WS Form PRO can encrypt your form submissions. It features:
- HKDF-SHA256 keys
- AES-256-CTR encryption
Submission meta data is encrypted and decrypted seamlessly without any need for additional coding.
- PHP 5.6+
- OpenSSL (Enabled by default in PHP 5.6+)
Enabling Data Encryption
To enable data encryption:
- Ensure your website is secured using SSL. Read more.
- Click ‘Settings’ from the WordPress administration menu.
- Click on the ‘Data’ tab.
- Add the provided code to your wp-config.php file. We recommend adding this code just below the Authentication Unique Keys and Salts section of the file. Always ensure the file permissions of your wp-config.php file are secure. If you are unfamiliar with this file we recommend that you read Editing wp-config.php first. The key provided on the data tab will change each time it is loaded, but you can copy it at any point for use in your wp-config.php file. You must use the provided key as it is specifically formatted to be used with the php-encryption library.
- Once you have installed the code, refresh the settings page and WS Form PRO will show that the key has been correctly installed. Note that WS Form will NOT show this same key again if you remove the key from wp-config.php so you may wish to keep a copy of this key in a separate secure location.
- Enable data encryption by checking the ‘Enable Data Encryption’ setting.
- Click ‘Save’ to save the settings.
Only submissions made after the point at which data encryption is enabled will be encrypted.
- Data exported from WS Form PRO to a CSV file is no longer encrypted.
- Emails sent from WS Form PRO are sent using the standard wp_mail function and the data is therefore unencrypted. It is your responsibility to secure your email communication if you plan on sending email acknowledgements.
- Additional CPU time is required for encrypting and decrypting form submissions.
- Additional database storage space is required for each encrypted submitted field.