PluginOwl supports this item


This author's response time can be up to 5 business days.

177 comments found.


flojnel Purchased

I see that the plugin should only be installed on new forms. I have one site that has a lot of complicated forms. Would the plugin work if all the form entries were deleted instead of creating new forms? I can send my clients exports of the entries. Thanks.


The plugin can certainly be used with existing forms and any previously existing form entries can be manually encrypted if desired but do not have to be. We highly recommend that the DB is backed up and testing is done on a test/development copy of the site or a simple private page testing copy of the same form on your live site before implementing on your live site and live form so that you can be familiar with the settings and achieving the desired results on the live data when you implement.

That said. If you wanted to handle it as you suggest it would be fine as well.

Hope this helps! :)


flojnel Purchased

Thanks for the prompt reply!


flojnel Purchased

One of the forms I want to encrypt sends information to Salesforce via a script (added to confirmations). Is that information likely to be sent encrypted? If so, is there any way around the issue?


You can likely use the “process feeds/add-ons before encrypting” option per individual field (in the encryption options for field in form editor) which delays encryption until after feeds/addons/notifications are all complete on submission.

This of course depends on your custom script. The functionality is built around feeds and add-ons which use the gravity forms standardized API.

Of note: You wouldn’t ever get encrypted strings sent it unless you use our custom encrypted merge tags to do so intentionally, but you would likely get the restricted display if not using the option mentioned above.


BHuge Purchased

Hi there,

My date format is dd-mm-yyyy But when i decrypt the date fields (in the notification mail) i get: yyyy-mm-dd

This only happens in the notification mail. On the backend i see the correct values. But my client wants it correct in the notification mail.

How can i change this? Are there any filters i can hook into?

Greetz and many thx.


Thank you for bringing this to attention. It seems the date field is normally formatted by gravity forms core for merge tag output but our decrypted tags do not currently tap into the formatting options. We will definitely take a look at adding this in some capacity for the next update.


Version 4.3.8 * Fixed formatting of date fields in all decrypted merge tags to match the formatting selected for field. * Changed file upload fields printout to html links to the file for ALL and ALL+ decrypted merge tags. * Removed file upload fields links from core all_fields and plugin ALL and ALL+ merge tags if files are being deleted.

We are having an issue with blank email notifications i.e. the encrypted fields not being shown. We are using {gfef_decrypt_ALL} in the notification with 1:ALL,2:ALL,3:ALL,4:ALL,5:ALL in the settings. However, when we go in and resend notifications, they come through just fine. Help!

Ok we will have a look at the code to resolve anything outstanding for the next update. :)

UPDATE: We have not been able to reproduce this issue.

From your description saying that you only get data when the user is logged in ..have you disabled the merge tag filter?

Also if you still need assistance could you paste your notification text (minus anything sensitive) here so we can look at how the tags are being used.

The forms are working now with a message in the ‘encrypted restricted display’ and using {gfef_decrypt_ALL+} in the notification with 1:ALL+,2:ALL+,3:ALL+,4:ALL+,5:ALL+ in the settings. I can confirm Merge Tag Filter Bypass is unchecked and MERGE TAG RESTRICTED DISPLAY FILTER IS ON.

Hi – bought the plugin and am testing it out as a solution for my web clients who use gforms for lead generation.

Is it possible to have encrypted fields remain visible when sent via email to the site Administrator? I don’t think my client’s will be too happy if they have to log-in to WordPress to see their leads. I thought the idea with GDPR was to encrypt data at rest/stored in the database – not necessarily hide it from the intended email recipient.

If you could explain this a little, and if possible – let me know how I can set it so Admins can see the date in their email… (I know this might be exactly the purpose of encryption). Thanks for your patience, then.

Disregard my question…. l need to learn to read ALL the docs first. I apologize. The functionality that I was looking for was the MERGE TAGS. They do the trick. Thanks!

Hi, I would protected a field (download file) but I would assign a password for every user. It is is possible?


File encryption is not currently an option. They are not supported fields so you cannot turn on encryption for a file field. You CAN email a copy and delete the file from the server automatically.

We are looking to hopefully include file encryption in the future and the logistics of the system for it is in the works.

I would protected a file upload, every user have a personal password. is it possible

No. This is not currently possible.

Hi, will this plugin encrypt file attachments? Are there any limitations on file types that can be encrypted? Thanks


Not currently. Please see the comment thread immediately above in regards to file encryption. All current features are listed in the main plugin page here.

That’s too bad. Thanks for answering my question.

If you need file encryption for gravity forms uploaded files be sure to check back as it will likely be a feature before too long ;)

Hi there! Thanks for this plugin.

I have installed and tested it out for a client. Encryption works fine. But now all fields in notifications and confirmations are displayed as ‘Encrypted Field Restricted’.

I understand I can work with the plugins decrypted merge tags. But this is so much work. My clients website holds 30 forms. I would need to enable encryption for each form (=30 actions), then add ID:ALL+ for each form (=30 actions), then update 2 notification e-mails and 1 confirmation with {gfef_decrypt_ALL+} and an email merge tag (=4*30 actions). That’s 180 steps to set up encryption. While it is doable, for my use case it is a lot of work. I’m not concerned about permissions, I only want encryption. Also, I’m setting this up as a one time effort to encrypt forms for my client. New forms are being added constantly by my clients webmasters, and I don’t think I will be able to explain these steps to them, let alone expect they configure this faultless every time.

Is there maybe a single action to just enable encryption for all forms, existing ones and future ones? And more importantly make encrypted fields show up in notifications and confirmations without per form configuration? For me some PHP filter hooks would work.

Thanks in advance!

Are you referring to individual field merge tags being used?


Added “ANY” as a valid FIELD ID entry in the decrypted merge tag options to unlock ALL {gfef_decrypt_FIELD ID} tags for a form with a single unlock entry. This can be combined with “ALL” as a FORM ID to unlock ALL {gfef_decrypt_FIELD ID} tags for ALL forms with a single unlock entry.

For example. You can put 11:ANY in as a valid entry and then use any valid {gfef_decrypt_FIELD ID} tag for form 11 such as {gfef_decrypt_3} and {gfef_decrypt_101} with a single unlock (assuming these fields exist on that form).

You can also put in ALL:ANY and then use any valid {gfef_decrypt_FIELD ID} tag for ANY form using that single unlock.

this applies to User Decrypted Merge Tags and Encrypted merge tags as well so ALL:ANY:U and ALL:ANY:X are both valid and unlock user and encrypted merge tags for all forms respectively. This can also be used per form such as 11:ANY:U

This feature has now already been added and will be included in the next release version as well.

Perfect! Thanks so much, looking forward to the release!

This comment is currently being reviewed.


How was it working before? How large is the file(s) you are trying to attach?

It works with links to the files, yes (with this setting blank). The files are very small, about 15K total (field max is 7MB).

Can you take a screenshot of your system check?

Thank you. As a side note, we strongly recommend leaving the merge tag filter ON.

What other plugins add-ons or functions are running with Gravity forms currently?

Logging and signature (both from GF). With regard to the filter, that was the only way I could get the encrypted fields to come through in the notification. Is this setting to get them to be decrypted for the email the wrong one?

Yes , that is incorrect.

That button to show the option guide there will show detailed instructions and give examples for how to unlock any decrypted merge tags.

Assuming its FORM ID 11 and you likely want to use the {gfef_decrypt_ALL+} tag in your notifications/confirmations, you would enter


in the setting and then use the {gfef_decrypt_ALL+} tag in form 11 confirmations and/or notifications.

Two questions please… 1) Am I able to install this on both our staging and production site with the one license? 2) Will the Gravity Forms Encrypted Fields plugin work (no conflict) with GF PGP Encryption plugin for GF notification emails (Ref:

Thank you for your support.


If the staging site is not live to the public then yes. Otherwise it could be considered a functional site.

The PGP encryption plugin only encrypted the notification emails and if it ties into GF the standard ways there should be no conflicts. We have not heard of any conflicts with it to date. But forward looking compatibility can never really be guaranteed when it comes to unassiciated third parties.

Hope this helps!


fpmdevs Purchased


Thanks for the great plugin.

We have 2 questions we could use help with.

We are using a User Lockdown List and Field Output Masking and Permissions Bypass for form data being sent to a 3rd party api.

How can the encrypted field values be obscured on the frontend for admin users not on the lockdown list?

How can form entries be export in decrypted form using the user on the lockdown list?

Thanks for your time.

Is this a development site we can log in to check out the settings or does this contain real data?

..A follow up question. How many entries are currently existing for that form total? If you are exporting a very large amount of entries to a single CSV it can sometimes simply take the editor a while to open and show the data that is there. Just looking to eliminate that possibility :)


fpmdevs Purchased

i’ll check on dev access ~40 entries, nothing big

Hi There,

I’m having another issue with the encrypted fields and email. When I use the {gfef_decrypt_ALL+} in the notification (after setting the form ID in the settings) I do not get all fields, and the download links are not current (every ”/” comes through as ”\/”. I am fine with just using the Merge Tag Filter Bypass setting, and this works when I send the form to myself (using {all_fields} in the notification). But, when I set it to send to the client, all of the fields are encrypted again.




Also if you’re comfortable editing the plugin file we can send you a few lines of code (early tomorrow) to add in the file upload links before the next update. Just contact us through our author page contact form and reference this help request :)

Thanks for your help. Just to close the loop, I ended up just created a wp user to fill out the form and granting access to them. Everything works now (with the exception of file attachments).

Excellent :)

File attachment links are in the next update :)

Hello, The Encrypted Fields add-on for Gravity Forms is exactly what I am looking for. However, it looks very complicated to setup and I am not a developer or have very much technical experience. In review listed 6 months ago a similar reference was made to the complicated setup and usability. You replied by saying that you would work on providing video tutorials. What is the status? Are video tutorials available? I wasn’t able to find anything and the documentation again looks very complicated.

Many thanks for your feedback.


I believe you are referring to an issue where ther was a language barrier to the instructions.

The plugin does not require technical skills but rather just taking the time to read the instructions and set it up properly. Video tutorials are still coming. We can try to push them forward more. However for standard setup they will really only be a direct reading of the setup instructions and following along which may help some people if there are language barriers to visually see and hear the setup instructions. Unfortunately most issues with setup stem from users just not fully reading and following the complete instructions and examples provided for setup or other settings and most user help we provide is just a repeat of the listed instructions.

As far as usability When it comes to using the plugin there is zero to learn or do as it is completely passive. Once it is set up for your needs you just use Gravity Forms normally. ..that’s all.

What we’ve found is that people who are new to Gravity Forms entirely can potentially struggle with learning Gravity Forms itself as it is a potentially complex form system with many possibilities and the issues aren’t always learning how to setup our plugin but rather learning how Gravity Forms itself functions in order to set Gravity Forms up as well as setiing up our plugin for their specific needs. Gravity forms itself can be very simple or used in very complex ways. Our plugin is similar in that basic simple setup is pretty quick and easy, but if your trying to do complex things with a form, you’ll have more setup to do. But the encryption options are just selected as you build you form normally and merge tags are used as you build you confirmations, notifications, or other form processes normally. In the next release version we’ve simplified decrypted merge tag usage further by adding universal unlocks that can basically allow users to unlock all decrypted merge tags for use at any time if the setup would benefit from that.

The layer of additional thought required for our plugin is a data view permissions hierarchy which can be as simple as setting up a user or role that can globally access everything and locking everyone else out, or you can make complex per user/per field permissions. So it is again as simple or complex as you would like to make it. Once the plugin is set up the other options mainly determine who gets access and when, but are not necessary to use rather available for use to setup more custom data access or customizing how it’s displayed.

The instructions for each setting give detailed information and provide examples to follow and a basic setup is pretty straightforward.

Hope this helps


VERSION 4.3.8 (currently in development)
  • Added Video tutorials to instructions and documentation.

We are still working on a few and will likely add more, but hopefully these will be a great help for users.

We have also simplified initial setup instructions and added options to incredibly simplify using any of the the decrypted merge tags for single user/simple permissions sites that do not need to restrict their usage.

Hi, I see that the user registration plugin runs the data through wp engine instead of directly through gravity forms.

Is there a way to encrypt just the user meta that is added. I know you’re trying to avoid the encryption of core data but some of the custom fields aren’t necessarily vital to the core. Can I use the plugin to encrypt the custom meta fields?

I am trying to get everything to work with the update feed of the user registration plugin.

Thanks in advance


You can encrypt them yes, but core will not know what to do with the encrypted data to actually give it back to you unencrypted at any time so you will have unusable meta data as far as core is concerned it will just be encrypted strings associated with the user in their profile. Core gets the form data handed to it from gravity forms to populate the WP user data, but it does not run back through gravity forms to pull the data, and currently has no existing hooks for us to tie into while it pulls the user data so it just pulls the encrypted data from the DB and gives it back to you as is.

If WP core does not need that data for anything and its user data that should be encrypted you can/should perhaps just store the associated meta data for the user entirely in Gravity Forms. The form they fill out to register has to contain all the same info as the user being created/updated, and can store it encrypted and useably give it back to you. Gravity view is a great way to let the users update and/or delete their additional information if going this route. You would not use those fields at all for WP user registration and instead just store that information in the form associated with that users creation. This also allows you to search, export, and utilize the data associated with users using gravity forms functionality.

Hope this helps :)

Thanks for the quick reply. Can you possibly point at how the saving everything through gravity forms would work. Is that part of gravity view? Also the prepopulate and user update was the main function of the user registration. Is there a better or more compatible way to do that. Thanks so much it’s very helpful

Yes, gravity view lets users edit their own entries, so you can just store “user data” in form entries that they can edit. If the data is just for you to know about a user and isn’t actually needed by core you can just store it under the GF entry and get to it by just looking up the users name/email etc in search. They can edit or delete it on their own using gravity view

Pre populating field data based on actual WP user data wouldn’t be an option though for any fields not stored as WP user data, but again.. those are not currently usable if encrypted.

Hi there, my php log is showing these messages, just thought I’d bring it to your attention: [Jun 18, 07:20:49] PHP Notice: Trying to get property of non-object in /home/user/public_html/wp-content/plugins/gravity-forms-encrypted-fields/gravity-forms-encrypted-fields.php on line 1342 [Jun 18, 14:20:33] PHP Notice: Undefined offset: 0 in /home/user/public_html/wp-content/plugins/gravity-forms-encrypted-fields/gravity-forms-encrypted-fields.php on line 1417 [Jun 18, 07:20:49] PHP Notice: Undefined variable: gfe_user_role_limit_access_list in /home/user/public_html/wp-content/plugins/gravity-forms-encrypted-fields/gravity-forms-encrypted-fields.php on line 470

This last two pop up quite a bit.


Thanks for the heads up. We can look to eliminate the notices in the next release version. Just a couple questions to see what is going on. :)

What version of PHP are you running? Plugin version? What action is the notice logged on? (If known)

Thanks :)

Please be sure to install the latest plugin version, and we have done some tweaking to remove various notices in the next release version :)

Having an issue with not receiving any email notifications. Suggestion?

Here’s the page (scroll to the bottom for the gray button):

BTW – I figured out or issue. Mystery solved! We used a merge-tag for the admin email to receive notifications in the form settings page. It didn’t like that. As soon as I replaced that with spelled out email text rather than a merge tag, it all worked as it should. Consider this closed.

Ah, yes I didn’t know that button existed on that page!

But yes, not all inputs accept merge tags!

If that field is set what you actually want is the standard all_fields tag :) That will do exactly what you want :)

Correct! I must pay you a compliment. Your support response is phenomenal. Enjoy your day!