Storing Encrypted Data In The WordPress Database
read more

Storing Encrypted Data In The WordPress Database

Today security and privacy are becoming more and more important. We’re not only hearing about password leaks but leaks of sensitive information. Servers will always get hacked, this can’t be avoided. But encrypting the data stored on those servers can drastically reduce the damage.

In this article, I will discuss how to store and retrieve encrypted data in the WordPress database. Before doing so, I will discuss the difference between hashing and encryption along with a few other considerations.

Hashing vs Encryption

In WordPress, we use hashing a lot as part of our security. Nonces, which I covered in a recent article for Torque, use hashes. A nonce is an example of a cryptographic hash. It is generated from a combination of public and secret data — including salts from wp-config.php, run through the md5 hashing algorithm. It’s verified by running the same process and comparing that result to the nonce being verified.