Scope: Prime Mover Pro

The free version of Prime Mover does not support encryption and decryption of Prime Mover packages.

Take note that since version 1.2.4 – Prime Mover PRO auto-configures your site to enable package encryption. This default setting is done to maximize security and privacy of your packages data as well as your plugin settings. However if you need to create a non-encrypted packages, you can always uncheck the encrypt packages checkbox when you create an import.

There is no other manual work needed at your end but you need to take note of a very few important things.

Important notes on Prime Mover package encryption

  • Encryption key is ONLY stored in wp-config.php. This is not stored in database or any other places in your site. After upgrading to PRO version; Prime Mover auto-enables the encryption support (since version 1.2.4) by adding this encryption key:
define('PRIME_MOVER_DB_ENCRYPTION_KEY', 'YOUR_ENCRYPTION_KEY');

By default, Prime Mover uses a 64-character length key. This is secure enough for most implementations.

  • You should never edit encryption key manually in your wp-config.php. Doing so can make sure your encrypted package not restorable and it can messed up your Prime Mover settings (since these settings are stored as encrypted also in database).
  • In case you need to edit your key, login to your WordPress admin and go to Prime Mover -> Settings -> Security Settings -> Encryption Key.

As you can see the key is hidden for security reasons, click show key so you can see it. This is the only correct place to edit your key.

  • Prime Mover encrypts all important data in your packages. This includes your plugin files, theme files, media files, user files and database contents are all will be encrypted.
  • Like your most important password which you wrote in a piece of paper; you should do the same for your Prime Mover encryption key. Please write this in a piece of paper and keep it on a safe. In the event that it gets deleted or removed from your sites, you should be able to restore them from any offline source.
  • Take note that if ever you lost your key, there is no way to decrypt the packages. It is why you should keep a copy of your key.

Tip: Use SAME encryption keys in your network of sites

Prime Mover uses AES-256 encryption. When a package is encrypted, that package can ONLY be decrypted using the SAME key that is used to encrypt it.

What does this mean? It means you need to add the same encryption key in your network of sites. Otherwise if its different, a package cannot be decrypted when you might migrate it to any of your site.

Let me illustrate. Supposing your website domain is website.test. You add encryption key ABC12345 to this site. When you export an encrypted package in website.test. The package data is encrypted using the encryption key ABC12345.

Supposing you want to migrate website.test encrypted package to your anotherwebsite.test domain ?

If Prime Mover is also installed in anotherwebsite.test but does not use the same encryption key as website.test , then the package cannot be restored. It is because Prime Mover cannot decrypt the package because of incorrect key.

Therefore, you also need to add ABC12345 encryption to anotherwebsite.test wp-config.php before you restore the encrypted package created at website.test.

How to copy encryption key from SOURCE site to TARGET site?

  • Login to your source site WordPress admin(where the encrypted package is created).
  • Once logged-in, go to Prime Mover -> Settings.
  • Go to Security settings -> Encryption Key.
  • Click “Copy site encryption key to clipboard.
  • Now login to target site WordPress admin where the site needs to be restored.
  • Once logged-in, go to Prime Mover -> Settings.
  • Go to Security settings -> Encryption Key.
  • In the text box, paste the encryption key.
  • Click the checkbox “Show encryption key used in wp-config.php” to review if its correct.
  • Once correct, click “Save”.
  • It will ask for confirmation if you are sure to change this, just click Yes I understand.
  • That’s it, the encryption key is now copied to your target site!

How encryption is used to protect your data?

When encryption key is added to wp-config.php. Encryption support is now enabled. But how is this used inside the plugin?

  • When you create or export package with encryption support enabled, you will be given an option to encrypt your packages. This is checked by default since version 1.2.4.
  • When you decide to uncheck the above setting, the package is not encrypted.
  • When a package is encrypted, no one can read your package data.

Encrypting Prime Mover settings

When encryption support is enabled, this is used automatically to encrypt your sensitive plugin settings in database. The following settings are encrypted for your security:

  • Custom backup directory path
  • Domain authorization keys
  • Dropbox access key

If you have just upgraded to PRO version and enabled encryption support, it is recommended you re-saved all settings as follows:

  • Login as administrator to your single site or network administrator in multisite.
  • Go to Prime Mover – Settings.
  • Click Saved for the following basic settings: Custom backup directory, Authorization Keys, Dropbox access token
  • That’s it! These sensitive settings will now be encrypted in your database.

FAQ on using encryption keys

  1. If I downgrade my plan to FREE version, would I be able to restore already encrypted packages? No. It is because encryption/decryption is only supported with PRO/paid plan. There is no other 3rd-party/dev tools that can decrypt your packages once you are in a FREE plan.
  2. How often should I change my encryption keys? Ideally never. Your encryption key is tied with your encrypted package content. If you change encryption keys, then Prime Mover can no longer decrypt your package. Remember that an encrypted package can only be decrypted using the key that is used to encrypt it. You should never change this often inside your wp-config.php.
  3. I really need to change encryption keys what should I do? Audit all of your old packages that might be using the old keys. Restore it to a local site temporarily. Once restored you can delete them safely. Then change encryption keys in all of your sites. Re-generate encrypted package if needed. You might need to go over again the section on Encrypting Prime Mover Settings, you need to re-save those settings that uses encryption so they can be used again.
  4. If I am using Prime Mover in different sites, does this I need to use SAME ENCRYPTION KEY to all of them? Yes, because if you encrypt package from Site A and restore it to Site B. Prime Mover will need to use the same encryption key that is used in Site A to decrypt package in Site B. If your encryption key in your sites differs, you might issues migrating a certain package from one site to another.
  5. Can I use Pro version without enabling encryption? Encryption will always be enabled (using a constant added in your site wp-config.php). But you can always choose to create non-encrypted packages even with encryption enabled. This is as simple as unchecking this box:

Was this article helpful?
YesNo