You might be able to encrypt the fields and decrypt them on the fly using filters. However once encrypted you would not be able to decrypt them without also storing the encryption key somewhere that’s accessible to the code which would pretty much defeat the purpose of encrypting them. Therefore I do not believe what you want to do is possible.
The password is not retrievable from the database. It is only compared against to see if the entered password matches that value when the same encryption process is applied to it.
You can see the password code WP uses at /wp-includes/class-phpass.php
Thanks for the information. I still need it for PCI Compliance. I need to have selected fields encrypted. I have several sites and want a plugin to do it so I can repeat the process.
I have sites that need common personally identifiable fields encrypted too, in case someone hacks, tarballs, and downloads the anynamedatabase.sql file.
I can forgo editing the database. If the field data gets lost or needs to be re-entered, I have the ability to message the customer that they need to update the information in their account.
Some example fields that I need encrypted are:
- First Name
- Last Name
- Address
- Phone Number
- Cell Phone Number
- Email Address
I have some workers that really don’t need to be in the database anyway(lol).
There’s no point in storing the data if you can’t use it. You wouldn’t be able to send them emails or see their name or number without being able to decrypt it. Since you would have to decrypt the data to use it you would have to store encryption keys somewhere and this could make things tricky.
Here is a pretty good post with some ideas: http://security.stackexchange.com/a/12334
You might be able encrypt/decrypt using hooks in the WP API if such hooks even exist. I’m not even sure if they do since I’ve never tried it. Although I have been looking for plugin ideas so I can make some free as well as premium plugins so maybe I should look into it and see. Maybe I could even invent a relatively secure way to deal with the keys.
Since you are going for PCI Compliance hopefully you have a server which is setup properly as well.
That would be great if you could. Keep me in the loop. I’d definitely buy it. I searched for ENCRYPT USER REGISTRATION and ENCRYPTION but found nothing except GRAVITATE in the WordPress Plugins repository.
