FF Encryption is an addon plugin for Formidable Forms that provides a new advanced field option within the Formidable Builder, that allows for encryption to be turned on for a new or existing field. The level of encryption is AES 256, and data is encrypted after entry, in transit, and at rest in the WordPress database.
The encrypted field data can be decrypted via a short code within a view, post, or e-mail action.
Advanced Encryption Standard (AES) 256 is a virtually impenetrable symmetric encryption algorithm that uses a 256-bit key to convert your plain text or data into a cipher, to learn more visit https://www.ipswitch.com/blog/use-aes-256-encryption-secure-data.
There is an admin settings page where you can visually see all fields that currently have encryption set. You can set new SALTS, download existing SALTS
A new setting was added within the Form Builder under the Advanced Tab where encryption can be turned on to new or existing fields.
Decryption can be turned on within a view using a short code, which can be auto-filled by clicking below the views customization section.
The result (as depicted below) is a view that displays a field encrypted and decrypted by utilizing the short code.
We are excited to bring this to the FF Community as we believe it provides an essential component for many applications.
***will not encrypt data entered into a field prior to the installation of the plugin.
***Updated on 11/22/23 to include repeated field support.
***Updated on 7/1/25***
- Constants initialized in init hook (early enough)
- Full CSRF protection with WordPress nonces
- Dynamic IV encryption (cryptographically secure)
- Comprehensive error handling and logging
- All inputs sanitized and outputs escaped 🛡️ Security Improvements
- AJAX Protection: Only admin users can decrypt, with nonce verification
- Form Security: All admin forms protected against CSRF attacks
- Encryption Upgrade: Each encryption now uses a unique random IV
- Input Validation: All user inputs properly sanitized
- Database Security: Error handling prevents information leakage 🔧 Technical Changes
- Backward Compatibility: Existing encrypted data still works
- Error Logging: Issues logged to WordPress error log for debugging
- Performance: Minimal impact, secure by default
- Standards Compliance: Follows WordPress coding and security standards The plugin should now work reliably in WordPress 6.4+ and PHP 8.0+, while maintaining full compatibility with your existing encrypted data.
You must log in to submit a review.
Looks very promising. Will this work with a CSV export of entries and be able to decrypt once the file is in Excel?
No, but you could create a view of decrypted data and export that view as a csv.
Thanks, I’ll check it out. I don’t see a demo available or free version. Is there a return policy if it doesn’t work out?
No there isn’t a return policy, as this addon isn’t protected with a unique license. If it happened to not work for your specific case, it still will have value for your formidable projects in the future.
Hello, if using the Save Draft feature on a multipage form with this plugin, when the user submits the form will the PDF and admin email with a copy of the fields be encrypted?
Unknown. You’ll need to ask the developer, Jones Web Designs. Jones Web Designs Contact Details
1. Where are the decrypt keys kept? are they also in the wp database?
2. how secure are formidable forms file uploads protection system do u think for file uploads?
thanks!
I’m interested in purchasing but at this price point (which is totally fair for what it is), with no trial or demo (really unusual), and no refund (100% risk without any sort of evaluation)-I’d like a LOT more information. The last update I can find is 2023 where repeater fields had been added, but Formidable has had a few changes since then and no indication if this is being actively maintained to work with the latest version (6.21.1 at the time of this writing in June 2025). There are some pretty valid and important questions in the comments here too that aren’t answered and I don’t see any documentation or FAQs covering details. I can’t be the only one ready to buy but hesitant because of the risk presented.
Talk to the add-on’s developer: https://formidable-masterminds.com/developer/jones-web-designs/
Hello,
I’ve just purchased Formidable Forms Pro and FF Encryption and I keep getting an error when submitting a form with an encrypted field. If there are no encrypted field everything works fine.
I created a SALTS and String IV key but I all I get is the following error message : “There has been a critical error on this website. Please check your site admin email inbox for instructions. If you continue to have problems, please try the support forums.”
Please help as I’ve purely switched forms plugin to get your highly reviewed encryption add-on.
I’m sorry to hear about the issue with the add-on. To get the help you need, please reach out to the developer directly. You can find their contact information in the receipt you received when you bought the add-on.
Thank you for commenting, we have addressed your issues and you now have a working version on your installation. Thank you.