WordPress is the website platform that powers about a third of the websites on the internet today. One of the best things about WordPress is that it is easy to setup and use. This means that there are low barriers to entry for non-technical website owners. All good, right? Well, that’s where I think we may have a blindspot.
It’s trivial to install WordPress, configure a form submission plugin and begin taking info from your website visitors. That familiar configuration sounds harmless, but how many of us have taken info from site visitors that could be considered personally identifiable information (PII)? That’s where things get interesting.
Personally indentifiabe information is defined as:
“information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.”
In short, PII is any information that can be used to identify someone.
What’s the Risk?
Information found in internet-accessible databases is highly sought after by hackers and criminals. Since WordPress runs a third of the internet, hackers have a familiar environment to hack into. They can create and reuse scripts and techniques, which makes WordPress a common target. Once they get in, if they can steal data, they can then sell any PII they find in the form of email marketing lists, and they can sell or use the PII for identity theft operations.
If you have a form plugin on your site that you’re using to collect information from customers, you could have PII sitting in your database. If you conduct surveys or collect feedback from site visitors, or if you have users with profiles, or if you keep information on customers who make purchases from your online store, you are a target. Remember, an email address is PII and is marketable by hackers.
All this to say…
You could have sensitive information in your WordPress database and not even be aware of it!
What’s the Solution?
Something I’ve been interested in lately is figuring out a way to encrypt all or part of the WordPress database — at least the parts that contain PII. Full database encryption would introduce extra load on the web server to then decrypt that data on the fly. The best solution, in my view, would be to choose which tables / plugins are storing PII and encrypt that data only.
I’m not going to take a deep dive into cryptography right now, but one of the biggest problems that comes to mind is if your encryption key (the key used for decryption) will also be stored in the same database. If someone hacked your WordPress database, they could find the key and potentially decrypt the entire database, making your attempts at encryption useless.
Storing your encryption key in the WordPress database is like locking a safe in your house then leaving the key on a hook by your front door. All a thief has to do is find their way into your house, then they can access your safe.
Something that caught my attention is the work Lockr.io is doing to solve this problem.
Right now this is just an idea. I know I’m not the first person to think of this, but for some reason I don’t see much traction on the topic. I’m appealing to others in the WordPress community to give input and feedback on encrypting the WordPress database.
Surely there are reasons for and against this, but I’m hoping we can find a better way to keep our customers’ and site visitors’ data safe (especially for the non-technical WordPress user base).