I connected from a different machine and attempted to log in with a username of Wordpress-user and a password of Wordpress-top-secret-password
I captured the packets in Wireshark and found the password sent in plaintext:
Here is the packet capture file:
wordpress-login-plaintext.pcap
I'm not sure what these long keys are for in the config file, obviously not to protect the login.
Posted by Sam Bowne 2:19 PM 6-17-13
Keys added 2:44 pm