WS Form PRO can encrypt your form submissions. It features:
- HKDF-SHA256 keys
- AES-256-CTR encryption
Submission meta data is encrypted and decrypted seamlessly without any need for additional coding.
- PHP 5.6+
- OpenSSL (Enabled by default in PHP 5.6+)
Enabling Data Encryption
To enable data encryption:
- Ensure your website is secured using SSL. Read more.
- Click ‘Settings’ from the WordPress administration menu.
- Click on the ‘Data’ tab.
Add the provided code to your wp-config.php file. We recommend adding this code just below the Authentication Unique Keys and Salts section of the file. Always ensure the file permissions of your wp-config.php file are secure. If you are unfamiliar with this file we recommend that you read Editing wp-config.php first. The key provided on the data tab will change each time it is loaded, but you can copy it at any point for use in your wp-config.php file. You must use the provided key as it is specifically formatted to be used with the php-encryption library.DO NOT CHANGE THE KEY ONCE YOU HAVE INSTALLED IT.
- Once you have installed the code, refresh the settings page and WS Form PRO will show that the key has been correctly installed.
- Enable data encryption by checking the ‘Enable Data Encryption’ setting.
- Click ‘Save’ to save the settings.
Only submissions made after the point at which data encryption is enabled will be encrypted.
- Data exported from WS Form PRO to a CSV file is no longer encrypted.
- Emails sent from WS Form PRO are sent using the standard wp_mail function and the data is therefore unencrypted. It is your responsibility to secure your email communication if you plan on sending email acknowledgements.
- Additional CPU time is required for encrypting and decrypting form submissions.
- Additional database storage space is required for each encrypted submitted field.