I believe you are referring to how it is stored in the database? If so, that’s a “hash.”
Hashing is not the same as encryption. The difference is that hashing is a one-way operation, which means it cannot be reversed. So if you used a hash on user data, it would be unusable. In order to use any data stored in the database, you would need to be able to reverse it.
You might be wondering why then it works with passwords? Because when someone logs in, the password they submit is hashed to compare with the stored hash. But since it is not a reversible process, that’s why a password cannot be retrieved. If a password is forgotten, the only possibility is to create a new one (reset it).
You’ll find discussions of user data encryption in WordPress on the web. However, that is something that must be done at the WP level. There are really no instances where WP-Members uses direct db queries to access user data – all data is written and retrieved using WP’s internal functions. Because WP also needs to read/write user data, anything done for encryption would need to be between WP and the db, not WP-Members and the db.
As Chad says, this couldn’t be a function of the WP Members plugin, but would need to be achieved at WP level itself.
If you want to encrypt the database so that any manual access of the data stored within it would be protected, then one option is to use Amazon RDS as your database. This has the option of encrypting the data within the database (by a simple switch in the config settings for that database).
Any application that connects to that database has no knowledge of the encryption, it simply works ‘as is’. The encryption is only within the database itself (on Amazons RDS).
You can’t really have a plugin or adapt/override WP Core code to do the encryption and decryption of part or all of the main database. Given that you are trying to prevent anyone who gains access to your database, the ability to read the data within the database without a key, if they managed to gain access to your WP site (say with admin level), or your server, then they would have access to the key/hash which WordPress would need to access to database. i.e. if they have access to your WordPress install, then it doesn’t matter if the database is encrypted, they’d have the key.
So ideally, you’d need to encrypt/decrypt at the database server level itself and have any apps that access it be transparent to that.
Providing you use strong access controls between your server and the database, it would at least protect the data from being accessed externally. (key point being, accessed externally).
Even with Amazon RDS encryption, if someone gained access to your WordPress install, they would still have access to the data on the Amazon RDS encrypted or not as they could use your WordPress install to access the data.
It’s a big can of worms…
