Is the data in a QR code encrypted?

No. A QR code stores plain text as a pattern of squares, with no encryption and no key. Anyone who scans it reads exactly what was encoded. The squares look cryptic to a human eye, but to any scanner they are a simple, open message. Treat a QR code as something written in the clear.

Does a WiFi QR code expose my password?

To anyone who scans it, yes. A WiFi QR code contains your network name and password as readable text so a phone can join automatically. That is convenient for guests, but it means the password is recoverable by anyone who scans or photographs the code, so place and share it accordingly.

Can a QR code itself contain a virus?

Not really, because it is just text. The risk is where the text points. A QR code holding a link can send you to a malicious site, and one holding WiFi or contact data can prefill an action. The code cannot run code by itself; the danger is trusting where it leads, so check the destination before acting.

How much data can a QR code hold?

A lot more than people expect. The largest version can store several thousand characters of text, around 4,000 alphanumeric or 7,000 digits. Most everyday codes hold far less, a short URL or a line of WiFi details, which keeps the pattern simpler and easier to scan reliably.

What is actually inside a QR code (and what a WiFi code reveals)

6 min read June 12, 2026

qr codewifiprivacyencoding

A QR code stores plain text as a grid of squares: a URL, WiFi credentials, a contact card. Nothing is encrypted. Anyone who scans it reads exactly what you put in, which is worth knowing before you print one.

A QR code looks like noise, a little maze of black and white squares that means nothing until a phone points at it. That appearance fools people into thinking it is some kind of secret encoding. It is not. A QR code is plain text drawn as a grid, readable by any scanner, and knowing what is really inside one changes how you think about printing and sharing them, especially the WiFi kind.

TL;DR: A QR code is just text stored as a pattern of squares: a link, WiFi credentials, a contact card, in the open with no encryption. Anyone who scans it reads exactly what you put in. That is fine for a menu link, and worth thinking about for a WiFi code, which hands your network password to whoever scans it.

A QR code is text in a visual costume

Underneath the squares, a QR code holds characters, the same letters, digits and symbols you type. The pattern is a way of drawing that text so a camera can read it back quickly and reliably, even at an angle or partly smudged. The corner squares help the scanner find and orient the code; the rest of the grid is the message plus error-correction data that lets it survive a bit of damage. That is the entire trick.

So a QR code is not a language or a cipher. It is text wearing a costume that machines read better than humans. When your phone scans one and shows a link, it did not decrypt anything. It read the text encoded in the squares and displayed it. The cryptic look is for the camera’s benefit, not to keep the contents from you, which means the contents are not kept from anyone.

Nothing in it is secret

Because a QR code is open text, there is no key, no password on the code itself, and no encryption. Whatever you encode is readable by every scanner that sees it. A code with a URL holds that URL in the clear. A contact code holds the name, phone and email as plain fields. A WiFi code holds the network name and the password, spelled out.

This is usually fine and is the whole point: a poster code that opens your menu is meant to be public. The trouble only starts when people assume the squares hide something. They do not. If you would not write the contents on a sign in plain words, do not put them in a QR code and treat the squares as cover. The code is the sign; the squares are just a font your phone can read.

What a WiFi QR code actually shares

The WiFi QR code is where this matters most, because it is so handy that the exposure is easy to miss. The code contains your network name and your WiFi password as readable text, so a guest’s phone can read it and join without typing. Convenient, and also the catch: anyone who scans that code, or photographs it to scan later, now has your WiFi password.

For a café or a guest network that is meant to be shared, that is exactly what you want. For your home or office network, think about where the code lives. A WiFi code taped to a window faces the street; one posted in a public photo is readable by anyone who saves the image. A guest network keeps the convenience without handing out the keys to everything else on your main one. You can create a WiFi code, and read what is encoded in any code you are handed, with a WiFi QR generator at qr.hivly.net so you know exactly what you are putting on the wall.

The real risk is the destination, not the code

A QR code cannot carry a virus, because it is only text and cannot run anything on its own. The risk is not the squares; it is where they point. A code holding a link can send you to a convincing fake login page. A code holding contact or WiFi data can prefill an action you did not intend. The attack is misdirection, getting you to trust a destination because a code, which feels neutral and machine-made, suggested it.

The defense is simple and the same one you use with any link. Before you act, look at where the code leads. A good scanner shows you the URL or the details first and waits for you to confirm, rather than opening them automatically. Scan, read what it actually says, and decide, the same caution you would apply to a link in an email from a stranger. The squares earn no extra trust just for looking technical.

Try the qr code toolsGenerate styled QR codes for links, WiFi and contacts, scan from camera or image, and make or read codes in bulk.

Frequently asked questions

Is the data in a QR code encrypted?: No. A QR code stores plain text as a pattern of squares, with no encryption and no key. Anyone who scans it reads exactly what was encoded. The squares look cryptic to a human eye, but to any scanner they are a simple, open message. Treat a QR code as something written in the clear.
Does a WiFi QR code expose my password?: To anyone who scans it, yes. A WiFi QR code contains your network name and password as readable text so a phone can join automatically. That is convenient for guests, but it means the password is recoverable by anyone who scans or photographs the code, so place and share it accordingly.
Can a QR code itself contain a virus?: Not really, because it is just text. The risk is where the text points. A QR code holding a link can send you to a malicious site, and one holding WiFi or contact data can prefill an action. The code cannot run code by itself; the danger is trusting where it leads, so check the destination before acting.
How much data can a QR code hold?: A lot more than people expect. The largest version can store several thousand characters of text, around 4,000 alphanumeric or 7,000 digits. Most everyday codes hold far less, a short URL or a line of WiFi details, which keeps the pattern simpler and easier to scan reliably.

Building something bigger?

Hivly is made by CodingEagles, a software studio that ships production web apps. If you have a real project, get in touch.

See what CodingEagles does →