User level encryption

  • Not really sure if this is doable but,…I’ve set up my theme for user registrations and log ins. Users can then fill out forms and store private information. My question–is there a plug in (or otherwise configuration) which will prevent even myself (admin) from viewing a user’s information? i.e. I would like to set up certain pages for users to store info which might be somewhat sensitive. Would prefer to have this capability at the page level.

    Thanks for any info or re-directions.

Viewing 1 replies (of 1 total)
  • Moderator bcworkz

    (@bcworkz)

    You could have users with private information make pages that are password protected. That achieves the privacy to all users but admins. You can prevent admins from viewing content by removing the ‘edit_private_pages’ capability. This would mean admins could not create such pages themselves since they could not edit their own content.

    Removing admin capability is a somewhat token gesture since the site owner can always view all content by accessing the database directly. However, there can likely be many admin users and maybe only the site owner can actually access the database directly.

    A slight variation would be for all admins except the site owner actually be made ‘super-editors’ instead of admins. Super editors would have all admin capabilities except being able to edit private pages.

    It is possible to prevent content access to even the site owner by encrypting the content before it is saved, then decrypting on output only once the proper password has been entered. Since only hashes of passwords are stored, there would be no way for anyone without the correct password to make sense of the encrypted data.

Viewing 1 replies (of 1 total)
  • The topic ‘User level encryption’ is closed to new replies.