Title: Plugin security question
Last modified: December 8, 2018

---

# Plugin security question

 *  [mc001](https://wordpress.org/support/users/mc001/)
 * (@mc001)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/plugin-security-question/)
 * Hi,
 * I’m new to plugin development, and one thing I need to do is store some confidential
   data which can be read when the plugin is installed and then used every time 
   the plugin functionality is invoked. I can see how to create a custom database
   table and store entries there, but my worry is that any other plugin will have
   access to it. Is there a way for plugins to have their own private tables? Since
   we plan to open source the plugin, the source code can’t contain any hardcoded
   sensitive data. Others must have come across this issue, so what’s the best practice
   in a case like this?
 * TIA,
    mc

Viewing 2 replies - 1 through 2 (of 2 total)

 *  [Joy](https://wordpress.org/support/users/joyously/)
 * (@joyously)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/plugin-security-question/#post-10959484)
 * If it’s super secret, there’s encryption. That still needs a public key and private
   key, but a lot of different software handles that already. Do some reading on
   the web about how it all works.
 *  Moderator [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * (@bcworkz)
 * [7 years, 4 months ago](https://wordpress.org/support/topic/plugin-security-question/#post-10960229)
 * The thing is, all plugins run under unrestricted authority that is granted to
   PHP. Anything that you try to make private will require some sort of token to
   access it. Any token that is accessed by your plugin could also be accessed by
   another plugin. You can attempt to encrypt, obfuscate, hide, misdirect, etc. 
   the means to get to the data, but if someone were so inclined, they could work
   through all of that through their own plugin and gain access. In most cases no
   one would make the effort, but the fact remains that the data cannot be truly
   protected from malicious code when it comes in through another plugin.
 * The most secure data is data not stored on a computer. There is no truly secure
   data, only degrees of difficulty to access.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Plugin security question’ is closed to new replies.

 * In: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
 * 2 replies
 * 3 participants
 * Last reply from: [bcworkz](https://wordpress.org/support/users/bcworkz/)
 * Last activity: [7 years, 4 months ago](https://wordpress.org/support/topic/plugin-security-question/#post-10960229)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics