How to handle password eencrypt/decrypt

Hi @starapple,

The plugin encrypts all remote database information by default, including usernames and passwords. To change the encryption go to Settings > WP Data Access > Plugin > Secret key and IV.

Is this what you are looking for?

Best regards,
Peter

Thanks for your response @peterschulznl, I used an incorrect term. The encryption I meant was PHP hashing using PASSWORD_BCRYPT or other method.

Regards,
Mark

Hi Mark,

That’s classified! ??

No, just kidding! The plugin uses AES-256-CBC for encryption. The unencrypted data is not available from a browser. Only when a hacker gets access to your dashboard the unencrypted data can be accessed. A hacker would need to change your PHP code to see the unencrypted data. So make sure no one else has access to your dashboard! ??

Just to make sure, this all has nothing to do with the data transferred between your WordPress server and your remote database. This data is only encrypted if you use ssl.

Does this make sense?

Best regards,
Peter

OK Peter, I might be over-complicating or overthinking. I’m trying to determine if WPDA is a good shortcut for a process I’m attempting: converting an old PHP app to current standards and making it into a WP plugin. (So far so good in making forms and tables from the base.)

After I use CRUD to generate the tables and forms, I noticed that existing BCRYPTed passwords displayed in the relevant front facing form fields in all their 60-character glory, instead of the dots or empty space. However, it might not be a concern in the end if password handling is by WordPress.

Hi Mark,

Sorry, looks like I misunderstood your question! ??

If you import a table from another database, the plugin is not aware of columns containing encrypted password. If you want to use this data to handle user access, you will need to handle the decryption yourself.

Does this help?

Best regards,
Peter