Overview
WordPress salts are cryptographic keys used to secure cookies, authentication tokens, and other sensitive data in WordPress. When WordPress salts are changed, various Gravity Forms features that depend on these salts for encryption, hashing, and validation can break.
Note: Some security plugins now include features that automatically change site salts regularly, which will break several Gravity Forms features that rely on salt-based encryption and hashing.
What Are WordPress Salts?
WordPress uses eight unique keys and salts defined in the wp-config.php file to enhance the security of user sessions and data. Gravity Forms uses these salts through WordPress functions like wp_salt() and wp_hash() for various security and data integrity features.
Affected Features
Data Encryption
Gravity Forms uses WordPress salts for encrypting sensitive data. When salts change, encrypted data cannot be decrypted, affecting:
- Encrypted Field Values: Any field values encrypted using
GFCommon::openssl_encrypt()or the deprecatedGFCommon::encrypt() - Internal Data Storage: Various internal data structures that use encryption for security.
File Upload Downloads
When salts change, download links for uploaded files become inaccessible. This affects file upload fields, notification emails, and entry details in the WordPress admin. Users won’t be able to access files through existing links. The only way to restore access to files linked with old salts is to restore the previous salt values, but this will break any new links created after the salt change.
Restoring Access to Old Files
The files themselves are not deleted and remain on the server in their original upload directories. If you need to access specific files, you can access them directly via FTP/SFTP in the /wp-content/uploads/gravity_forms/ directory, use the WordPress Media Library if files were added there, or contact your hosting provider for assistance in locating files on the server.
Impact: Users won’t be able to access files through existing links. The only way to restore access to files linked with old salts is to restore the previous salt values, but this will break any new links created after the salt change.
Upload Directory Names
Form upload directories are created using a hash based on the form ID and WordPress salts. The directory structure is:
/wp-content/uploads/gravity_forms/{form_id}-{hash}/
When salts change:
- New file uploads will be stored in a different directory.
- Previously uploaded files remain in the old directory structure.
- This can cause confusion and potential file management issues.
Persistent Cache
When persistent caching is used with GFCache::set(), cache keys are hashed using WordPress salts. Salt changes will:
- Invalidate all persistent cache entries.
- Create new cache keys for future entries.
- Affect form state validation for choice-based and pricing fields.
Impact: Form validation may fail when attempting to retrieve cached page versions after salt changes.
Nonce Verification
WordPress nonces are created using WordPress salts and are used throughout Gravity Forms for security verification. While nonces expire naturally, a salt change immediately invalidates all active nonces.
| Nonce Category | Affected Operations |
|---|---|
| Form Submission & Display | • Frontend form submission • AJAX form submission • Save & Continue / Resume links • File uploads during form submission |
| Form Management (Admin) | • Creating new forms • Updating form settings • Activating/deactivating forms • Duplicating forms • Deleting or trashing forms • Bulk form actions • Saving form titles |
| Form Editor | • Adding fields • Duplicating fields • Deleting fields • Changing input types • Refreshing field previews • Saving forms • Getting form data via AJAX • Managing custom choices |
| Entry Management | • Saving or editing entries • Deleting entries • Restoring entries • Updating entry properties • Bulk entry actions • Deleting files from entries • Adding or updating entry notes |
| Notifications & Confirmations | • Activating/deactivating notifications • Resending notifications • Managing notification lists • Activating/deactivating confirmations • Managing confirmation lists |
| Import/Export | • Exporting forms • Starting export processes • Downloading export files • Importing forms |
| Settings & Configuration | • Saving plugin settings • Uninstalling the plugin • Saving add-on settings • Managing feeds • Reordering feeds • Canceling subscriptions |
| REST API | • Revoking API keys • Editing API keys • JSON API operations |
| Background Processing | • Background tasks • Forced upgrades • Upgrade status checks |
| Editor Integration | • Shortcode preview • Saving editor settings • Block editor operations • Embedding forms |
| System & Logging | • System report actions • Disabling logging • Dismissing messages • Form and entry locking (concurrent editing) |
Affected Add-Ons
Signature Add-On
The Gravity Forms Signature Add-On uses GFCommon::generate_download_hash(), the same hash generation system as file uploads. When salts change:
- Existing signature image links become inaccessible.
- Signatures in notification emails sent before the salt change will not display.
- Signature images in entry details may fail to load.
Square Add-On
The Gravity Forms Square Add-On is particularly affected by salt changes because it uses GFCommon::openssl_encrypt() and GFCommon::openssl_decrypt() to store sensitive payment processing data. When salts change:
- OAuth Access Tokens: Square API access tokens become inaccessible, breaking the connection to Square.
- OAuth Refresh Tokens: Long-lived refresh tokens cannot be decrypted.
- Merchant ID: Square merchant identification data becomes inaccessible.
Impact: Forms using Square for payment processing will stop working immediately. You will need to reconnect to Square through the add-on settings to re-establish the connection.
Prevention and Mitigation
Disable Automatic Salt Rotation
If you are using a security plugin that automatically rotates WordPress salts (such as Sucuri’s automatic salt rotation feature), disable this feature to prevent breaking Gravity Forms functionality.
Manual Salt Changes
If you need to change your WordPress salts manually for security reasons, be aware that this will break file download links, signature links, encrypted data, and potentially disconnect payment integrations. Plan to update payment gateway connections as soon as possible after the change. Consider notifying users that previously emailed file links will no longer work. Export critical data before making the change.
After Salt Changes Actions
Reconnect Payment Gateways
If using Square or other add-ons that store encrypted credentials, reconnect through the add-on settings.
Test Form Submissions
Submit test entries to verify forms are working correctly.
Clear Cache
Clear all WordPress caches and any third-party caching plugins.
Monitor Notifications
Check that notification emails are being sent and file links work in new notifications.