Data EncryptionPRO

Disclaimer: We accept no responsibility for any data loss occurring as a result of using this feature. Losing or deleting the encryption key will result in your submission data being permanently unreadable. Please refer to our Terms of Use for further information.

WS Form PRO can encrypt your form submissions. It features:

  • HKDF-SHA256 keys
  • AES-256-CTR encryption

Submission meta data is encrypted and decrypted seamlessly without any need for additional coding.

Requirements

  • PHP 5.6+
  • OpenSSL (Enabled by default in PHP 5.6+)

Enabling Data Encryption

To enable data encryption:

  1. Ensure your website is secured using SSL. Read more.
  2. Click ‘Settings’ from the WordPress administration menu.
  3. Click on the ‘Data’ tab.
  4. Add the provided code to your wp-config.php file. We recommend adding this code just below the Authentication Unique Keys and Salts section of the file. Always ensure the file permissions of your wp-config.php file are secure. If you are unfamiliar with this file we recommend that you read Editing wp-config.php first. The key provided on the data tab will change each time it is loaded, but you can copy it at any point for use in your wp-config.php file. You must use the provided key as it is specifically formatted to be used with the php-encryption library. DO NOT CHANGE THE KEY ONCE YOU HAVE INSTALLED IT.
  5. Once you have installed the code, refresh the settings page and WS Form PRO will show that the key has been correctly installed.
  6. Enable data encryption by checking the ‘Enable Data Encryption’ setting.
  7. Click ‘Save’ to save the settings.

Only submissions made after the point at which data encryption is enabled will be encrypted.

Data Considerations

  • Data exported from WS Form PRO to a CSV file is no longer encrypted.
  • Emails sent from WS Form PRO are sent using the standard wp_mail function and the data is therefore unencrypted. It is your responsibility to secure your email communication if you plan on sending email acknowledgements.

Performance Considerations

  • Additional CPU time is required for encrypting and decrypting form submissions.
  • Additional database storage space is required for each encrypted submitted field.

The encryption system uses the popular php-encryption library developed by Taylor Hornby and Scott Arciszewski as well as numerous open-source contributors.