MHM Rentiva uses a multi-layer security architecture (Defense-in-Depth) to protect vendors' financial data and personal information. This page explains encryption methods, data isolation, and audit trail mechanisms.
π‘οΈ Security & Privacy Layers
Vendor data is protected by four main layers, from the database level to the application interface.
π 1. Financial Data Encryption (IBAN Security)β
Vendors' IBAN data is never stored as plain text in the database.
AES-256-CBC Encryptionβ
- Algorithm: Industry-standard
AES-256-CBC. - Key Management: Keys derived from WordPress
AUTH_KEYandSECURE_AUTH_SALTconstants. - Fail-Safe: If the encryption library (OpenSSL) is not available, the system returns an empty value and stops the save to prevent data leakage.
// VendorApplicationManager::encrypt_iban();
// Encrypted data is stored using base64_encode().
Changing the security keys in wp-config.php renders all existing encrypted IBAN data unreadable. These keys must always be backed up.
π¦ 2. High-Criticality Field Change Approvalβ
Changes to critical fields such as IBAN by the vendor do not take effect immediately β an Admin Approval Process is triggered.
IBAN Change Workflowβ
- Request: The vendor enters a new IBAN.
- Temporary Storage: The new IBAN is encrypted and stored in the
_mhm_rentiva_pending_ibanmeta field. - Admin Notification: A counter badge appears in the admin panel.
- Approve/Reject: If the admin approves, the temporary IBAN is moved to the main IBAN field. If rejected, the temporary data is deleted and the vendor receives an email.
π 3. Data & Media Isolationβ
Vendors cannot access other users' data or media files.
- Media Isolation: The
ajax_query_attachments_argsfilter restricts vendors to seeing only the images they have uploaded. - Dashboard Isolation: The
VendorOwnershipEnforcerclass automatically adds apost_authorfilter to all database queries, preventing unauthorized access.
π 4. Audit Trailβ
All critical security events are logged via AdvancedLogger.
| Event | Content | Level |
|---|---|---|
| IBAN Change | "Vendor #X requested an IBAN change." | INFO |
| Login Attempt | Failed vendor dashboard login attempts. | WARNING |
| Payout Approval | "Admin #Y approved a payout for Vendor #X." | CRITICAL |
Logs can be monitored from the System Logs section of the admin panel and are automatically purged based on the mhm_rentiva_log_retention_days setting.
βοΈ 5. Technical Security Summaryβ
| Mechanism | Protection Type | Detail |
|---|---|---|
| Nonce (CSRF) | Form Security | Unique token for every AJAX and form operation. |
| Capability | Authorization | Access outside the rentiva_vendor role is blocked. |
| Masking | Privacy | Only the last 4 digits of IBANs are shown in the UI. |
Section Summaryβ
- IBAN data is stored encrypted with
AES-256-CBC. - Critical changes are subject to admin approval.
- Multi-layer isolation keeps vendor data separated from one another.
Changelogβ
| Date | Version | Note |
|---|---|---|
| 23.04.2026 | 4.27.2 | English translation added. |
| 19.03.2026 | 4.21.2 | Data encryption, IBAN approval workflow, and media isolation details added. |