I recently created a form for a client who wanted to collect sensitive data from customers. While I don’t recommend that sensitive information be stored on your site, one way that I found to make this information more secure was using the Gravitate Encryption plugin to encrypt the database. (Please keep in mind that there are other ways to help keep data safe that can be used in conjunction with this like an SSL certificate.)
The plugin is fairly simple to use. Install the plugin through the WordPress plugins menu, activate it, and then go to Settings > Gravitate Encryption to configure it. The settings will look like this:
Click on the image for a closer view.
For more information about the different encryption methods available, see this:
Use that “Auto Create Key” button to have a key emailed to you.
Warning: Be sure to keep that key or you will not be able to decipher your entries!
On that same page, you will see a button to run a test to see if the encryption is working. Before you put in your key, you will see that everything is readable, like this:
Once you put in your encryption key that you were emailed into the “Encryption Key” text box, you will get something more like this so you will know the encryption is working.
Plain Text:Here’s My Phone Number (123) 123-1234
Decrypted Text:Here’s My Phone Number (123) 123-1234
Even when the Encryption is working you will still be able to see the entries as you did before. In fact it will seem as nothing has changed. This is because the entries are encrypted in the database and then Decrypted in the admin panel. So essentially it is just protection if someone hack’s your database only. It doesn’t really help much if they hack both the database and your server files. If you are needing more security then that then you would want to use A-Symmetric Encryption without providing the Private Key. However in order to Decrypt the data you will need to hire a Web Programmer to build a Decrypting script that uses the Private Key.*
This plugin also gives you the option of storing data on a remote (more secure) database.
*Contributed by Gravitate
Another option is to use A-Symmetric Encryption and leave the Private Key blank. Then when you need the data go ahead and place in the Private key and save the settings. You should now be able to see the entries in the forms. You can even export the entries to a file. Once you are done doing what you needed to do then Remove the Private Key and make sure to Save the settings again.
If you take advantage of this plugin, I hope you will let me know your findings.
*Also, I’d like to give a special thanks to Gravitate for giving me the information for this post and being super helpful with their support.