PHPackages                             arraypress/wp-encryption-utils - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. arraypress/wp-encryption-utils

ActiveLibrary[Security](/categories/security)

arraypress/wp-encryption-utils
==============================

A simple utility library for encrypting and decrypting WordPress data including options, settings, meta, and transients.

020PHP

Since Jul 1Pushed 1y agoCompare

[ Source](https://github.com/arraypress/wp-encryption-utils)[ Packagist](https://packagist.org/packages/arraypress/wp-encryption-utils)[ RSS](/packages/arraypress-wp-encryption-utils/feed)WikiDiscussions main Synced today

READMEChangelogDependenciesVersions (1)Used By (0)

WordPress Encryption Utilities - Secure Storage for Sensitive Data
==================================================================

[](#wordpress-encryption-utilities---secure-storage-for-sensitive-data)

A lightweight utility library for WordPress that provides secure encryption and decryption of sensitive data stored in options, transients, and meta tables. Perfect for protecting API keys, passwords, and tokens in your WordPress applications.

Features
--------

[](#features)

- 🔐 **Simple API**: Clean object-oriented interface with trait-based architecture
- 🛡️ **AES-256 Encryption**: Industry-standard encryption for maximum security
- 🔑 **WordPress Integration**: Seamlessly works with WordPress options, transients, and meta
- 🧩 **Automatic Salt Detection**: Uses WordPress salts for enhanced security
- 🔍 **Prefix Detection**: Automatically detects encrypted values
- 🔄 **Custom Keys**: Support for custom encryption keys
- 📋 **Constants Support**: Automatically checks for WordPress constants before database storage
- 🎯 **Auto-Interception**: Transparent decryption of get\_option() calls

Requirements
------------

[](#requirements)

- PHP 7.4 or later
- WordPress 5.0 or later
- OpenSSL PHP extension

Installation
------------

[](#installation)

Install via Composer:

```
composer require arraypress/wp-encryption
```

Basic Usage
-----------

[](#basic-usage)

### Creating an Encryption Manager

[](#creating-an-encryption-manager)

```
use ArrayPress\EncryptionUtils\Manager;

// Create an instance with a prefix for your plugin/theme
$encryption = new Manager( 'my_plugin' );

// With custom encryption key
$encryption = new Manager( 'my_plugin', 'custom-encryption-key' );

// Disable auto-interception if needed
$encryption = new Manager( 'my_plugin', null, false );
```

### Working with WordPress Options

[](#working-with-wordpress-options)

```
// Store encrypted options
$encryption->update_option( 'api_key', 'your-secret-api-key' );
$encryption->update_option( 'access_token', 'bearer-token-xyz' );

// Retrieve decrypted values
$api_key = $encryption->get_option( 'api_key' );
$token = $encryption->get_option( 'access_token', 'default-value' );

// Delete encrypted options
$encryption->delete_option( 'api_key' );
```

### Working with Transients

[](#working-with-transients)

```
// Store encrypted transients with expiration
$encryption->set_transient( 'auth_token', 'bearer-token-xyz', HOUR_IN_SECONDS );

// Retrieve decrypted transients
$token = $encryption->get_transient( 'auth_token' );
if ( false === $token ) {
    // Token expired or doesn't exist
}
```

### Working with User Meta

[](#working-with-user-meta)

```
// Store encrypted user meta
$encryption->update_user_meta( $user_id, 'access_key', 'user-specific-key' );

// Retrieve decrypted user meta
$user_key = $encryption->get_user_meta( $user_id, 'access_key', 'default' );
```

### Working with Post Meta

[](#working-with-post-meta)

```
// Store encrypted post meta
$encryption->update_post_meta( $post_id, 'payment_details', json_encode($details) );

// Retrieve decrypted post meta
$payment_json = $encryption->get_post_meta( $post_id, 'payment_details' );
$payment_details = json_decode( $payment_json, true );
```

WordPress Constants Support
---------------------------

[](#wordpress-constants-support)

The encryption manager automatically checks for WordPress constants before falling back to database storage:

```
// Define constants in wp-config.php
define( 'MY_PLUGIN_API_KEY', 'production-api-key' );
define( 'MY_PLUGIN_SECRET_TOKEN', 'production-secret' );

// These will automatically use the constants
$api_key = $encryption->get_option( 'api_key' ); // Returns MY_PLUGIN_API_KEY
$secret = $encryption->get_option( 'secret_token' ); // Returns MY_PLUGIN_SECRET_TOKEN

// Database updates are ignored when constants are defined
$encryption->update_option( 'api_key', 'new-key' ); // No effect, constant takes precedence
```

Auto-Interception Feature
-------------------------

[](#auto-interception-feature)

Enable auto-interception to transparently decrypt values when using standard WordPress functions:

```
$encryption = new Manager( 'my_plugin' );

// Track options for auto-interception
$encryption->track_option( 'api_key' );
$encryption->track_option( 'secret_token' );

// Now standard WordPress functions return decrypted values
$api_key = get_option( 'my_plugin_api_key' ); // Automatically decrypted!
```

Direct Encryption/Decryption
----------------------------

[](#direct-encryptiondecryption)

```
// Encrypt values directly
$encrypted = $encryption->encrypt( 'sensitive-data' );
echo $encrypted; // Outputs: __MY_PLUGIN_ENCRYPTED__BASE64STRING

// Decrypt values
$original = $encryption->decrypt( $encrypted );
echo $original; // Outputs: sensitive-data

// Check if value is encrypted
if ( $encryption->is_encrypted( $value ) ) {
    // Value is encrypted
}
```

Advanced Usage
--------------

[](#advanced-usage)

### Temporary Disable Auto-Interception

[](#temporary-disable-auto-interception)

```
// Useful during settings save to prevent conflicts
$was_enabled = $encryption->is_auto_intercept_enabled();
if ( $was_enabled ) {
    $encryption->disable_auto_interception();
}

// Perform operations that need raw database access
$encryption->update_option( 'api_key', $new_value );

// Re-enable if it was enabled
if ( $was_enabled ) {
    $encryption->enable_auto_interception();
}
```

### Get Option Information

[](#get-option-information)

```
// Get detailed information about an option
$info = $encryption->get_option_info( 'api_key' );
/*
Returns array:
[
    'value' => 'decrypted-value',
    'source' => 'constant|database|default',
    'constant' => 'MY_PLUGIN_API_KEY', // if from constant
    'option' => 'my_plugin_api_key',   // if from database
    'is_encrypted' => true             // if database value is encrypted
]
*/
```

### Custom Encryption Keys

[](#custom-encryption-keys)

```
// Use a custom encryption key
$encryption = new Manager( 'my_plugin', 'my-custom-key' );

// Change the key later
$encryption->change_key( 'new-encryption-key' );

// Use WordPress salts (default behavior)
$encryption->change_key(); // null = use WordPress salts
```

Integration Example: WooCommerce Plugin
---------------------------------------

[](#integration-example-woocommerce-plugin)

```
