I am using Contact Form 7 with Dynamic Text Extension on a WordPress site. The information does not get stored to a database, rather it is sent only via email. Is there a way that I can encrypt the information that is sent in the email?
We are going to purchase and install an SSL certificate to use for these forms, but I’m not fully familiar with how SSL works. Does any form data sent from an https link automatically get encrypted, or is this something that I have to implement? If so, how does it get unencrypted when it hits our mail server?
Thanks for any insight you can give.
Old question, but incorrect (or rather a partial) answer I believe. The question was whether HTTPS will secure the email being sent by CF7.
Back to basics…there are two transfers of the data that potentially could/need to be secured. The first is from the user’s browser to the CF7 plugin form on the WordPress server. This can be sent over an encrypted channel using https.
The second is when the form data is sent by the CF7 plugin by email. Setting up https/an SSL cert. on the WordPress server does nothing to improve the security of this. Email is sent by SMTP from CF7 so all standard caveats regarding security of emails apply.
Stuart
https secures the communication between the client/user <-> server using a SSL certificate. This would be the best method to use if you do not want to code your own custom plugin that will encrypt it without the communication being encrypted. Since the communication to the server is secured it does not require you to decrypt anything as the server will obtain the information securely (which prevents man in the middle attacks and so on). More about https – http://en.wikipedia.org/wiki/HTTP_Secure
You can use a plugin to help you implement the communication to your site being secured:
http://wordpress.org/extend/plugins/wordpress-https/
Otherwise you can code your own plugin or contact form under PHP and directly encrypt the content that is being sent to your email or just to the submit form depending on how you would like this information encrypted
You’re looking for the WP PGP Encrypted Emails plugin for WordPress. Install it, paste in your PGP public key (or your S/MIME certificate, whichever email encryption scheme you want to use), and it makes sure outgoing email your site or contact form plugins generate addressed to you are encrypted (and, optionally, even signed).
If you don’t know much about email privacy or encryption, be sure you read the plugin’s FAQ, which has a bunch of links to additional information.
Full disclaimer: I’m the developer of this plugin.