ClassicPress EXPERIMENTAL plugin: Post meta fields encryption and decryption for GDPR and privacy laws compliance.
Note: This plugin does not work with the Gutenberg editor.
- Define CP_PASS_PHRASE constant in wp-config.php file as a passphrase string or Key-Encryption-Key (KEK) API URL.
Example:
define('CP_PASS_PHRASE', 'SecretPassPhrase12345'); // Passphrase
define('CP_PASS_PHRASE', 'http://localhost/api/encryption/encryption.php'); // KEK API URL - Install and activate ClassicPress Encryption plugin.
- In the post/CPT administrative area, check the Custom Fields checkbox in the Screen Options section.
- The Encrypt and Decrypt buttons will appear at the right-hand side of the Publish or Update buttons. Add the custom field first, then press the encrypt button to encrypt the custom field value.
- For existing post meta fields, pressing the Encrypt button will encrypt the post meta fields without the prefix 'encv'. Pressing the Decrypt button will decrypt the encrypted meta values, but will return the same meta value if the prefix 'encv' is not present.
- To manually encrypt or decrypt data, such as when storing or displaying custom fields, use the BasicPHP methods encrypt and decrypt.
Example:
Basic::encrypt($plaintext, CP_PASS_PHRASE); // Encrypt data
Basic::decrypt($encrypted, CP_PASS_PHRASE); // Decrypt data
- Advanced Encryption Standard (AES) - GCM, or CTR/CBC Mode with 256-bit key
- Passphrase or Key-Encryption-Key (KEK) API URL for decoupling encryption keys
- Keyed-Hash Message Authentication Code (HMAC) for authentication - SHA256
- Password-Based Key Derivation using a secret passphrase - SHA256 with 10,000 iterations
- Encryption versioning for backward compatibility - 'enc' prefix, concatenated with 'v1' for versioning