I'm attempting to use the Defuse encryption library in Wordpress: https://github.com/defuse/php-encryption
I'm using this guide as a resource for how to implement it: https://torquemag.io/2016/10/storing-encrypted-data-wordpress-database/
My question is, if my wp-config file requires access to a library, where should I put the library and require the file?
Long description of problem:
In the tutorial it says to generate and store an encryption key and then place it in a constant in wp-config.php. In order to do that, I would need access to the library from wp-config. I was originally planning on putting the library in a plugin and requiring it from there, but my guess would be that if I did that, I wouldn't be able to access it from wp-config.
So my question is, where should I actually put the library and where should I require it if I need access to it from wp-config?
1st, the key should be generated once, not per request. The tutorial is suggesting you generate it via the library (probably via cli, or one off script you run in the browser) and then simple add:
wp-config.php file, so you dont need the lib to be in scope at that point.
If you are doing this in a plugin, you can define the constant within the plugin instead of in the
wp-config.php file if you prefer.
However, i think the tutorial has a major flaw, in that the wordpress options api handles non string values (objects, arrays etc), whilst the wrapper provided does not