Support for Gravity Forms Encrypted Fields

Support for Gravity Forms Encrypted Fields

Cart 2,608 sales

PluginOwl supports this item


This author's response time can be up to 5 business days.

Popular questions for this item

Will this plugin help with data protection/privacy compliance?

While the details of data protection policies differ, most of them require that any customer data at rest (in the database or stored on the server) should be protected/encrypted and that access to that data be restricted. The encryption or auto deletion of collected data from the server such as this plugin offers can certainly be a great help in achieving compliance in these particular areas. However there are generally other factors to compliance that this plugin does not address which should be addressed as well. Please refer to the data protection/privacy regulations or policy to which you need to achieve compliance to identify and address any additional concerns.

Does the plugin work with other add-ons or plugins like user registration, or product purchase/payment/donation forms?

Yes, you can use this plugin along with payment and user registration forms. However, in general, you should NOT encrypt fields that get processed by these actions or that some other plugin needs access to. Those plugins will likely not be able to properly decrypt the data they are trying to process. Encryption is NOT available on any standard pricing or product fields to allow for normal payment processing. If you are registering users or performing other actions with the field data it should also NOT be encrypted to allow for normal processing by the add-on or plugin. Encryption may work in some use cases, but It is recommended that it be left off for these types of fields. You can however use the “hide field value” option on these fields which will still hide any normally returned submitted field data from anyone without permission without actually encrypting it. The great thing, is that while some information on forms needs to be kept unencrypted like any fields being used to register a user, you can still use encryption on other fields in the same form! Another great thing is that the plugin has a “process feeds and add-ons before encrypting” option that lets you send data to your feeds and add ons as normal , and then encrypts the data for Gravity forms storage AFTER that!

Does Gravity Forms Encrypted Feilds work with Gravity View?

While we cannot assert 100% compatibility with Gravity View since it is independently authored from Gravity Forms core, we CAN report that all use cases of Gravity Forms Encrypted Fields with Gravity View to date have been reported as working wonderfully. This includes our custom “user permissions decrypted merge tags” which allows the merge tag to check the viewing users permissions to the hidden/encrypted field data and either show it as readable or show the restricted display within Gravity View displays.

Is the encryption quality?

Gravity Forms Encrypted Fields uses AES-256 bit type encryption which is considered bank or military level encryption. Built in passive security measures also help against possible data breaches.

How hard is this to set up?

It’s very easy to implement into your WordPress site in just a few minutes. Just install the plugin and follow the instructions in the settings->GF Encrypted Fields options page.

When I turn encryption on, does old data get encrypted?

No. Old data will be hidden in admin for users without permission to that field, but the data in the database is still human readable. If you have old data that was not encrypted at submission, its best to do one of the following:

1. Use the batch or custom entry encryption built into this plugin on the settings options page to encrypt old entry data.

2. Go through and update the old data with new data.. add a space or change it then change it back, which will cause it to save on update and use encryption. (not good for a lot of data)

Can it add encryption to previous entries?

Yes. *Ver 2.3 introduced the ability to encrypt or decrypt specific forms, entries, and fields, so you can add encryption to previous entries. You can even add it just to specific fields on specific previous entries for a specific form!

Since the encryption skips already encrypted data, and decryption skips unencrypted data, there is even a report displayed after the processing is run to let you know what forms entries and fields were encrypted or decrypted!

Is the encryption removable/reversible?

Yes. Ver. 2.3 introduced options to remove encryption on a user specified form and entries and fields!.

This allows for not just viewing decrypted field data, but completely removing the encryption from the specified forms entries. Or you can just specify a form and remove the encryption from a single, multiple, or all encrypted fields on a single or multiple entries all at once!

Option to remove/reverse encryption on specified forms, entries, and fields. This can also be run in batches on all a specified form from newest to last entries to completely remove encryption from ALL fields of a forms entries.

Since the ‘admin only’ access options settings page can be password protected, this is done through the options settings page.

Since the encryption skips already encrypted data, and decryption skips unencrypted data, there is even a report displayed after the processing is run to let you know what forms entries and fields were encrypted or decrypted!

How many users can have access or be restricted from a field?

You can give access or restrict as many users as you’d like.

Can other users with form entry editing capabilities edit the encrypted data?

Yes. If they have the capability to edit other users form entries then they can do so, however they will not be able to see what the original data was, or the updated results after their edits. The view is always restricted for users without permission.

This feature allows for admins or other entry editors to update or change information at the request of a user, without having to see or check what was originally there.

If you are using ‘User Owned Fields’ (ver. 2.0+) the operation is the same, with only the original logged in form user being able to view the data as readable.

Does the plugin keep encrypted data from being sent out in Gravity Forms notifications or confirmations?

Yes. All fields with encryption or hiding turned on only show their restricted displays in {all_fields} merge tag use by default. This can be turned off If you wish to pass the actual information to a notified email while re sending out a notification. In addition, the plugin has {all_fields} merge tag filter options to remove fields from {all_fields} merge tag results entirely to ensure no sensitive data is sent out.

Can you prevent other admins from accessing the admin options page?

Yes. You can optionally set a password on the admin options page to lock it out which will prevent anybody without that password from accessing the admin options page. to see or change settings. The password must be entered every time to enter the admin options screen.

feature requires version 1.7.2 or higher

With a ‘User Owned Field’ , If I remove encryption from that field on their entry will the user still own it?

No. The User only owns the ‘user owned’ encrypted field data for their submissions. If you decrypt the user owned field data on their submission, it is no longer owned by them and will be hidden to them using the ‘hide field data restricted display’ (since it is NOT encrypted) unless they have normal viewing permissions for that field.

Since the admin tool (ver. 2.3) allows you to remove encryption from a single or multiple fields for a single entry, you could remove it for whatever purposes, and then update that entry with NEW field data, and as long as encryption and user owned field is still on for that field in the form editor, it will encrypt the new data and assign it to the original submitting owner again.

If you only need to update the users field data, you can simply enter new field data in the entry edit screen and update the entry and it will encrypt the new data and assign ownership to the original submitting user again.

Is it compatible with the Gravity Forms User registration Add-On

Yes. It is compatible as far as it will not interfere with the operation of that Add-on if used properly. However, They should not be used on the same fields within a form. Put simply, user registration fields should NOT be encrypted.

It would be fine to collect some encrypted data from some fields on a form and register a user with other fields on a form, but because of the way that the add-on works and what it does you would really NOT want to encrypt user profile meta. That user registration data is placed directly into the WordPress user meta in the database and needs to be unencrypted so that WordPress core and other plugins and functions can access it as readable and do all the fancy stuff they do without needing to decrypt the information to do it.

WordPress doesn’t pull the user meta through the gravity forms interface and so its just stays as encrypted data. The User Registration Add-on itself doesn’t pull through the gravity forms API to prepopulate the update form either, but also pulls directly through the standard WordPress user related functions, so if you encrypt the data, you’ll just keep getting encrypted data back for the user unless you view the registration form submission data through the Gravity Forms entry view interface. And that would make the users profile unable to be used for anything normal.

What are the system requirements?


-WordPress 4.6+
-PHP 5.6+ (5.5 and 5.4 should also function but are NOT SUPPORTED)
-Gravity Forms Version 2.0.7+
-Server must support one of the following encryption methods:
OpenSSL Encryption Enabled -ver 3.0+
Mcrypt Encryption Enabled -required for ver 2.9.3 or previous

Are you adding to the plugin still?

Yes. Any new features that we find as useful or able to be improved upon will be added in future versions. Backwards compatibility is of the utmost importance to us in doing so.

Is the plugin compatible with Gravity Forms Auto Formatter and Gravity Forms Timed Entries?

Yes. You can use Gravity Forms Auto Formatter on both standard and encrypted fields if using Gravity Forms Encrypted Fields. Gravity Forms Timed Entries can be running on the same form as well.

Is it possible to pass data via query string encrypted to another form on my site?


If you would like to save the user the trouble of entering data twice for two separate and consecutively filed out Gravity Forms on your site and one form passes data to another, using a few of the tools available to you it is very possible to pass the data encrypted for most simple single input field types. The second form should likely have the field hidden and/or read-only so that the user cannot modify or see the value as it is an unreadable encrypted string, and it is just passed along to be included on the second form already encrypted. You can accomplish this with the following:

1. Unlock an encrypted merge tag “{gfef_encrypt_FIELD ID}” on the settings page and use it to pass the data in a parameter via query string in gravity forms built in “Pass Field Data Via Query String” functionality for the form confirmation.

2. You should have the first forms field encryption turned on to store the original value encrypted in the database.

3. On the second form use Gravity Forms built in “dynamic population” to grab the query parameter and populate the second forms field with the already encrypted string.

4. Since the sting in the second form is ALREADY encrypted, you should not turn encryption on for the field, but instead turn on the “Hide field value”. It will be stored as an encrypted string as is, and all you need is view permissions to the field within the fields “User/Role View Permission” or the settings page “User/Role Access List”, and it will be automatically decrypted and readable for you just like any other field with encryption on, and users without view permissions will see the “Hide Value Restricted Display”.

Is this plugin PHP7.2 or higher compatible? The PHP checker finds errors.

The plugin Is fully compatible with php 7.2 and 7.3+

PHP checkers simply find all functions available and do not look to see if they are actually used in the context of the PHP version environment.

The plugin provides 2 encryption types to choose from and states that mcrypt is depricated as of php 7.1 (can still be used as optional library install) and that Open SSL is required to be used for php 7.1+

Our plugin also states that open SSL is strongly recommended when choosing an encryption type regardless of php version.

You will notice on reading the PHP checker errors that they are all pertaining to the use of mcrypt should you try to use it in php 7.1+ and then specify to use Open SSL instead. This just means that you have to use Open SSL in PHP 7.2+ if you haven’t installed an Mcrypt library. We do not plan on removing the mcrypt option as it is still a viable option for installs not intended to run on <php 7.1, and none of the Mcrypt functions listed are used/called if mcrypt is not installed in your server environment and/or Open SSL is selected so there are no actual functional errors in reality.

It is important to be aware that plugins can have older functions available for backwards compatibility and other cases that may not be used in newer PHP versions, but will or can be used with older PHP versions or if an extension enabling them is installed to enable continued functionality on newer PHP versions.

Is there a Multi-Site License available?

There is no multisite licensing available. We are an Envato exclusive author, and Envato offers only licensing for single sites/products. This is regardless of if the sites can be centrally controlled through a multi-site interface.

By definition, “Multi-Site” is multiple end sites (each site in Multi-site is capable of being quite unique) and each will require it’s own unique license. However, concerning this and users running multisite for truly identical sites, ..there is no real use for the multi-site environment if the sites are in fact identical, and we encourage users to either just funnel the forms through a single individual site, or better yet to point the existing used domains to a single individual website.

Show more

Contact the author

This author provides limited support for this item through this item's comments.

Item support includes:

  • Availability of the author to answer questions
  • Answering technical questions about item’s features
  • Assistance with reported bugs and issues
  • Help with included 3rd party assets

However, item support does not include:

  • Customization services
  • Installation services

View the item support policy


Tell us what you think!

We'd like to ask you a few questions to help improve CodeCanyon.

Sure, take me to the survey