Support for Gravity Forms Encrypted Fields

Gravity Forms Encrypted Fields uses AES-256 bit type encryption which is considered bank or military level encryption. Built in passive security measures also help against possible data breaches.

It’s very easy to implement into your WordPress site in just a few minutes. Just install the plugin and follow the instructions in the settings->GF Encrypted Fields options page.

No. Old data will be hidden in admin for users without permission to that field, but the data in the database is still human readable. If you have old data that was not encrypted at submission, its best to do one of the following:

1. Use the batch or custom entry encryption built into this plugin on the settings options page to encrypt old entry data.

2. Go through and update the old data with new data.. add a space or change it then change it back, which will cause it to save on update and use encryption. (not good for a lot of data)

Yes. *Ver 2.3 introduced the ability to encrypt or decrypt specific forms, entries, and fields, so you can add encryption to previous entries. You can even add it just to specific fields on specific previous entries for a specific form!

Since the encryption skips already encrypted data, and decryption skips unencrypted data, there is even a report displayed after the processing is run to let you know what forms entries and fields were encrypted or decrypted!

Yes. Ver. 2.3 introduced options to remove encryption on a user specified form and entries and fields!.

This allows for not just viewing decrypted field data, but completely removing the encryption from the specified forms entries. Or you can just specify a form and remove the encryption from a single, multiple, or all encrypted fields on a single or multiple entries all at once!

Option to remove/reverse encryption on specified forms, entries, and fields. This can also be run in batches on all a specified form from newest to last entries to completely remove encryption from ALL fields of a forms entries.

Since the ‘admin only’ access options settings page can be password protected, this is done through the options settings page.

Since the encryption skips already encrypted data, and decryption skips unencrypted data, there is even a report displayed after the processing is run to let you know what forms entries and fields were encrypted or decrypted!

You can give access or restrict as many users as you’d like.

Yes. If they have the capability to edit other users form entries then they can do so, however they will not be able to see what the original data was, or the updated results after their edits. The view is always restricted for users without permission.

This feature allows for admins or other entry editors to update or change information at the request of a user, without having to see or check what was originally there.

If you are using ‘User Owned Fields’ (ver. 2.0+) the operation is the same, with only the original logged in form user being able to view the data as readable.

Yes. All fields with encryption or hiding turned on only show their restricted displays in {all_fields} merge tag use by default. This can be turned off If you wish to pass the actual information to a notified email while re sending out a notification. In addition, the plugin has {all_fields} merge tag filter options to remove fields from {all_fields} merge tag results entirely to ensure no sensitive data is sent out.

Yes. You can optionally set a password on the admin options page to lock it out which will prevent anybody without that password from accessing the admin options page. to see or change settings. The password must be entered every time to enter the admin options screen.

feature requires version 1.7.2 or higher

No. The User only owns the ‘user owned’ encrypted field data for their submissions. If you decrypt the user owned field data on their submission, it is no longer owned by them and will be hidden to them using the ‘hide field data restricted display’ (since it is NOT encrypted) unless they have normal viewing permissions for that field.

Since the admin tool (ver. 2.3) allows you to remove encryption from a single or multiple fields for a single entry, you could remove it for whatever purposes, and then update that entry with NEW field data, and as long as encryption and user owned field is still on for that field in the form editor, it will encrypt the new data and assign it to the original submitting owner again.

If you only need to update the users field data, you can simply enter new field data in the entry edit screen and update the entry and it will encrypt the new data and assign ownership to the original submitting user again.

Yes. It is compatible as far as it will not interfere with the operation of that Add-on if used properly. However, They should not be used on the same fields within a form. Put simply, user registration fields should NOT be encrypted.

It would be fine to collect some encrypted data from some fields on a form and register a user with other fields on a form, but because of the way that the add-on works and what it does you would really NOT want to encrypt user profile meta. That user registration data is placed directly into the WordPress user meta in the database and needs to be unencrypted so that WordPress core and other plugins and functions can access it as readable and do all the fancy stuff they do without needing to decrypt the information to do it.

WordPress doesn’t pull the user meta through the gravity forms interface and so its just stays as encrypted data. The User Registration Add-on itself doesn’t pull through the gravity forms API to prepopulate the update form either, but also pulls directly through the standard WordPress user related functions, so if you encrypt the data, you’ll just keep getting encrypted data back for the user unless you view the registration form submission data through the Gravity Forms entry view interface. And that would make the users profile unable to be used for anything normal.

Requirements:

-WordPress 4.6+
-PHP 5.6+ (5.5 and 5.4 should also function but are NOT SUPPORTED)
-Gravity Forms Version 2.0.7+
-Server must support one of the following encryption methods:
OpenSSL Encryption Enabled -ver 3.0+
Mcrypt Encryption Enabled -required for ver 2.9.3 or previous

Yes. Any new features that we find as useful or able to be improved upon will be added in future versions. Backwards compatibility is of the utmost importance to us in doing so.

Yes. You can use Gravity Forms Auto Formatter on both standard and encrypted fields if using Gravity Forms Encrypted Fields. Gravity Forms Timed Entries can be running on the same form as well.

Yes.

If you would like to save the user the trouble of entering data twice for two separate and consecutively filed out Gravity Forms on your site and one form passes data to another, using a few of the tools available to you it is very possible to pass the data encrypted for most simple single input field types. The second form should likely have the field hidden and/or read-only so that the user cannot modify or see the value as it is an unreadable encrypted string, and it is just passed along to be included on the second form already encrypted. You can accomplish this with the following:

1. Unlock an encrypted merge tag “{gfef_encrypt_FIELD ID}” on the settings page and use it to pass the data in a parameter via query string in gravity forms built in “Pass Field Data Via Query String” functionality for the form confirmation.

2. You should have the first forms field encryption turned on to store the original value encrypted in the database.

3. On the second form use Gravity Forms built in “dynamic population” to grab the query parameter and populate the second forms field with the already encrypted string.

4. Since the sting in the second form is ALREADY encrypted, you should not turn encryption on for the field, but instead turn on the “Hide field value”. It will be stored as an encrypted string as is, and all you need is view permissions to the field within the fields “User/Role View Permission” or the settings page “User/Role Access List”, and it will be automatically decrypted and readable for you just like any other field with encryption on, and users without view permissions will see the “Hide Value Restricted Display”.

The plugin Is fully compatible with php 7.2.

PHP checkers simply find all functions available and do not look to see if they are actually used in the context of the PHP version environment.

The plugin provides 2 encryption types to choose from and states that mcrypt is depricated as of php 7.1 (can still be used as optional library install) and that Open SSL is required to be used for php 7.1+

Our plugin also states that open SSL is strongly recommended when choosing an encryption type regardless of php version.

You will notice on reading the PHP checker errors that they are all pertaining to the use of mcrypt should you try to use it in php 7.1+ and then specify to use Open SSL instead. We do not plan on removing the mcrypt option as it is still a viable option for installs not intended to run on <php 7.1, and none of the Mcrypt functions listed are used/called if mcrypt is not installed in your server environment and/or Open SSL is selected so there are no actual functional errors in reality.

It is important to be aware that plugins can have older functions available for backwards compatibility and other cases that may not be used in newer PHP versions but will or can be used with older PHP versions or if an extension enabling them is installed.

There is no multisite licensing available. Envato offers only licensing for single sites/products. This is regardless of if the sites can be centrally controlled through a multi-site interface.

By definition, “Multi-Site” is multiple end sites (each site in Multi-site is capable of being quite unique) and each will require it’s own unique license. However, concerning this and users running multisite for truly identical sites, ..there is no real use for the multi-site environment if the sites are in fact identical, and we encourage users to either just funnel the forms through a single individual site, or better yet to point the existing used domains to a single individual website.