wp-config.php in WordPress, security issue?
I wonder why the database password and login data is stored in plain text in the
wp-config.php file. Isn’t this a security issue and is it good practice to solve it?
I am not a pro concerning security but what I have learned is, that a first security step would be to store the password, not as plain text. Second, use another file to store the password in. And I know that up to date security uses hashing including salting the password.
Or are there any other security measures installed I do not know of?