Including a 3rd party library in Wordpress which needs to be accessible by wp-config

by Tom   Last Updated May 30, 2017 00:08 AM

I'm attempting to use the Defuse encryption library in Wordpress: https://github.com/defuse/php-encryption

I'm using this guide as a resource for how to implement it: https://torquemag.io/2016/10/storing-encrypted-data-wordpress-database/

My question is, if my wp-config file requires access to a library, where should I put the library and require the file?

Long description of problem:

In the tutorial it says to generate and store an encryption key and then place it in a constant in wp-config.php. In order to do that, I would need access to the library from wp-config. I was originally planning on putting the library in a plugin and requiring it from there, but my guess would be that if I did that, I wouldn't be able to access it from wp-config.

So my question is, where should I actually put the library and where should I require it if I need access to it from wp-config?



Answers 1


1st, the key should be generated once, not per request. The tutorial is suggesting you generate it via the library (probably via cli, or one off script you run in the browser) and then simple add:

define('JOSH_ENCRYPT_KEY', 'the-random-key-you-generated-gets-copy-pasted-in-here-manually');

into your wp-config.php file, so you dont need the lib to be in scope at that point.

If you are doing this in a plugin, you can define the constant within the plugin instead of in the wp-config.php file if you prefer.

However, i think the tutorial has a major flaw, in that the wordpress options api handles non string values (objects, arrays etc), whilst the wrapper provided does not

Steve
Steve
May 29, 2017 23:45 PM

Related Questions




how to use is_admin in wp-config.php

Updated May 30, 2015 12:03 PM

wp-config.php being deleted - by plugin?

Updated July 20, 2015 14:03 PM

Can you define readability settings in wp-config.php?

Updated October 09, 2017 08:08 AM