How can i encrypt user data in database

  • Hi Team,

    Is it possible in WordPress to do the encryption on the wp_users table?

    I want to encrypt wp_users data (user_login, useremail, user_url, user_nicename and display_name) in the database and create our functions or overwrite WP functions to verify and display userdata in frontend and admin but WordPress used wp_signon for user verification and WordPress does not permit us to overwrite wp_signon.

    If any other idea please message.

    Thanks in advance!

    • This topic was modified 6 years, 9 months ago by Aakash Gupta.
    • This topic was modified 6 years, 9 months ago by Aakash Gupta.
Viewing 8 replies - 1 through 8 (of 8 total)

  • I am curious as to what you want to achieve ? What security situations do you want to defend against ?

    If the WordPress core were able to encrypt the data that was stored in the tables, then it would also have to be able to decrypt it too, so the encrypt and decrypt keys would be in the website somewhere. So what security would you have achieved ?

    I have thought of other security illusions too. Like the database user is configured to have all privileges, surely this is excessive, like create table ability is only required for install or maintenance, so why not have two users, the normal WordPress runtime would not need table create say. But this achieves nothing, you have to have database update capability anyway, with it malicious code can destroy a website, so it does not matter.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    How can i encrypt user data in database

    You really do not want to. Ever.

    Here’s why: you need to access that data. You will need to decrypt that data to do so. You can either have your installation save that key in your database or in a file on your server.

    Doing either of those makes encrypting your data pointless. If someone gets a copy of your key from your backup then they can decrypt your data and you’ve accomplished nothing.

    Work on your process and how you handle off site backups. Those should be encrypted. Enforce encryption in transport via HTTPS. But actually encrypt your data on your server? That’s a lot of work to accomplish nothing.

    Is there any way to encrytp User Data such as address etc?
    EU Privacy and data protection laws that demand personal data stored online are encryted. Affects ecommerce, mailing lists etc.

    • This reply was modified 6 years, 8 months ago by SteveC123.

    Hi, just spotted this, did anyone work it out?

    Hi, I’m wondering whether you’ve found any luck with the encryption. you see I’ve been trying to do the same, but haven’t found anything to get this done. Please let us know if you’ve found any work out. thanks

    I came across one of the solution. I haven’t tried it yet but it should solve the requirement.
    Link to Gist

    User data enctyption, to have any sense (to make obtaining user data harder), should be much more complex than simple single-key enctyption.

    Read about one concept here

    You can use Amazon RDS for your database and check the encrypt checkbox when setting it up.
    The data will be stored encrypted but decryption is transparent when accessing so there’s nothing to do on the wordpress end.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘How can i encrypt user data in database’ is closed to new replies.