“The Web”, the “Cloud”, the “Interwebs”, Networked, synced, doc sharing. All these things describe the complex web of interconnected data that is “the Internet” as we know it. As the Internet has gotten more complex, more dynamic, and more fun really, it’s also gotten a lot harder to be certain that sensitive data is secure.
You may have heard about Yahoo Mail getting hacked, Adobe, even JPMorgan and the credit card swipe machines at Target were hacked this past year. All that to say, hacking is real, data is sensitive, and it take real care to make sure you are not vulnerable.
Upping our Game
With all that in mind, we’ve been taking some steps to up our game at FooPlugins. One thing we handle routinely that is very sensitive is login credentials. When a particular theme or conflicting plugin makes it hard for our plugins to work as they should, we ask for WordPress credentials, occasionally SFTP credentials so take a look at your site in detail and get things fixed up for you right away. That’s just the kind of service we like to offer our customers. In the past, we have asked for these via email.
This is a method that many, MANY developers and companies feel relatively safe using. After all, email communication is (supposedly) considered “private” by most nations, it’s typically transferred reliably and if you use Gmail, Yahoo, or Hotmail, they have top of the line server protection (but they STILL get hacked sometimes too!). Still, that means that your site credentials are being sent over the web, are saved in your Sent folder, and in our Inbox, and perhaps passed back and forth several times if the email thread continues for a while. So, while it is perfectly safe, we felt that we could do better. There must be a way to have the sensitive data provided in an encrypted manner and to be able to easily and permanently delete that data.
How We Do Encrypted Form Submissions
The first thing we did was to confer with WordPress Security expert Chris Weigman (developer of Better WP Security) on what he thought was most important to making sure site credentials were passed securely and not saved. His criteria were pretty simple:
- The submission should be encrypted
- The data should never be stored on our web server
- The data should be deleted permanently as soon as it is no longer needed.
Now, the de facto form tool in WordPress is Gravity Forms, which we use religiously here. And it has some pretty good encryption extensions. But, no matter which way you slice it, Gravity Forms is always going to save the form submission somewhere on the server, specifically in the database. So that excluded our favorite form tool right away.
Next in line for form service awesomeness is Jotform. Jotform provides an excellent interface with hundreds of addons and can provide encrypted submissions as well. The thing that tipped us over the edge with Jotform though, was it’s integration with Dropbox. With these two tools, we’re able to create a simple form that is encrypted, the submission never touches our server (they’re all posted through the Jotform API), and it gets added to a private Dropbox folder as a PDF also via an encrypted connection. That way, once we’ve logged into your site and made everything work (because we ALWAYS make everything work!), we simply delete that PDF and we’re done.
Passwords are like Underwear
Though we are taking all these extra precautions, we still think passwords are like underwear: they should never be seen and should be changed often. So after we’re done, change your passwords. Use something like KeePass, or LastPass to keep all your passwords safe and strong and handy, making it easier to change them often. Between your diligence and ours, you and your credentials are in great hands!