Data EncryptionPRO

Disclaimer: We accept no responsibility for any data loss occurring as a result of using this feature. Losing, changing or deleting the encryption key will result in your submission data being permanently unreadable. Please refer to our Terms of Use for further information.

WS Form PRO can encrypt your form submissions. It features:

  • HKDF-SHA256 keys
  • AES-256-CTR encryption

Submission meta data is encrypted and decrypted seamlessly without any need for additional coding. Files uploaded to server (File upload and signature fields) are not encrypted.

Requirements

  • PHP 5.6+
  • OpenSSL (Enabled by default in PHP 5.6+)

Enabling Data Encryption

To enable data encryption:

  1. Ensure your website is secured using SSL. Read more.
  2. Click Settings from the WordPress administration menu.
  3. Click on the Data tab.
  4. Add the provided code to your wp-config.php file. We recommend adding this code just below the Authentication Unique Keys and Salts section of the file. Always ensure the file permissions of your wp-config.php file are secure. If you are unfamiliar with this file we recommend that you read Editing wp-config.php first. The key provided on the data tab will change each time it is loaded, but you can copy it at any point for use in your wp-config.php file. You must use the provided key as it is specifically formatted to be used with the php-encryption library.
  5. Once you have installed the code, refresh the settings page and WS Form PRO will show that the key has been correctly installed. Note that WS Form will NOT show this same key again if you remove the key from wp-config.php so you may wish to keep a copy of this key in a separate secure location.
  6. Enable data encryption by checking the Enable Data Encryption setting.
  7. Click Save to save the settings.

Only submissions made after the point at which data encryption is enabled will be encrypted.

DO NOT CHANGE OR REMOVE THE KEY ONCE YOU HAVE INSTALLED IT. DOING SO WILL RENDER ENCRYPTED SUBMISSIONS UNREADABLE.
THE KEY PROVIDED BY WS FORM IN THE SETTINGS PAGE IS ONLY GENERATED ONCE. PLEASE ENSURE YOU DO NOT LOSE THIS KEY AND KEEP IT IN A SECURE PLACE. ENCRYPTED DATA AND KEYS CANNOT BE RECOVERED IF THE KEY IS LOST.
FILE UPLOADS AND SIGNATURES ARE NOT ENCRYPTED.

Data Considerations

  • Data exported from WS Form PRO to a CSV file is not encrypted.
  • Action such as Webhook or any other third party integration will not send encrypted data.
  • Emails sent from WS Form PRO are sent using the standard wp_mail function and the data is therefore unencrypted. It is your responsibility to secure your email communication if you plan on sending email acknowledgements.
  • Files uploaded to server (File upload and signature fields) are not encrypted.

Performance Considerations

  • Additional CPU time is required for encrypting and decrypting form submissions.
  • Additional database storage space is required for each encrypted submitted field.
  • Duplicate field value lookups cannot be used with encryption enabled.

The encryption system uses the popular php-encryption library developed by Taylor Hornby and Scott Arciszewski as well as numerous open-source contributors.