Using an Encryption class in a WordPress Plugin

I'm making a WordPress plugin that works with sensitive data. So I need to store/retrieve date with a trusty encryption method.

I did some searches among many php encryption wrapper classes, and finally found Defuse\Crypto as one of the best options.

The class needs minimum PHP 5.4 and also uses openssl_ and hash_hmac

What do you think? am I going to have problems with these requirements to have the plugin installed on users hosts? or shared hosting companies cover them by default?

Thank you

Topic encryption hosting security Wordpress

Category Web

1
answered at

his https://wordpress.org/about/stats/ should be your guide. As you can see more then 30% of wordpress sites run on php which do not meet your requirements.

Side note: IMHO if you do not understand encryption enough to use the PHP API directly then hiding after some library will not improve the quality of your encryption, unless of course it is done just to make it look like it is "secure". A common mistake in your scenario will be to hardcode the encryption key in the plugin.

1
answered at

Are those requirement equal to those of WordPress core?

No, WordPress still runs on PHP 5.2 with few more limitations on top and aims to work on a toaster found at garbage dump.

Are those requirements practical for modern PHP hosting?

Quite, PHP 5.4 is obsolete (security support ended last year) with lowest supported version being newer 5.5 at the moment, openssl is pretty common I think, hash functions are built-in I think?

Essentially it's your choice which of the two you are targeting. It's more of a business decision first than technical one.

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.