Hacker News new | comments | show | ask | jobs | submit login

Hi this is Jason, founder of WP Engine.

1. The password is question is stored by WordPress in plaintext on disk.

2. It was transmitted to you inside our SSL-secured support system, because you requested it.

3. We maintain Pingdom reports on all our competitors, so I know for a fact that our uptime and speed is superior, in general.

HOWEVER -- I do NOT DISAGREE with your characterization that you might have seen slowdowns, poor support, etc.. With 1000s of customers, one thing we see all the time is a handful who, for whatever reason, really do have a terrible experience with us at every turn -- technical and human -- and it's just bad.

Of course there's the opposite end of that range of luck, and the huge majority who are happy and don't experience those things in those doses.

It's always frustrating to hear that you've had that experience -- all the more because I'm sure you're not exaggerating.

It's some consolation that we get praised daily on Twitter for just the opposite -- that shows we're not, in fact, just completely awful as you're implying.

But not much, because it always sucks to see even one customer have a series of bad experiences as you have.

Doesn't WordPress support hashed passwords?


I would really like you to elaborate on how "The password is question is stored by WordPress in plaintext on disk"?

If you're referring to the database password that is stored within wp-config.pnp, why is it even the same as the account password? Does the customer even have direct database access? If not, can you explain why the db password is the same and why it isn't a randomly generated pass?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact