diff --git a/includes/abstracts/abstract-wc-settings-api.php b/includes/abstracts/abstract-wc-settings-api.php
index 126178c2322..088ae95d105 100644
--- a/includes/abstracts/abstract-wc-settings-api.php
+++ b/includes/abstracts/abstract-wc-settings-api.php
@@ -815,9 +815,7 @@ abstract class WC_Settings_API {
 	}
 
 	/**
-	 * Validate Password Field.
-	 *
-	 * Make sure the data is escaped correctly, etc.
+	 * Validate Password Field. No input sanitization is used to avoid corrupting passwords.
 	 *
 	 * @param  string $key
 	 * @param  string|null $value Posted Value
@@ -825,7 +823,7 @@ abstract class WC_Settings_API {
 	 */
 	public function validate_password_field( $key, $value ) {
 		$value = is_null( $value ) ? '' : $value;
-		return wp_kses_post( trim( stripslashes( $value ) ) );
+		return trim( stripslashes( $value ) );
 	}
 
 	/**
diff --git a/includes/gateways/paypal/includes/settings-paypal.php b/includes/gateways/paypal/includes/settings-paypal.php
index c5a042980aa..8c343690f59 100644
--- a/includes/gateways/paypal/includes/settings-paypal.php
+++ b/includes/gateways/paypal/includes/settings-paypal.php
@@ -127,7 +127,7 @@ return array(
 	),
 	'api_password' => array(
 		'title'       => __( 'API Password', 'woocommerce' ),
-		'type'        => 'text',
+		'type'        => 'password',
 		'description' => __( 'Get your API credentials from PayPal.', 'woocommerce' ),
 		'default'     => '',
 		'desc_tip'    => true,