Encrypted storage

Hi Tim,

I don’t claim this plugin to be a highly secure database application, it’s not intended for the storage of sensitive information. I don’t intend to make it any more secure, I don’t have enough expertise in that area to know if I’m doing it right or not. I have taken the recommended precautions against SQL injections and that kind of thing, of course.

I am not familiar with working with encrypted databases so I can’t really offer any specific help here. There isn’t an easy way to hook into the database reads/writes, it happens in many places throughout the plugin.

I would suggest looking into application- or server-level solutions that encrypt/decrypt all database interactions, and of course I’m happy to answer specific questions about the plugin.

I know it can be hard to assure clients about security concerns, it’s a big unknown for most people, they only know it’s an issue.

It’s important to identify the specific threat that needs to be countered. Most problems with WP websites have to do with malicious users gaining access to a WP account and then hijacking the site to promote another site or send users to a malware delivery vector. If they’re after the data, them getting in makes the database encryption moot because they’ll also have the means to decrypt it…because the site has to decrypt it, so they just need to find out the key the site is using.

So, a threat like that is countered by preventing access, not by encrypting the database. I’d suggest looking into a plugin like Sucuri, and maybe even get the client to spring for a paid protection service. That will give them peace of mind and it’s easy for you to set up–just install and configure the plugin.