Scope: Prime Mover Pro
The free version of Prime Mover does not support encryption. After upgrading to Pro version, you can enable the encryption by following this tutorial.
- Activate Prime Mover Pro version.
- Go to Prime Mover – Getting Started.
- Since you don’t have encryption key set, you should see this message :
- Now you need to SSH or SFTP and go to path where wp-config.php is saved. Edit your wp-config.php. Add the following constant:
- Make sure you replace
YOUR_ENCRYPTION_KEYwith your own encryption key. Make it very strong and impossible to guess. Keep a safe copy of this key somewhere offline so you can have a backup.
- Now in your WordPress admin – Prime Mover – Getting Started. Refresh that page. You should no longer see the message that it needs encryption keys since its now set.
Using encryption keys in your network of sites
Prime Mover uses AES-256 encryption. When a package is encrypted, that package can ONLY be decrypted using the SAME key that is used to encrypt it.
What does this mean? It means you need to add the same encryption key in your network of sites. Otherwise if its different, a package cannot be decrypted when you might migrate it to any of your site.
Let me illustrate. Supposing your website domain is website.test. You add encryption key
ABC12345 to this site. When you export an encrypted package in website.test. The package data is encrypted using the encryption key
Supposing you want to migrate website.test encrypted package to your anotherwebsite.test domain ?
If Prime Mover is also installed in anotherwebsite.test but does not use the same encryption key as website.test , then the package cannot be restored. It is because Prime Mover cannot decrypt the package because of incorrect key.
Therefore, you also need to add
ABC12345 encryption to anotherwebsite.test wp-config.php before you restore the encrypted package created at website.test.
How encryption is used to protect your data?
When encryption key is added to wp-config.php. Encryption support is now enabled. But how is this used inside the plugin?
- When you create or export package with encryption support enabled, you will be given an option to encrypt the database and media files (if supported by your server). You will not see the data encryption section if this is not supported.
- When you decide to uncheck the above setting, the database and media files are not encrypted. It is just like the free version.
- When a package is encrypted, no one can read your database or media files contents. (if they don’t have access to encryption key).
Encrypting Prime Mover settings
When encryption support is enabled, this is used automatically to encrypt your sensitive plugin settings in database. The following settings are encrypted for your security:
- Custom backup directory path
- Domain authorization keys
- Dropbox access key
If you have just upgraded to PRO version and enabled encryption support, it is recommended you re-saved all settings as follows:
- Login as administrator to your single site or network administrator in multisite.
- Go to Prime Mover – Settings.
- Click Saved for the following basic settings: Custom backup directory, Authorization Keys, Dropbox access token
- That’s it! These sensitive settings will now be encrypted in your database.
FAQ on using encryption keys
- How often should I change my encryption keys? Ideally never. Your encryption key is tied with your encrypted package content. If you change encryption keys, then Prime Mover can no longer decrypt your package. Remember that an encrypted package can only be decrypted using the key that is used to encrypt it. You should never change this often inside your wp-config.php.
- I really need to change encryption keys what should I do? Audit all of your old packages that might be using the old keys. Restore it to a local site temporarily. Once restored you can delete them safely. Then change encryption keys in all of your sites. Re-generate encrypted package if needed. You might need to go over again the section on Encrypting Prime Mover Settings, you need to re-save those settings that uses encryption so they can be used again.
- If I am using Prime Mover in different sites, does this I need to use SAME ENCRYPTION KEY to all of them? Yes, because if you encrypt package from Site A and restore it to Site B. Prime Mover will need to use the same encryption key that is used in Site A to decrypt package in Site B. If your encryption key in your sites differs, you might issues migrating a certain package from one site to another.
- Can I use Pro version without enabling encryption? Yes, but you cannot export encrypted package OR you cannot restore encrypted package.