CodeCanyon

Gravity Forms Encrypted Fields

Gravity Forms Encrypted Fields

Advanced security with features you’ll love! Works with all payment gateways!* This is the flexible encryption plugin you’ve needed and been waiting for! Don’t settle for anything less when it comes to your data security!

See Full Feature List Below!

If you collect personal data, private data or sensitive data using your Gravity Forms installation, (name, address, phone, email, birthdate, SSN ect..) you should use this plugin to protect that customer information and give yourself some peace of mind concerning database breaches and admin user misuse of any collected data. ˚˚

Gravity Forms Encrypted Fields works seamlessly within Gravity Forms to give you the data security and data privacy you need, as well as the custom control to implement it quickly and smartly within your WordPress installations needs! There’s no need to encrypt everything you collect and give everyone access in admin. Only encrypt what you want, and optionally give access to only the individual users or roles that need it!

Use this plugin to secure data at rest in the database and keep back end users from accessing it through admin, or just use it to hide form field results in admin from back end users without even turning encryption on. You can use either option on different fields of your choosing with custom user view permissions all at the same time!

For users with permission all decryption and view access is lightning fast, seamlessly integrated and automatic. They likely won’t even know encryption is on. Existing field data also is hidden in admin when encryption or “hide field value” is later turned on for a field. Smart view filters can let you know what individual field data is actually encrypted vs. just being hidden with a different display for each.

For users with permission to view encrypted or hidden fields the plugin retains normal Gravity Forms functionality like viewing entries and all export options. There is reliable native entry search functionality based on any encrypted fields data with individual user/role permissions to use this functionality (must search for exact content and not partial content). “Limited” normal encrypted field search and order functionality is also possible (..currently, standard search or ordering operations may return differentiating partial results when based on encrypted field data). Users without field view permission cannot search based on the hidden value of the field at all, export it as readable, or perform other operations which would reveal the value of fields they do not have access to.

Cant I just use a free plugin like Gravitate?
We’ve included this here only because of the amount of inquiries and the obscurity of the information we believe people are missing when considering those options. Please understand that the out of date free plugins out there simply force you to encrypt everything whether you want to or not, have no user view permission or output controls or additional web security measures, and give all admin users access, and then store the key right next to the encrypted data in the database. Unfortunately, that’s the same as locking your front door and leaving the key in it. The data is encrypted, but it is able to be easily decrypted by anybody who gets it anyway ..which defeats the entire purpose of using encryption. They also do not work with other Gravity Forms payment gateways like Paypal and Stripe and other various extensions (like the “user registration” add-on) and operations because they have to encrypt everything submitted which doesn’t play nice when those product and pricing fields need to be processed by another plugin or add-on. So if you find you need or want to add or use any other Gravity Forms functionality, you likely cannot do it using those plugins. They cannot encrypt old gravity forms entry data, or remove encryption for you either, and do not have any of the many other incredibly useful and/or necessary features this plugin offers ..for one small example: the ability to search entries based on encrypted data. We do understand that “free encryption plugin” sounds convenient, but when it comes to real data protection and your sites compatibility and operational needs we believe that when you have the information to compare and realize the value of the real security, flexibly useful features, thoughtful solutions, and extensive documentation and support that Gravity Forms Encrypted Fields offers, you’ll know why it’s the right choice for any site!


FEATURES

- AES-256 bank/military grade database storage encryption

- Selectable encryption types including OpenSSL

- Built in web and WordPress Admin security measures to help prevent sensitive data breaches

- Smart encryption key system with separately generated and stored customizable encryption keys

- Option to globally bypass actual encryption and just hide data in admin from unauthorized users.

- Advanced individual field user/role view permissions

- Global user view permissions

- Select to encrypt or hide Gravity Forms individual field data with both user and role access control per individual field.

- Merge tag filtering and exclusion controls to control output on confirmations and notifications of encrypted or hidden fields

- Ability to include html and section break fields in merge tag output.

- Ability to exclude specific fields from “all_fields” merge tag output.

- Ability to pass full encrypted strings to merge tag output on confirmations and notifications for developers to pass data encrypted through email notifications for third party developed decryption and ingest into other systems.

- Fully functioning native search functionality of entries based on encrypted field data with user/role based permission to this type of search. (Can only search natively for exact field values. ..this includes any specific value of multi part field such as first name or last name.)

- Custom output preview masking for hidden/encrypted fields to use for entry view, and optionally also in merge tags for confirmations and notifications. example: •••1234

- Custom decrypted merge tags to output human readable versions of encrypted data only in email and confirmations while retaining any view permissions on the site. Also has a developer option to use custom encrypted merge tags for developers to output an encrypted version of any field data in notifications and confirmations to be decrypted elsewhere by data or email recipient. Data that is unencrypted will still have an encrypted version output by the encrypted merge tag.

- Ability to auto delete specified form entries and file uploads after submission/user registration/notifications. Keep the site clean and no site data to breach!

- Ability to auto delete only specified form entries file uploads after submission/user registration/notifications. Keep the site clean and no site file upload data to breach! Great for resumes or other files uploaded with potentially sensitive data!

- Ability to attach specified forms file uploads to specified notifications after submission/user registration before entry or file uploads are deleted.

- Option to password protect access to admin settings page (This password is encrypted and when combined with quick global permission lockout, can allow for data security even in the event of an admin login breach! Just unlock the page and give temporary permission when you need to access encrypted data!

- Option to assign ‘User Owned Fields’ which encrypt data and give view permission to only the original submitting user

- Option to display custom text or nothing at all for hidden and encrypted fields for users without permission

- Ability to remove/reverse encryption on specified forms, entries, and fields. This can also be run in batches on all entries and or fields of a specified form from newest to last entries to completely remove ALL encryption from forms entries!

- Ability to add encryption to previous entries for specified forms, entries, and fields (fields must be of supported type). This can also be run in batches on all entries and or fields of a specified form from newest to last entries to completely encrypt ALL of a forms entries! Now you can add encryption on old field data!

- Detailed and extensive inline documentation for every option and setting to help you set up the perfect solution for your site!


Both quick and full setup instructions are directly inside the options page for users who just want to be up and running in a couple minutes, and the plugin also has a complete visual system and encryption check to help users visibly see the systems requirements and current encryption status to be up and running quickly, and know what global mode it is using at a glance.

Supported Field Types: text, textarea, date, name, number, email, phone, website, address, dropdown, radio, multi select, checkbox.

*Payment and Product information generally can NOT, and should NOT be encrypted to maintain functionality.

˚˚ This plugin fills one necessary component of data protection. The usage of other basic protections such as SSL, VPS, User capability restrictions, and strong admin user password enforcement alongside this plugin are strongly recommended. You may be subject to implementing additional data protection policies and procedures depending on the sensitivity level and type of the information you are collecting.

Please see support page for plugin F.A.Q

Item is supported though the comments page

Requirements:
+ means “or any higher version”

-WordPress 4.6+
-PHP 5.6+ (5.5 and 5.4 should currently also function but are NOT SUPPORTED)
-Gravity Forms Version 2.0.7+
-Server must support one of the following encryption methods:
OpenSSL Encryption Enabled -ver 3.0+
Mcrypt Encryption Enabled -required for ver 2.9.3 or previous

Installation / Upgrade
IMPORTANT: Please refer to the plugin’s readme file for detailed instructions on upgrading between versions or initial install.

Current Available Version
3.3

Changelog (including near future versions)

Version 3.4 (submitted for release)
* Added instructions for manual website key generation for installations on web servers with security restrictions preventing auto generation.
* Code improvement.

Version 3.3 (current available version)
* Added plugin version reporting to unlocked settings page.
* Update author links.
* Added explanation for 0 entries processed if no ENTRY IDs are specified and MAX ENTRIES PER RUN is left blank to the encryption/decryption tool report.

Version 3.2
* Added {gfef_decrypt_ALL} merge tag for ability to include decrypted output of ALL encrypted and hidden fields through single merge tag with Decrypted Merge Tag tool output.
* Added Encryption Verification Mode Option to encryption test section of setting page to reveal raw encrypted data on entries pages for verification of encryption.
* Adjusted decrypted merge tag tool to no longer allow output of user owned fields unless original logged in submitting owner generates merge tag results.
* Form Encrypt/Decrypt Tool and Settings Page Lockout Password are now hidden by default to prevent accidental entries.
* Cleaned up options page with subtle visual improvements and Guide materials visibility toggles.
* Minor code improvements and CSS style streamlining.
NOTICE: (If upgrading from version prior to 3.0, before installing 3.0 you must first use the encrypt/decrypt tool to decrypt ALL previous entries with encryption and then upgrade to ver 3.0 and select encryption type and save changes, then encrypt previous entries again to resume functionality) Previously encrypted entries in prior versions CANNOT be decrypted/read using new encryption methods in ver 3.0+. IMPORTANT: Please always refer to the plugin’s readme file for detailed instructions on upgrading between versions.

Version 3.1
* Expanded Native Search Feature to attempt finding the entered search term(s) with varying capitalization automatically.
* Fixed Encryption Test to also warn users when encryption password override is on while using Open SSL encryption.
* Clarified Encryption Password Override instructions.
* Subtle visual changes to settings options page for more clear section breaks.
NOTICE: (If upgrading from version prior to 3.0, before installing 3.0 you must first use the encrypt/decrypt tool to decrypt ALL previous entries with encryption and then upgrade to ver 3.0 and select encryption type and save changes, then encrypt previous entries again to resume functionality) Previously encrypted entries in prior versions CANNOT be decrypted/read using new encryption methods in ver 3.0+. IMPORTANT: Please always refer to the plugin’s readme file for detailed instructions on upgrading between versions.

Version 3.0
* Added OpenSSL encryption with ability to select and switch encryption type.
* Changed Mcrypt encryption to add additional level of security.
* Added upgrade instructions notice to settings page for those upgrading from versions prior to 3.0 to 3.0+.
* Added ability to search user owned fields with “native search”.
* Changed “Encrypt/Decrypt Form Entries” tool to ONLY encrypt fields with encryption currently turned ON in form by default.
* Added option to “Encrypt/Decrypt Form Entries” tool to allow for encryption of fields with encryption currently turned OFF in form.
* Added subtle visual improvements to settings page.
NOTICE: (If upgrading from version prior to 3.0, before installing 3.0 you must first use the encrypt/decrypt tool to decrypt ALL previous entries with encryption and then upgrade to ver 3.0 and select encryption type and save changes, then encrypt previous entries again to resume functionality) Previously encrypted entries in prior versions CANNOT be decrypted/read using new encryption methods in ver 3.0+. IMPORTANT: Please always refer to the plugin’s readme file for detailed instructions on upgrading between versions.

Version 2.9.3
* Added native search functionality of encrypted field data (Can only search natively for exact field values. ..this includes any specific value of multi part field such as first name or last name. Excludes user owned fields until ver 3.0+).
* Added “Search Permission” option to limit users/roles ability to natively search based on encrypted field data.
* Added Encrypted Merge Tags {gfef_encrypt_FIELD ID} for developers to output an encrypted version of any field data in notifications and confirmations to be decrypted elsewhere by data or email recipient. Data that is unencrypted will still have an encrypted version output by this merge tag.
* Added floating “Save Changes” button to settings options page to assist quicker settings modifications.
* Changed “Search Data” option on settings screen to “Custom Data” encryption preview.
Version 2.9.1
* Added “Search Data” option to settings screen to allow for searching entry field data based on stored encrypted strings. ..This allows for reliable search based on encrypted fields.

Version 2.9
* Added ability to enter roles to fields user view permissions and the limit user view permissions list. Using role slugs in these locations now controls permissions for all user of a certain role per field without the need to add all the user names under that role. Individual users can be restricted elsewhere such as the lockout list and the finer grain individual user permissions will override the role locking the individual users out.
* Fixed the “Limit User/Role View Permission Lists” functionality so that when users/roles are in here, any field with a blank “User/Role View Permission List” still gives access to ALL users, but only users/roles in the limiting list will be valid if using the fields “User/Role View Permission List” to limit an individual fields view permissions. !!!!!! Please check setup on update. This will give access where there previously wasn’t if a fields “User/Role View Permission List” was blank but was restricting access still !!!!!

Version 2.7
* Added ability to auto delete specified form entries after submission/user registration.
* Added ability to auto delete specified form file uploads after submission/user registration.
* Added ability to attach specified form file uploads to specified notifications after submission/user registration before entry or file uploads are deleted.

Version 2.5
* Added custom output preview masking for fields including hidden/encrypted fields with option to use for entry view, and optionally also in merge tags.
* Added complete permissions bypass for full decrypted output (optionally including merge tags) for user specified form fields.
* Added admin controlled decrypted merge tags to allow for full decrypted output of field data in merge tags (confirmations and notifications) while still keeping all website view permissions.
* Changed the Merge Tag Filter to allow for filtering of individual merge tags as well as the “all Fields” merge tag to allow for single field merge tags to be used with masking.
* Removed browser auto completion from settings page lockout password field and settings page. (Please update your lockout password, or clear browsers autocomplete cache/storage after upgrading to this version if your browser is auto completing tis password curently. Nothing is recommended on new installs).
* Added notice to failed encryption test for when encryption override password is on.

Version 2.3
* Added encryption removal/reversal with the ability to specify the form, entries, and fields to be decrypted and user owned field control.
* Added Encryption/Decryption Reporting to admin settings options page to report status of manual encryption/decryption runs.
* Improved priority of encryption function to allow for other hooked functions to be pre-processed.
* Added encryption to admin option settings page password for database storage.
* Fixed display of 0 value data when encrypted.
* Code cleanup and improvements

Version 2.0
* Added ‘User Owned Field’ advanced field option to allow only the logged in user who originally submitted the data to be able to view it as readable even if another user updates the data. -This overrides ALL other user permissions.
* Added conditional option to allow front end display of encrypted/hidden data for users with permission
* Added option to save settings when deleting plugin to install updated version
* Added option to save admin options page password regardless of deleting other settings to prevent password bypass when uninstalling and reinstalling plugin.
* Code cleanup and improvements

Version 1.7.2
* Added Feature to optionally password protect admin options screen

Version 1.7.1
* Bug fix for salt creation and zero value data

Version 1.7
* Added Merge Tag Filter and {all_fields} Merge Tag Exclude/Include Options
* Expanded the system check to include encryption bypass and merge tag filter for quick overview of system settings

Version 1.6
* Added Feature to ‘Limit User View Permission Lists’

Version 1.5
* Added Feature ‘User Access List’
* Fixed encryption of zero value data.
* Added Instructions and in depth option descriptions

Version 1.2
* Added Hide Field data safe option
* Changed decryption to no longer require field encryption turned on for users with permission
* Changed restricted displays to respond to whether or not data is actually encrypted or just hidden

Version 1.0
* Initial version

by
by
by
by
by
by