{"id":265690,"date":"2025-12-16T09:32:36","date_gmt":"2025-12-16T09:32:36","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/piip-pii-protection\/"},"modified":"2026-07-06T12:41:09","modified_gmt":"2026-07-06T12:41:09","slug":"piip-pii-protection","status":"publish","type":"plugin","link":"https:\/\/syr.wordpress.org\/plugins\/piip-pii-protection\/","author":18440949,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.6.0","stable_tag":"1.6.0","tested":"7.0","requires":"6.9","requires_php":"8.2","requires_plugins":null,"header_name":"PIIP - PII Protection","header_author":"Benridane","header_description":"Automatically masks personally identifiable information (PII) in community plugins to protect user privacy.","assets_banners_color":"","last_updated":"2026-07-06 12:41:09","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/benridane.com\/piip","header_author_uri":"https:\/\/benridane.com","rating":0,"author_block_rating":0,"active_installs":0,"downloads":470,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.2.1":{"tag":"1.2.1","author":"presents111","date":"2025-12-16 14:48:21"},"1.3.0":{"tag":"1.3.0","author":"presents111","date":"2025-12-27 07:57:35"},"1.4.0":{"tag":"1.4.0","author":"presents111","date":"2026-02-07 13:35:49"},"1.4.1":{"tag":"1.4.1","author":"presents111","date":"2026-07-04 10:23:46"},"1.5.0":{"tag":"1.5.0","author":"presents111","date":"2026-07-05 06:54:08"},"1.6.0":{"tag":"1.6.0","author":"presents111","date":"2026-07-06 12:41:09"}},"upgrade_notice":{"0.2.0":"<p>Initial release of PIIP - PII Protection plugin.<\/p>"},"ratings":[],"assets_icons":{"icon-256x256.jpg":{"filename":"icon-256x256.jpg","revision":3422084,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.2.1","1.3.0","1.4.0","1.4.1","1.5.0","1.6.0"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Settings page - Configure integrations and PII types to mask","2":"Consent phrases configuration","3":"Example of masked content in forum post"}},"plugin_section":[],"plugin_tags":[51101,131785,222158,396,600],"plugin_category":[54],"plugin_contributors":[252320],"plugin_business_model":[],"class_list":["post-265690","plugin","type-plugin","status-publish","hentry","plugin_tags-data-protection","plugin_tags-gdpr","plugin_tags-pii","plugin_tags-privacy","plugin_tags-security","plugin_category-security-and-spam-protection","plugin_contributors-presents111","plugin_committers-presents111"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/piip-pii-protection\/assets\/icon-256x256.jpg?rev=3422084","icon_2x":"https:\/\/ps.w.org\/piip-pii-protection\/assets\/icon-256x256.jpg?rev=3422084","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>PIIP (PII Protection) is a plugin that automatically detects and masks personally identifiable information (PII) in WordPress comments and community plugin content before the data is saved to your database. This helps protect user privacy and supports your compliance efforts under privacy regulations such as the GDPR. Note that PIIP is a technical tool and does not by itself make your site GDPR compliant.<\/p>\n\n<h4>Key Features<\/h4>\n\n<ul>\n<li><strong>Automatic PII Detection<\/strong>: Intelligently detects multiple types of PII including emails, phone numbers, addresses, credit cards, SSN\/My Number, passwords, API tokens, IP addresses, and hosting account IDs<\/li>\n<li><strong>Server-Side Masking<\/strong>: All masking happens on the server (PHP) for maximum security - cannot be bypassed by users<\/li>\n<li><strong>WordPress Core Support<\/strong>: Native support for WordPress comments<\/li>\n<li><strong>Community Plugin Support<\/strong>: Works seamlessly with wpForo, BuddyPress, bbPress, and other popular community plugins<\/li>\n<li><strong>Configurable<\/strong>: Choose which PII types to mask via easy-to-use settings page<\/li>\n<li><strong>Consent Opt-Out<\/strong>: Users can include consent phrases to skip masking when sharing personal info publicly<\/li>\n<li><strong>Presidio-Level Detection<\/strong>: High-accuracy detection with validation (Luhn for credit cards, check digits for My Number)<\/li>\n<li><strong>Retroactive Scan<\/strong>: Scan content that existed before installing PIIP and apply masking after a dry-run review<\/li>\n<li><strong>Custom Patterns<\/strong>: Mask site-specific identifiers (employee IDs, member numbers) with your own regular expressions<\/li>\n<li><strong>WP-CLI Support<\/strong>: <code>wp piip mask<\/code> and <code>wp piip scan<\/code> commands for automation and large sites<\/li>\n<\/ul>\n\n<h4>Supported PII Types<\/h4>\n\n<ul>\n<li>Email addresses (example@domain.com \u2192 e***@domain.com)<\/li>\n<li>Phone numbers (Japanese mobile\/landline, international formats)<\/li>\n<li>Japanese street addresses in free text (\u6771\u4eac\u90fd\u65b0\u5bbf\u533a\u897f\u65b0\u5bbf2-8-1 \u2192 \u6771\u4eac\u90fd<strong><em>) and labeled postal codes (\u3012123-4567 \u2192 \u3012<\/em><\/strong>-****)<\/li>\n<li>Credit card numbers with Luhn validation (4532-1234-5678-9010 \u2192 ****-****-****-9010)<\/li>\n<li>Social Security Numbers \/ Japanese My Number with check digit validation<\/li>\n<li>Passwords, including labeled values in free text (password: xxx \/ \u30d1\u30b9\u30ef\u30fc\u30c9\u306f xxx \u2192 [REDACTED])<\/li>\n<li>HTTP credentials: Basic auth (curl -u, Authorization: Basic, user:pass@host URLs) and Bearer tokens (including JWTs)<\/li>\n<li>Developer secrets: GitHub, Slack, AWS, Stripe tokens and SSH\/PEM private key blocks<\/li>\n<li>API Tokens\/Keys (partial masking showing first and last 4 characters)<\/li>\n<li>AI API Keys (OpenAI sk-***, Anthropic sk-ant-***, Google AIza***, Hugging Face hf_***, Replicate r8_***, Cohere, Azure OpenAI)<\/li>\n<li>Labeled dates of birth (\u751f\u5e74\u6708\u65e5: 1990-01-15 \u2192 ****-<strong>-<\/strong>)<\/li>\n<li>Labeled bank account numbers (\u53e3\u5ea7\u756a\u53f7: 1234567 \u2192 ***4567)<\/li>\n<li>Names in self-introduction phrases (\u5c71\u7530\u592a\u90ce\u3068\u7533\u3057\u307e\u3059 \u2192 \u5c71***\u3068\u7533\u3057\u307e\u3059; opt-in, off by default)<\/li>\n<li>IP Addresses (192.168.1.1 \u2192 192.<strong><em>.<\/em><\/strong>1)<\/li>\n<li>Hosting Account IDs (XServer, Sakura, AWS, Azure, GCP, ConoHa, Lolipop, mixhost)<\/li>\n<\/ul>\n\n<h4>Supported Integrations<\/h4>\n\n<ul>\n<li><strong>WordPress Core<\/strong>\n\n<ul>\n<li>Comments<\/li>\n<li>User Profiles (display name, nickname, biographical info)<\/li>\n<\/ul><\/li>\n<li><strong>Form Plugins<\/strong>\n\n<ul>\n<li>Contact Form 7 (free-text fields; protects sent mail and stored copies such as Flamingo)<\/li>\n<\/ul><\/li>\n<li><strong>Community Plugins<\/strong>\n\n<ul>\n<li>wpForo Forum<\/li>\n<li>BuddyPress<\/li>\n<li>bbPress<\/li>\n<\/ul><\/li>\n<li>More integrations coming soon!<\/li>\n<\/ul>\n\n<h4>How It Works<\/h4>\n\n<ol>\n<li>User posts a comment or content in a community plugin<\/li>\n<li>PIIP intercepts the submission before database save<\/li>\n<li>Automatically detects PII using field names, regex patterns, and validation<\/li>\n<li>Masks detected PII according to your settings<\/li>\n<li>Content saves normally with masked data<\/li>\n<\/ol>\n\n<h4>Privacy &amp; Security<\/h4>\n\n<ul>\n<li>All processing happens on YOUR server (no external API calls)<\/li>\n<li>Original values are NEVER stored for maximum privacy protection<\/li>\n<li>Server-side processing prevents client-side bypass attempts<\/li>\n<li>Full control over your data<\/li>\n<\/ul>\n\n<h3>Privacy Policy<\/h3>\n\n<p>PIIP - PII Protection does NOT:\n* Send any data to external servers\n* Track users\n* Use cookies\n* Share data with third parties<\/p>\n\n<p>PIIP DOES:\n* Process content locally on your server\n* Automatically mask PII without storing sensitive data<\/p>\n\n<h3>Support<\/h3>\n\n<p>For support, bug reports, or feature requests:\n* Website: https:\/\/github.com\/benridane\/piip<\/p>\n\n<h3>Development<\/h3>\n\n<p>Development happens on GitHub. Pull requests welcome!\n* Follow coding standards\n* All code must pass <code>composer run phpcs<\/code><\/p>\n\n<!--section=installation-->\n<h4>Automatic Installation<\/h4>\n\n<ol>\n<li>Log in to your admin panel<\/li>\n<li>Go to Plugins \u2192 Add New<\/li>\n<li>Search for \"PIIP\" or \"PII Protection\"<\/li>\n<li>Click \"Install Now\" and then \"Activate\"<\/li>\n<li>Go to Settings \u2192 PII Protection to configure<\/li>\n<\/ol>\n\n<h4>Manual Installation<\/h4>\n\n<ol>\n<li>Download the plugin ZIP file<\/li>\n<li>Upload to <code>\/wp-content\/plugins\/piip<\/code> directory<\/li>\n<li>Activate the plugin through the 'Plugins' menu<\/li>\n<li>Go to Settings \u2192 PII Protection to configure<\/li>\n<\/ol>\n\n<h4>After Activation<\/h4>\n\n<ol>\n<li>Navigate to <strong>Settings \u2192 PII Protection<\/strong><\/li>\n<li>Enable\/disable desired integrations (Comments, wpForo, BuddyPress, bbPress)<\/li>\n<li>Select which PII types to mask<\/li>\n<li>Configure consent phrases for opt-out feature<\/li>\n<li>Save settings<\/li>\n<li>Test with a post or comment to verify masking is working<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20work%20with%20wordpress%20comments%3F\"><h3>Does this work with WordPress comments?<\/h3><\/dt>\n<dd><p>Yes! PIIP has native support for WordPress core comments. Simply enable the Comments integration in Settings \u2192 PII Protection.<\/p><\/dd>\n<dt id=\"does%20this%20work%20with%20wpforo%3F\"><h3>Does this work with wpForo?<\/h3><\/dt>\n<dd><p>Yes! PIIP has native integration with wpForo and will automatically mask PII in forum topics, posts, and private messages.<\/p><\/dd>\n<dt id=\"does%20this%20work%20with%20buddypress%3F\"><h3>Does this work with BuddyPress?<\/h3><\/dt>\n<dd><p>Yes! PIIP supports BuddyPress activities, profile fields, private messages, group descriptions, and activity comments.<\/p><\/dd>\n<dt id=\"can%20users%20opt%20out%20of%20masking%3F\"><h3>Can users opt out of masking?<\/h3><\/dt>\n<dd><p>Yes. If enabled, users can include consent phrases like \"\u30de\u30b9\u30af\u3092\u5916\u3059\u3053\u3068\u306b\u540c\u610f\" or \"I consent to unmasking\" in their content to skip PII masking for that specific post.<\/p><\/dd>\n<dt id=\"will%20this%20slow%20down%20my%20website%3F\"><h3>Will this slow down my website?<\/h3><\/dt>\n<dd><p>No. PIIP adds minimal processing time (&lt;20ms per submission) which is imperceptible to users. All processing happens server-side after submission.<\/p><\/dd>\n<dt id=\"can%20users%20bypass%20the%20masking%3F\"><h3>Can users bypass the masking?<\/h3><\/dt>\n<dd><p>No. All masking happens on the server (PHP), so it cannot be bypassed by disabling JavaScript or using browser developer tools.<\/p><\/dd>\n<dt id=\"is%20the%20original%20data%20stored%20anywhere%3F\"><h3>Is the original data stored anywhere?<\/h3><\/dt>\n<dd><p>No. The original data is never stored. We only store:\n- The masked value<\/p><\/dd>\n<dt id=\"does%20this%20make%20my%20site%20gdpr%20compliant%3F\"><h3>Does this make my site GDPR compliant?<\/h3><\/dt>\n<dd><p>No plugin can make a site GDPR compliant by itself. Compliance depends on how your site collects, processes, and stores personal data as a whole, and may require legal advice.<\/p>\n\n<p>PIIP supports your compliance efforts by:\n- Minimizing stored personal data (masking PII before it is saved)\n- No third-party data sharing (everything stays on your server)\n- No detailed logging to protect user privacy<\/p>\n\n<p>Also note that detection is pattern-based and may not catch every piece of personal information, so do not rely on it as your only safeguard.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.6.0 - 2026-07-05<\/h4>\n\n<ul>\n<li><strong>New<\/strong>: Japanese street addresses are now detected and masked in free text (prefecture + municipality + block number required, so mere place mentions are untouched); labeled postal codes (\u3012 \/ \u90f5\u4fbf\u756a\u53f7) are masked too<\/li>\n<li><strong>New<\/strong>: Labeled passwords in free text (password: xxx \/ \u30d1\u30b9\u30ef\u30fc\u30c9\u306f xxx) are masked to [REDACTED]<\/li>\n<li><strong>New<\/strong>: HTTP Basic auth credentials are masked - curl -u user:pass, Authorization: Basic headers, and user:pass@host URLs (password only)<\/li>\n<li><strong>New<\/strong>: Bearer tokens (including JWTs) are masked<\/li>\n<li><strong>New<\/strong>: Developer secrets are masked - GitHub, Slack, AWS, Stripe tokens, bare JWTs, and whole SSH\/PEM private key blocks<\/li>\n<li><strong>New<\/strong>: Labeled dates of birth (\u751f\u5e74\u6708\u65e5\/\u8a95\u751f\u65e5\/birth date) and labeled bank account numbers (\u53e3\u5ea7\u756a\u53f7, \u666e\u901a\/\u5f53\u5ea7) are masked; both can be disabled in settings<\/li>\n<li><strong>New<\/strong>: Opt-in masking of names in self-introduction phrases (\u301c\u3068\u7533\u3057\u307e\u3059, \u540d\u524d: \u301c); off by default, enable \"Names (self-introduction phrases)\" in settings<\/li>\n<li><strong>Changed<\/strong>: Tokens shorter than 32 characters are now partially masked instead of passing through unmasked<\/li>\n<li><strong>Changed<\/strong>: IP address and hosting ID masking can now be toggled in settings (previously always on); the internal mask_hosting_id setting key was migrated to mask_hosting<\/li>\n<li><strong>Fixed<\/strong>: The masking preview now uses the exact same per-type enablement rules as real submissions<\/li>\n<\/ul>\n\n<h4>1.5.0 - 2026-07-05<\/h4>\n\n<ul>\n<li><strong>New<\/strong>: PII Scan tool (Tools \u2192 PII Scan) - scan existing comments and posts for PII with a dry-run report, then apply masking retroactively<\/li>\n<li><strong>New<\/strong>: Contact Form 7 integration - masks free-text (message) fields in submissions, protecting both the sent mail and stored copies (e.g. Flamingo); name\/email fields are kept for replies<\/li>\n<li><strong>New<\/strong>: User Profiles integration - masks PII written into publicly visible profile fields (display name, nickname, biographical info)<\/li>\n<li><strong>New<\/strong>: Custom patterns - define your own regex patterns and replacements in the settings for site-specific identifiers (employee IDs, member numbers, etc.)<\/li>\n<li><strong>New<\/strong>: WP-CLI commands - <code>wp piip mask<\/code> and <code>wp piip scan --apply<\/code> for large sites and CI<\/li>\n<li><strong>Fixed<\/strong>: Enabled integrations (e.g. Comments) were inactive until the settings were saved once, due to a settings key mismatch in the activation defaults<\/li>\n<li><strong>Fixed<\/strong>: Ordinary words were reported as GCP hosting IDs in the preview\/scan detection breakdown, flagging almost every text as containing PII<\/li>\n<\/ul>\n\n<h4>1.4.1 - 2026-07-02<\/h4>\n\n<ul>\n<li><strong>New<\/strong>: Masking Preview tool on the settings page - type sample text and see the masked result in real time<\/li>\n<li><strong>New<\/strong>: Field name + value preview mode for testing field-based detection (e.g. password fields)<\/li>\n<li><strong>New<\/strong>: Detected PII breakdown with type, confidence score, and actual masking status<\/li>\n<li><strong>New<\/strong>: Consent phrase bypass indication in the preview<\/li>\n<li><strong>Fixed<\/strong>: Japanese toll-free numbers (0120-xxx-xxx, 0800-xxx-xxxx) were detected but not masked in free text content<\/li>\n<\/ul>\n\n<h4>1.4.0 - 2026-02-07<\/h4>\n\n<ul>\n<li><strong>New Feature<\/strong>: AI API Key Detection and Masking<\/li>\n<li><strong>Added<\/strong>: Support for 10 AI service providers (OpenAI, Anthropic Claude, Google AI, Hugging Face, Replicate, Cohere, Azure OpenAI, and more)<\/li>\n<li><strong>Added<\/strong>: Automatic detection of AI API keys in comments and form submissions<\/li>\n<li><strong>Added<\/strong>: Pattern-based detection for sk-, sk-proj-, sk-ant-, AIza, hf_, r8_ prefixed keys<\/li>\n<li><strong>Enhanced<\/strong>: Token masking now includes AI-specific key patterns<\/li>\n<li><strong>Enhanced<\/strong>: Comment integration now masks AI API keys in text content<\/li>\n<li><strong>Security<\/strong>: Prevents accidental exposure of AI API credentials in public content<\/li>\n<li><strong>Tested<\/strong>: 100% test coverage with 35 test cases across 3 test suites<\/li>\n<\/ul>\n\n<h4>1.3.0 - 2025-12-27<\/h4>\n\n<ul>\n<li><strong>Major Feature<\/strong>: Added comprehensive custom hook system for developers<\/li>\n<li><strong>New<\/strong>: 18 filter hooks for custom PII detection and masking<\/li>\n<li><strong>New<\/strong>: 4 action hooks for logging and compliance tracking<\/li>\n<li><strong>New<\/strong>: <code>piip_mask_text()<\/code> global function for simple text masking<\/li>\n<li><strong>New<\/strong>: Dynamic integration registration for community plugins<\/li>\n<li><strong>New<\/strong>: Custom PII type detection and masking capabilities<\/li>\n<li><strong>Enhanced<\/strong>: Form data processing with before\/after hooks<\/li>\n<li><strong>Enhanced<\/strong>: Integration system now supports third-party extensions<\/li>\n<li><strong>Developer<\/strong>: Complete hook documentation and examples included<\/li>\n<li><strong>Tested<\/strong>: Comprehensive test plugins for hook validation<\/li>\n<\/ul>\n\n<h4>0.2.0 - 2025-12-01<\/h4>\n\n<ul>\n<li>Initial release<\/li>\n<li>Support for multiple PII types with validation (email, phone, address, credit card, SSN\/My Number, password, token, IP, hosting IDs)<\/li>\n<li>WordPress Comments integration<\/li>\n<li>wpForo, BuddyPress, bbPress integrations<\/li>\n<li>Consent-based opt-out feature<\/li>\n<li>Admin settings page<\/li>\n<li>Hosting account ID detection (Japanese and international providers)<\/li>\n<li>Privacy-focused design with no detailed logging<\/li>\n<li>Note: Name masking excluded due to accuracy limitations<\/li>\n<\/ul>","raw_excerpt":"Automatically detects and masks PII in WordPress comments and forms to protect user privacy and support your GDPR compliance efforts.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/265690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=265690"}],"author":[{"embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/presents111"}],"wp:attachment":[{"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=265690"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=265690"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=265690"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=265690"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=265690"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/syr.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=265690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}