WS Form PRO can encrypt your form submissions. It features:
- HKDF-SHA256 keys
- AES-256-CTR encryption
Submission meta data is encrypted and decrypted seamlessly without any need for additional coding. Files uploaded to server (File upload and signature fields) are not encrypted.
- PHP 5.6+
- OpenSSL (Enabled by default in PHP 5.6+)
Enabling Data Encryption
To enable data encryption:
- Ensure your website is secured using SSL. Read more.
- Click ‘Settings’ from the WordPress administration menu.
- Click on the ‘Data’ tab.
- Add the provided code to your wp-config.php file. We recommend adding this code just below the Authentication Unique Keys and Salts section of the file. Always ensure the file permissions of your wp-config.php file are secure. If you are unfamiliar with this file we recommend that you read Editing wp-config.php first. The key provided on the data tab will change each time it is loaded, but you can copy it at any point for use in your wp-config.php file. You must use the provided key as it is specifically formatted to be used with the php-encryption library.
- Once you have installed the code, refresh the settings page and WS Form PRO will show that the key has been correctly installed. Note that WS Form will NOT show this same key again if you remove the key from wp-config.php so you may wish to keep a copy of this key in a separate secure location.
- Enable data encryption by checking the ‘Enable Data Encryption’ setting.
- Click ‘Save’ to save the settings.
Only submissions made after the point at which data encryption is enabled will be encrypted.
- Data exported from WS Form PRO to a CSV file is not encrypted.
- Action such as Webhook or any other third party integration will not send encrypted data.
- Emails sent from WS Form PRO are sent using the standard wp_mail function and the data is therefore unencrypted. It is your responsibility to secure your email communication if you plan on sending email acknowledgements.
- Files uploaded to server (File upload and signature fields) are not encrypted.
- Additional CPU time is required for encrypting and decrypting form submissions.
- Additional database storage space is required for each encrypted submitted field.
- Duplicate field value lookups cannot be used with encryption enabled.
The encryption system uses the popular php-encryption library developed by Taylor Hornby and Scott Arciszewski as well as numerous open-source contributors.