Gravity Forms Encrypted Fields
Advanced security with the flexible features you need. The #1 encryption and data access control plugin for Gravity Forms. Don’t settle for anything less when it comes to your data security. Works with all payment gateways!
Gravity Forms Encrypted Fields is an Add-On for Gravity Forms, and works as a great companion to our input sanitizing and formatting, and our form timing add-on plugins for Gravity Forms. .
See Full Feature List Below!
If you collect personal data, private data or sensitive data using your Gravity Forms installation, (name, address, phone, email, birthdate, SSN ect..) and/or are working on GDPR compliance you should use this plugin to protect that customer information and give yourself some peace of mind concerning database breaches and admin user misuse of any collected data. ˚˚
Gravity Forms Encrypted Fields works seamlessly within Gravity Forms to give you the data security and data privacy you need, as well as the custom controls to implement it quickly and smartly within your WordPress installations needs! There’s no need to encrypt everything you collect and give everyone access in admin. Only encrypt the specific fields you want, and optionally give individual field or global access to only the individual users and/or roles that need it! Many additional features give you access control over your collected data in a variety of ways. Developers can also use included simple helper functions to encrypt/decrypt other data in WordPress!
Use this plugin to help meet data storage compliance requirements such as GDPR by securing the data at rest in the database and keeping unapproved back end users from accessing it through admin, or just use it to hide form field results in admin from back end users without even turning encryption on. You can use either option on different fields of your choosing with field specific user view permissions all at the same time!
Just set up the encryption, user permissions, custom merge tags, and other options as needed and then continue to use Gravity Forms as normal without any need for any extra steps to view or export encrypted data after setup. For users with view permissions to field data the decryption and view access is completely transparent, lightning fast, seamlessly integrated, and automatic. They likely won’t even know encryption is on. Operation is the same as normal by just logging in and viewing or exporting readable data since they have permission. The plugin retains normal Gravity Forms functionality like viewing entries and all export options. There is also reliable native entry search functionality based on any encrypted fields data with individual user/role permissions to use this functionality (search must be for exact content and not partial content). If you require even stricter data protection, the plugin also offers an optional OpenSSL Async/Strict Access Mode, which makes the decryption of any data only possible when a logged in WP user with view permissions also logs into the Async encryption mode with with an additional password!
Users without field view permission only see a customizable restricted display message for either encrypted data or hidden data depending on the data type. Users without view permission to a field cannot search based on the hidden value of the field at all, export it as readable, or perform other operations which would reveal the value of fields they do not have access to. Existing non-encrypted field data also is hidden in admin for users without permissions when encryption or “hide field value” is later turned on for a field. The separate restricted displays for encrypted vs hidden data can let users without permissions know what individual field data is actually encrypted vs. just being hidden. The restricted displays are fully customizable and can be set to be the same for both or to simply show nothing if desired. If showing nothing the users without permission would not even know if any data has been entered into an encrypted or hidden field as no field data would ever be returned for that field in the admin interfaces for them.
Numbered step by step simple setup instructions can have you up and running in a few minutes with simple seamless encryption of saved form data and automatic decryption when you access your data for a basic site, or you can optionally utilize the many additional options to create complex individual field data permissions for multiple users and use cases to manage your data view permissions at the both the user/role and individual field levels. Global view permissions can also be assigned to quickly lockout all users and give individual users and/or roles global view permissions to all data.
Cant I just use a free plugin like Gravitate?
We’ve included this here only because of the amount of inquiries and the obscurity of the information we believe people are missing when considering those options. The short answer is no ..not if you need actual data security and
functionality. Please understand that the out of date free plugins out there simply force you to encrypt everything whether you want to or not, have no user view permission or output controls or additional web security measures, and give all admin users access, and then store the key right next to the encrypted data in the database. Unfortunately, that’s the same as locking your front door, but leaving the key sitting in it. The old Gravitate plugin also does not work with new PHP versions or other Gravity Forms payment gateways like Paypal and Stripe and other various extensions (like the “user registration” add-on) and operations because they have to encrypt everything submitted which doesn’t play nice when those product and pricing fields need to be processed by another plugin or add-on. So if you find you need or want to add or use any other Gravity Forms functionality, you likely cannot do it using those plugins. They cannot encrypt old gravity forms entry data, or remove encryption for you either, and do not have any of the many other incredibly useful and/or necessary features this plugin offers ..for one small example: the ability to search entries based on encrypted data. We do understand that “free encryption plugin” sounds convenient, but when it comes to real data protection and your sites compatibility and operational needs, we believe that when you have the information, there is a clear understanding of the value of the real security, flexibly useful features, thoughtful solutions, and extensive documentation and support that Gravity Forms Encrypted Fields offers. It’s the clear choice for any site!
PLUGIN FEATURES
- AES-256 bank/military grade database storage encryption
- Selectable encryption types including OpenSSL, OpenSSL Asynchronous, and legacy Mcrypt
- The optional Asynchronous / Async Mode offers very strict access to data disallowing any decrypted data access without the async password.
- Built in web and WordPress Admin security measures to help prevent sensitive data breaches
- Smart encryption key system with separately generated and stored customizable encryption keys
- Option to globally bypass actual encryption and just hide data in admin from unauthorized users.
- Advanced user/role view permissions for encrypted or hidden data per individual field
- Global user/role view permissions for encrypted or hidden data
- Select to encrypt or hide Gravity Forms individual field data with both user and role access control per individual field.
- Merge tag filtering and exclusion controls to control output on confirmations and notifications of encrypted or hidden fields
- Ability to include html, signature, and section break fields in “all_fields” merge tag output.
- Ability to exclude specific fields from “all_fields” merge tag output.
- Custom decrypted merge tags to output human readable versions of encrypted data only in email and confirmations while retaining any view permissions on the site. These can be inserted direct from the merge tag drop-downs.
- Custom encrypted merge tags for developers to output encrypted versions of field data only in email and confirmations while retaining any normal encryption or not on the site. These can be inserted direct from the merge tag drop-downs. Developers can then create custom decryption on their own for the receiving end of the encrypted data.
- Custom user/role view permissions checking merge tags which output human readable versions of encrypted data only if the user/role loading or generating the merge tag content has view permissions to the field data on the site. Any fields the user does not have permissions to will show the restricted display. These are useful for Gravity View custom views where data is populated by merge tags and users should only be able to see the field data they have been given permissions to.
- Ability to pass full encrypted strings to merge tag output on confirmations and notifications for passing encrypted data in the query string parameters between forms, and for developers to pass data encrypted through email notifications for third party developed decryption and ingest into other systems.
- Fully functioning native search functionality of entries based on encrypted field data with user/role based permission to this type of search. (Can only search natively for exact field values. ..this includes any specific value of multi part field such as first name or last name.)
- Custom output preview masking for hidden/encrypted fields to use for entry view, and optionally also in merge tags for confirmations and notifications. example: •••1234
- Ability to auto remove/not store the users IP address on all entries from specific forms on submission
- Ability to auto delete/not store the users signatures on all entries from specific forms on submission. the signatures can be attached to specified notification emails before being deleted.
- Ability to auto delete specified individual field data from form entries after submission/user registration/notifications/feeds. Keep the site clean and no sensitive/private data to breach!
- Ability to delay encryption on specified individual fields until after submission/user registration/notifications/feeds processing. This allows data to be processed by feeds and add-ons unencrypted during initial submission or update normally and then encrypts immediately afterwards for database storage!
- Ability to auto delete specified form entries and file uploads after submission/user registration/notifications/feeds. Keep the site clean and no site data to breach!
- Ability to auto delete only specified form file uploads after submission/user registration/notifications/feeds. The file upload can be attached to the notification email and sent out prior to deletion. Keep the site clean and no site file upload data to breach! Great for resumes or other files uploaded with potentially sensitive data!
- Ability to attach specified forms file uploads to specified notifications after submission/user registration before entry or file uploads are deleted.
- Option to password protect access to admin settings page (This password is encrypted and when combined with quick global permission lockout, can allow for data security even in the event of an admin login breach! Just unlock the page and give temporary permission when you need to access encrypted data!
- Option to give the original logged in submitting user view permissions to individual field data in addition to the regular user/role view permissions set for their own submitted entries.
- Option to assign ‘User Owned Fields’ which encrypt data and give view permission to only the original submitting user
- Option to display custom text or nothing at all for hidden and encrypted fields for users without permission
- Ability to remove/reverse encryption on specified forms, entries, and fields. This can also be run in batches on all entries and or fields of a specified form from newest to last entries to completely remove ALL encryption from forms entries!
- Ability to add encryption to previous entries for specified forms, entries, and fields (fields must be of supported type). This can also be run in batches on all entries and or fields of a specified form from newest to last entries to completely encrypt ALL of a forms entries! Now you can add encryption on old field data!
- Ability to turn on/off encryption or hide field value for for all supported field types on a form globally!
- Hide quiz choices/answers from users without view permission in admin, by hiding field value for quiz fields!
- Works with Gravity Forms “Save and Continue” and the “Partial Entries” add-on to encrypt partial entries and “save and continue” data!
- Automatic updates and available update notifications through the free Envato Market plugin.
-Encryption and Decryption helper functions for developers: Programmatically encrypt/decrypt any text/string with simple functions and optionally use a custom key, or get decrypted Gravity Forms field values with optionally attempting to have Gravity Forms HTML format the field display.
- Detailed and extensive inline documentation for every option and setting to help you set up the perfect solution for your site!
Full setup instructions are directly inside the options page for users who just want to be up and running in a couple minutes, and the plugin also has a complete visual system check, video tutorials, and encryption testing to help users visibly see the systems requirements and current encryption status to be up and running quickly, and know what global settings it is using at a glance.
Supported Field Types: single line text, paragraph text, drop down, multi select, number, checkboxes, radio buttons, name, date, email, phone, address, website, list, time, quiz (users choices/answers are not marked while viewing entry without view permission).
Payment / Product / User Registration information generally can NOT, and/or should NOT be encrypted to maintain functionality. (Some form setups are possible to both process data unencrypted and then store it encrypted.)
˚˚ This plugin fills one necessary component of data protection. The usage of other basic protections such as SSL, VPS, User capability restrictions, and strong admin user password enforcement alongside this plugin are strongly recommended. You may be subject to implementing additional data protection policies and procedures depending on the sensitivity level and type of the information you are collecting.
NOTICE:
This plugin is currently only authorized, supported, and legitimately sold through codecanyon.net. Do not compromise your sites security by unauthorized installs of this or any other plugin.
Gravity Forms Encrypted Fields © Plugin Owl.
Please see support page for plugin F.A.Q
Item is supported though the comments page
Requirements:
-WordPress 4.6 or higher
-PHP 5.6 or higher
-Gravity Forms Version 2.5 or higher
-Server must have support one of the following encryption methods:
OpenSSL Encryption Enabled – always recommended / required for PHP ver 7.2 or higher
Mcrypt Encryption Enabled – NOT recommended / legacy only
Installation / Upgrade
* You will need your Envato Purchase Code to register the plugin license if it is not already registered from a previous version.
Please refer to the plugin’s readme file for detailed instructions on upgrading between versions or initial install. Automatic updates and available update notifications through the free Envato Market plugin.
Version 6.2.2 Changelog
* Setup and Use intstructions improved.
* Tested on WP 6.5