These two files define a mu-plugin that will allow you to encrypt and decrypt specific options in your WordPress database. The base file (encrypted-options.php
) defines the actions and filters needed to wire everything up such that get_option()
/add_option()
/update_option()
all flow through the system.
The second file (Fortress.Options.php
) must be renamed Options.php
and placed in mu-plugins/Fortress/
in your WordPress installation.
You'll need to add whatever keys you want encrypted to the closure on line 15 otherwise the system will ignore everything. Any code that wants to get/add/uption options should be bound to init
or a later action hook in WordPress' lifecycle.
You will also need to define a FORTRESS_ENCRYPTION_KEY
constant in your wp-config.php
file for the system to work. This must be a random, hex-encoded, 32-byte string. The following PHP code will generate such a string for you:
<?php
$key = random_bytes(32);
echo bin2hex($key) . PHP_EOL;
Run this from the command line to get a random key:
$ php key.php
245cac1127afcc79a7cd4e94e61fb35ea5cd57afb752d374891dc8383461a618