+91 8894164093 [email protected]

Storing data with encryption in wordpress database

by | Jul 6, 2021

Spread the love

In WordPress, Database store in plain text and the password stored in encrypted code but technically it is wrong because WordPress generally does a hash technique with a password and there is no way to get the original value from the password hash value. Generally, WordPress uses a hash technique to store passwords without any secret key to decrypt the original value.

$password = hash("md5", $password);

These are few techniques for storing confidential data

Encryption:

Encrypting is a two-way function. Encrypting is useful when you need to be able to access the original value again, but you don’t want to store it in plaintext. In the Encryption technique, we use an algorithm to encrypt value with a secret key then use the same secret key to decrypt the value to the original one. If you change the secret key we are not able to get the original value.

Hashing:

Hashing uses an algorithm to map a value to a fixed length. If a value is hashed with a proper algorithm, you cannot “un-hash” it – that is why hashing is a one-way function.

Salting

Salting is a concept primarily used in conjunction with hashing, but also useful when encrypting: Before hashing/encrypting a value, a so-called “salt”, which is another unique secret value, is appended to it.

I have made a function that uses encryption and decryption techniques for a value and also uses the salt method for extra security.

<?php
function evolvedigitas_encrypt($stringToHandle = "",$encryptDecrypt = 'e'){
// Set default output value
$output = null;
// Set secret keys
$secret_key = 'hgfdr3ys%h'; 
$secret_iv = 'e*rt"dh46Gv'; 
$key = hash('sha256',$secret_key);
$iv = substr(hash('sha256',$secret_iv),0,16); // using salt technique
// Check whether encryption or decryption
if($encryptDecrypt == 'e'){
// We are encrypting
$output = base64_encode(openssl_encrypt($stringToHandle,"AES-256-CBC",$key,0,$iv));
}else if($encryptDecrypt == 'd'){
// We are decrypting
$output = openssl_decrypt(base64_decode($stringToHandle),"AES-256-CBC",$key,0,$iv);
}
// Return the final value
return $output;
}
?>

Encryption Code

<?php
$originalPassword = 'evolvednew_2021';
$encryptedPassword = evolvedigitas_encrypt($originalPassword,'e');
echo $encryptedPassword;
?>

It will output QzRLZ2ZkSGZLTys2azZudjY1WHk4Zz09

Decryption Code:

<?php
$encryptedPassword = 'QzRLZ2ZkSGZLTys2azZudjY1WHk4Zz09';
$decryptedPassword = evolvedigitas_encrypt($encryptedPassword,'d');
echo $decryptedPassword;
?>

It will output evolvednew_2021

 

Click to test code yourself
Post Views: 2,136

Submit a Comment

Your email address will not be published. Required fields are marked *

×

Geometrical Web

Web development and digital marketing agency

× Chat Now