Plugin NewsMarch 29, 2018

Our WordPress Autoupdate Just Got Better

WordPress Autoupdates Just Got Better

If you have a WordPress website and you’re a SiteGround customer, you’re most likely taking advantage of the SiteGround WordPress autoupdate service. Having your WordPress installation up-to-date is crucial for a stable and secure website. To make autoupdates hassle-free, we have developed our own WordPress Autoupdate Tool, which is included in all SiteGround hosting plans.

Source link

© Copyright 2004-2018 Grace Solivan, bitofgrace | All rights reserved.
Built on WordPress with Elementor

Free Let’s Encrypt Wildcard SSL

Starting from today, all SiteGround customers can get a free Let’s Encrypt Wildcard SSL. This will make the setup and maintenance of websites with subdomains much easier, as they can now be encrypted with a single certificate. All it takes is a few clicks in our updated Let’s Encrypt interface in the cPanel. Ever since we heard that Let’s Encrypt plan to launch free Wildcard SSL, we’ve been eagerly waiting for this and we are proud to be among the first hosting companies to successfully integrate the new SSL in their platform. We strongly believe that global adoption of SSL certificates makes the Internet a more secure place.

Let’s Encrypt and SiteGround

Today’s launch is a logical step in our ongoing effort to encourage all SiteGround customers to use the secure HTTPS protocol. This process started in 2016 with SiteGround being among the first hosts backing up the Let’s Encrypt initiative. Then we provided an interface, where our customers could issue the standard single domain Let’s Encrypt SSL. In 2017 we went even further and started to automatically install this certificate on every domain hosted with us. Today, we are happy to offer the new Wildcard Let’s Encrypt certificate too. The Wildcard option was added to our interface just 2 weeks after it was officially launched by Let’s Encrypt.

Should you use SSL? Definitely yes!

Why use SSL? Basically, because it makes browsing more secure. However, this reason has been around since SSLs existed and yet sites with HTTPS across all pages wasn’t very common till recently. Today things are different because even if you don’t care that much about your own website security, Google does. HTTP sites will lose rankings, compared to HTTPS ones. In July Chrome will start displaying a warning that non-HTTPS sites aren’t secure, which will quickly scare away visitors. These are some of the reasons why we started to install the standard Let’s Encrypt SSL and encourage its use in the first place.

What is Wildcard SSL and how to get it?

The Wildcard SSL is different from the standard SSL because it secures the traffic not only for your primary domain name, but for all of its subdomains as well (e.g. sub.domain.com). This is particularly useful for websites with different sections divided by subdomains (like online stores, websites with message boards, chats, etc). With a standard SSL you need to install a separate domain certificate for each subdomain, and with Wildcard you can secure them with a single certificate. This makes setting up and maintaining a website with multiple subdomains much easier.

Note that the standard Let’s Encrypt certificate is perfectly fine, if you do not use subdomains. SiteGround will continue to automatically install this type of certificate for every new domain name. However, every SiteGround customer can upgrade existing Let’s Encrypt standard certificates or install new Wildcard ones in the Let’s Encrypt Tool, located in your cPanel. All Let’s Encrypt Wildcard certificates and installations remain absolutely free.

Let’s Encrypt vs Premium SSLs

Even though we now offer Let’s Encrypt Wildcard SSL for free, we will continue to provide Premium EV and Wildcard SSL certificates through GlobalSign for the customers who need them. While Let’s Encrypt is an excellent alternative for informational and personal websites, bigger organisations and ecommerce websites may want to take into consideration the Premium SSLs, which come with dynamic seals, extended validation options and underwritten warranty of between $10,000 and $1,500 000.

Author:    
  Project Manager

Source link

© Copyright 2004-2018 Grace Solivan, bitofgrace | All rights reserved.
Built on WordPress with Elementor
Plugin NewsMarch 22, 2018

Gravity Forms Encrypted Fields

Advanced security with features you’ll love! Works with all payment gateways!* This is the flexible encryption plugin you’ve needed and been waiting for! Don’t settle for anything less when it comes to your data security!

See Full Feature List Below!

If you collect personal data, private data or sensitive data using your Gravity Forms installation, (name, address, phone, email, birthdate, SSN ect..) you should use this plugin to protect that customer information and give yourself some peace of mind concerning database breaches and admin user misuse of any collected data. ˚˚

Gravity Forms Encrypted Fields works seamlessly within Gravity Forms to give you the data security and data privacy you need, as well as the custom control to implement it quickly and smartly within your WordPress installations needs! There’s no need to encrypt everything you collect and give everyone access in admin. Only encrypt what you want, and optionally give access to only the individual users or roles that need it!

Use this plugin to secure data at rest in the database and keep back end users from accessing it through admin, or just use it to hide form field results in admin from back end users without even turning encryption on. You can use either option on different fields of your choosing with custom user view permissions all at the same time!

For users with permission all decryption and view access is lightning fast, seamlessly integrated and automatic. They likely won’t even know encryption is on. Existing field data also is hidden in admin when encryption or “hide field value” is later turned on for a field. Smart view filters can let you know what individual field data is actually encrypted vs. just being hidden with a different display for each.

For users with permission to view encrypted or hidden fields the plugin retains normal Gravity Forms functionality like viewing entries and all export options. There is reliable native entry search functionality based on any encrypted fields data with individual user/role permissions to use this functionality (must search for exact content and not partial content). “Limited” normal encrypted field search and order functionality is also possible (..currently, standard search or ordering operations may return differentiating partial results when based on encrypted field data). Users without field view permission cannot search based on the hidden value of the field at all, export it as readable, or perform other operations which would reveal the value of fields they do not have access to.

Step by step simple setup instructions can have you up and running in a few minutes with simple seamless encryption of saved form data and automatic decryption when you access your data for a basic site, or you can optionally utilize the many additional options to create complex field data permissions for multiple users and use cases to manage your data access at the both the user and field levels.

Cant I just use a free plugin like Gravitate?
We’ve included this here only because of the amount of inquiries and the obscurity of the information we believe people are missing when considering those options. Please understand that the out of date free plugins out there simply force you to encrypt everything whether you want to or not, have no user view permission or output controls or additional web security measures, and give all admin users access, and then store the key right next to the encrypted data in the database. Unfortunately, that’s the same as locking your front door and leaving the key in it. The data is encrypted, but it is able to be easily decrypted by anybody who gets it anyway ..which defeats the entire purpose of using encryption. They also do not work with other Gravity Forms payment gateways like Paypal and Stripe and other various extensions (like the “user registration” add-on) and operations because they have to encrypt everything submitted which doesn’t play nice when those product and pricing fields need to be processed by another plugin or add-on. So if you find you need or want to add or use any other Gravity Forms functionality, you likely cannot do it using those plugins. They cannot encrypt old gravity forms entry data, or remove encryption for you either, and do not have any of the many other incredibly useful and/or necessary features this plugin offers ..for one small example: the ability to search entries based on encrypted data. We do understand that “free encryption plugin” sounds convenient, but when it comes to real data protection and your sites compatibility and operational needs we believe that when you have the information to compare and realize the value of the real security, flexibly useful features, thoughtful solutions, and extensive documentation and support that Gravity Forms Encrypted Fields offers, you’ll know why it’s the right choice for any site!

 

FEATURES
AES-256 bank/military grade database storage encryption
Selectable encryption types including OpenSSL
Built in web and WordPress Admin security measures to help prevent sensitive data breaches
Smart encryption key system with separately generated and stored customizable encryption keys
Option to globally bypass actual encryption and just hide data in admin from unauthorized users.
Advanced user/role view permissions to encrypted or hidden data per individual field
Global user/role view permissions
Select to encrypt or hide Gravity Forms individual field data with both user and role access control per individual field.
Merge tag filtering and exclusion controls to control output on confirmations and notifications of encrypted or hidden fields
Ability to include html and section break fields in “all_fields” merge tag output.
Ability to exclude specific fields from “all_fields” merge tag output.
Custom decrypted merge tags to output human readable versions of encrypted data only in email and confirmations while retaining any view permissions on the site.
Custom encrypted merge tags for developers to output encrypted versions of field data only in email and confirmations while retaining any normal encryption or not on the site. Developers can then create custom decryption on their own for the receiving end of the encrypted data.
Custom user/role view permissions checking merge tags which output human readable versions of encrypted data only if the user/role loading or generating the merge tag content has view permissions to the field data on the site. Any fields the user does not have permissions to will show the restricted display.
Ability to pass full encrypted strings to merge tag output on confirmations and notifications for developers to pass data encrypted through email notifications for third party developed decryption and ingest into other systems.
Fully functioning native search functionality of entries based on encrypted field data with user/role based permission to this type of search. (Can only search natively for exact field values. ..this includes any specific value of multi part field such as first name or last name.)
Custom output preview masking for hidden/encrypted fields to use for entry view, and optionally also in merge tags for confirmations and notifications. example: •••1234
Ability to auto delete specified form entries and file uploads after submission/user registration/notifications. Keep the site clean and no site data to breach!
Ability to auto delete only specified form entries file uploads after submission/user registration/notifications. Keep the site clean and no site file upload data to breach! Great for resumes or other files uploaded with potentially sensitive data!
Ability to attach specified forms file uploads to specified notifications after submission/user registration before entry or file uploads are deleted.
Option to password protect access to admin settings page (This password is encrypted and when combined with quick global permission lockout, can allow for data security even in the event of an admin login breach! Just unlock the page and give temporary permission when you need to access encrypted data!
Option to give the original logged in submitting user view permissions to individual field data in addition to the regular user/role view permissions set for their own submitted entries.
Option to assign ‘User Owned Fields’ which encrypt data and give view permission to only the original submitting user
Option to display custom text or nothing at all for hidden and encrypted fields for users without permission
Ability to remove/reverse encryption on specified forms, entries, and fields. This can also be run in batches on all entries and or fields of a specified form from newest to last entries to completely remove ALL encryption from forms entries!
Ability to add encryption to previous entries for specified forms, entries, and fields (fields must be of supported type). This can also be run in batches on all entries and or fields of a specified form from newest to last entries to completely encrypt ALL of a forms entries! Now you can add encryption on old field data!
Ability to turn on/off encryption or hide field value for for all supported field types on a form globally!
Hide quiz choices/answers from users without view permission in admin, by hiding field value for quiz fields!
Works with Gravity Forms “Partial Entries” add-on to encrypt partial entry data as is is being entered and stored as well!
Detailed and extensive inline documentation for every option and setting to help you set up the perfect solution for your site!

 

Full setup instructions are directly inside the options page for users who just want to be up and running in a couple minutes, and the plugin also has a complete visual system check system and encryption testing to help users visibly see the systems requirements and current encryption status to be up and running quickly, and know what global settings it is using at a glance.

Supported Field Types: single line text, paragraph text, drop down, multi select, number, checkboxes, radio buttons, name, date, email, phone, address, website, list, quiz (users choices/answers are not marked while viewing entry without view permission).

*Payment / Product / User Registration information generally can NOT, and/or should NOT be encrypted to maintain functionality.

˚˚ This plugin fills one necessary component of data protection. The usage of other basic protections such as SSL, VPS, User capability restrictions, and strong admin user password enforcement alongside this plugin are strongly recommended. You may be subject to implementing additional data protection policies and procedures depending on the sensitivity level and type of the information you are collecting.

 

NOTICE:
This plugin is currently only authorized, supported, and legitimately sold through codecanyon.net. Do not compromise your sites security by unauthorized installs of this or any other plugin. Gravity Forms Encrypted Fields © 2016 Plugin Owl.

 

Please see support page for plugin F.A.Q  Item is supported though the comments page

Requirements:
+ means “or any higher version”

-WordPress 4.6+
-PHP 5.6+ (5.5 and 5.4 should currently also function but are NOT SUPPORTED)
-Gravity Forms Version 2.0.7+
-Server must support one of the following encryption methods:
OpenSSL Encryption Enabled
Mcrypt Encryption Enabled -required for ver 2.9.3 or previous

Installation / Upgrade
IMPORTANT: Please refer to the plugin’s readme file for detailed instructions on upgrading between versions or initial install.

Current Available Version
4.3.1

Changelog (including near future versions)

Version 4.3.1 (current available version) PLEASE UPDATE
* Fixed Method callback handling for Gravity Forms versions prior or post 2.3

Version 4.3
* Gravity Forms 2.3 (rc-5) compatibility.
* Changed addtional core functionality to utilize the GFAPI

Version 4.2.3
* Fixed merge tage filtering for list fields

Version 4.2.2
* Fixed masking functionality for multiple masked fields (ver 4.0 – 4.2.1)
* Tested on WordPress 4.9.4

Version 4.2.1
* Full compatibility with Gravity Forms Partial Entries Add-On

Version 4.2
* Improved Setup Instructions
* Initial testing with Gravity Forms 2.3
* Tested with PHP 7.1.10.
* Fixed various notices in WPDebug mode.

 

 

 

Source