Hi,

I use wordpress and other CMS's and all these have plain text passwords in their config files e.g. in wp-config.php

I wonder is this the normal way an administrator would protect security?

I realise its possible to move the wp-config outside of the root web directory, but still if the server itself is compromised, its possible to find the wp-config file and the password inside, then the system is comprimised.

Is there a way to encrypt all passwords on the system, so that in the web applications config files it uses the encrypted pass and not just plain text? Is there a sensible way of keeping plain-text passwords off the server?

PS i use linux vps ubuntu servers

Cheers Ke