Menu Search
Geoff Gedde Headshot

By Geoff G


Published

By Geoff G - Published

Gravitate Encryption for WordPress and Gravity Forms

Nowadays Encryption has been getting more and more attention.  With so many server attacks being done every minute, we need a solution to prevent our clients data from being used maliciously.

Gravity Forms Encryption

Gravity Forms is an awesome plugin for WordPress.  However, it doesn’t come with an option to encrypt the data when it is being stored in the database.  While most of us will use gravity forms as a simple Contact Form, many of us might want to use it for much more than that. Gravity Forms is simple enough to use for a Contact Form, but if you wanted to use it as application tool that stores emails, phone numbers, even Social Security Numbers then you might want something that has a higher method of security then storing plain text in the database.

Gravitate Encryption 

This is where the Gravitate Encryption Plugin comes in handy. This plugin allows you to use four methods of security with your client data.

  • Symmetric Encryption
    This method uses PHP’s “mcrypt” library to encrypt and decrypt the data with a secret passphrase that you configure.  It will use a random IV with MCRYPT_RIJNDAEL_128 and MCRYPT_MODE_CBC.  There is an option to automatically create and email a Secret Key for you if you don’t know what the best option is.
    Your server will need to have “mcrypt” library installed and configured properly.
  • A-Symmetric Encryption
    This method uses PHP’s “openssl” library to encrypt the date with a public_key and decrypts the data with a private_key.  This method uses a 2048bit RSA encrypted key to encrypt the full data.  This allows you to encrypt large amounts of data instead of the default RSA limited amount.  There is an option to automatically create and email a Public and Private Key for you if you don’t know how to do this yourself. The main usage of this type is that you can store the Private_Key in a separate location.  This way the Data can’t be accessed even in the Admin Panel unless you have the Private_Key.  Your server will need to have “openssl” library installed and configured properly.
  • Weak Encryption
    Well this encryption method is just as it sounds.  The real only use for this is if your server doesn’t have “mcrypt” or “openssl” installed.  While this method is better than storing the data as plain text, it wouldn’t really hold against someone who know a thing or two about decrypting.  However, if it is your only option then it is there for you.
    * If you plan on storing very sensitive data, then we recommend working with your Web Server admin to get one of the other methods installed and working instead of using this method.
  • Remote Database Storage
    This option allows for the data to be Stored on a Separate MySQL Database.  Useful if you want to keep the data behind your own Firewall.  This option can be used with any of the Three Encryption options above at the same time.  You will need to know how to configure a MySQL database as this option does require knowledge of a MySQL database configuration.

WordPress Encryption

While this plugin was intended for Gravity Forms, it can be used by any plugin or even in your WordPress theme files. First you will want to make sure that you have installed the Gravitate Encryption Plugin and configured it.  Next, make sure to Test the plugin.  There is an Encryption Test option at the bottom of the plugin.  If it is working properly then the Un-encrypted Text will show as the same as the Decrypted Text.

To encrypt data use this PHP code:

if(class_exists('GDS_Encryption_Class'))
{
echo GDS_Encryption_Class::encrypt('This is the Text to Encrypt');
}

To decrypt data use this PHP code:

if(class_exists('GDS_Encryption_Class'))
{
echo GDS_Encryption_Class::decrypt('enx2:JKM3FFR4WP5HN6SG0C4ZAIF5K7H');
}

* WARNING:

Once you start using the plugin and start storing the data as Encrypted, you should not change the settings of the plugin as it will no longer be able to Decrypt the data.  That means it will not be able to turn the Encrypted data back into a readable form.  Therefore it will make the data unusable.

You should only configure it once and then Disable the Plugin from being managed in the Admin Panel.

If you need to change the settings you will need a Web Administrator to backup your data Un-Encrypted then change the settings and Re-Populate the data with the New Encrypted Settings.

 

Disable the Plugin from being managed in the Admin Panel

This can only be done from within the code of the plugin.

You can update the code in two ways.  Either using FTP or you can edit the file from within the Plugin Edit page.

Go into the “gds_encryption.php” file and change:

$gds_encryption_enable_settings_page = true;

to

$gds_encryption_enable_settings_page = false;

 

Get the Plugin

You can get the plugin here:
http://www.wordpress.org/plugins/gravitate-encryption/

 

* Sorry, but Gravitate offers no Support, Guarantees, or Warranty for this plugin.  Any comments or reply’s provided by a Gravitate member is done at will. Use this Plugin at your own risk.

 *It is recommended to use private data in the comments and to not share your website or company information on this page.

9 Comments to “Gravitate Encryption for WordPress and Gravity Forms”

  1. Greg

    The plugin isn’t on the wp.org site. I’d love to use it in my next project! What’s the status?

    Reply
    • Geoff Gedde

      Unfortunately, this plugin is meant for Gravity Forms and not other Plugins like Ninja Forms. You can still use it, but it would require some coding. Please review the section “To encrypt data use this PHP code:”.

      Reply
  2. Aaron Riddle

    Hi. I am using this plugin with Gravity Forms, but am having an issue where it prevents the “No Duplicates” option for a text field from working. People are allowed to submit forms using the same email address for instance, even if the “No Duplicates” option is checked.

    Has anyone else mentioned this problem and is there fix coming in the near future?

    Reply

Leave a Comment

Let's Do This...

Ready to start a project or really curious about our process? Let’s talk about your idea. We like to come prepared for our first conversation, so for starters, please fill out our project inquiry form in as much detail as possible.

Project Inquiry Form

Or We Can Just Be Friends

Have a question about a project we completed, our process, or just curious about what’s on tap this week? Drop us a note or give us a call; we’re happy to answer all your questions.

Call us at: (888) 641-7313

  • This field is for validation purposes and should be left unchanged.