How your site credentials work in The WP Support

When something is wrong with your WordPress site, a technician usually needs a way to log in — your WordPress admin, your hosting panel, FTP, or SSH. We built The WP Support so you can hand that access over without pasting passwords into email or chat.

This article explains, in everyday language, what happens when you save a credential, what your “vault password” is for, how a technician can help you without seeing your secrets sitting in a database, and how you can read back what you saved.

Three passwords people often mix up

There are three different secrets people confuse. Keeping them straight makes everything else easier.

• Your account password for The WP Support. This is what you use to sign in to this website — like any other online account.
• Your vault password. This is a separate password you choose. It only exists to protect the copy of your site credentials that The WP Support stores for you. It is not your WordPress password and not your hosting password.
• Your actual site passwords — WordPress admin, FTP, hosting control panel, and so on. Those go in the “credential details” area when you add a credential.

What “encrypted in your browser” really means

When you click save, your computer scrambles your credential text into a locked package before it is sent to us. We store that package, but we do not receive your vault password, so we cannot open that package the same way you can.

Think of it like this: you put your details in a small box, lock it with a key only you know (your vault password), and mail the locked box to a warehouse. The warehouse can store the box; it cannot read what is inside without your key.

That is why you should use a strong vault password, not reuse it for other sites, and keep it somewhere safe. If you forget it, we cannot “reset” it for you in a way that recovers your old saved credentials — the same way no one can open your locked box without the key.

What you type when you add a credential

You pick a type: WordPress Admin, FTP, SSH, or Hosting Panel. Then you paste or type everything a technician would need in one box — for example the login URL, username, and password, often one item per line. That text is what gets locked before it leaves your device.

You can open your saved list anytime and use “View” to read it back. You will be asked for your vault password again. The details appear on your screen for a short time and then hide automatically, similar to how a technician sees them during a live task.

How a technician can help without your vault password

When you start a rescue task, you are choosing to let an assigned technician access those logins for that job. Your app prepares a separate, time-limited path that is tied to your task — not to your personal vault password.

So the technician does not need to know your vault password. They only see what they need while the task is active, under strict rules (for example short on-screen windows and limits on how often access can be requested). Your account activity can show that access happened, so you are not left guessing.

Is this the same as a password manager?

Not exactly. Many people already keep passwords in a password manager or with their host. The WP Support’s vault is specifically for sharing access with our team during a rescue — with encryption, logging, and short-lived display — instead of sending secrets through insecure channels.

You can still use a password manager for everything else. Just remember your vault password is the one that locks the copy you keep inside The WP Support.

Quick recap

• Your site passwords go in credential details; your vault password locks how we store them.
• We store a locked package, not your readable passwords, on our side.
• Technicians use a task-based, time-limited flow; they do not use your vault password.
• Use “View” on a credential, plus your vault password, when you want to read back what you saved.