I’m creating a WordPress plugin that will allow a custom button to be displayed on the page.
I’ve got it working with a simple HTML dump through the WordPress shortcode method. Here’s the problem I’m facing: I want the user to be able to customize the button’s name, amount, and other parameters. This could all be done through shortcode which will send paramaters to our site’s external API and generate the button. However, I also need to let them hook up their button using their API key from our service. This can’t be stored in plaintext somewhere because it could be used maliciously if compromised. Is there a good way to let the user enter sensitive info like this but not store it in plain text?
I would make use of wordpress’ built in functions for handling passwords.
http://codex.wordpress.org/Function_Reference/wp_hash_password
If you already have a plugin page where the user can configure your plugin, that would be a good place to have an input for them to enter their api key. When they save the settings you can run the hashing function and then store the hash in the database.