WP jCryption plugin prevents forms data against sniffingnetwork traffic through encryption
provided by jCryption javascript library.
Description
The plugin increases security of a site in case it has no SSL certificate, useful for owners of small sites who want to secure their passwords and other posted data but don’t want to buy SSL certificate for each domain and subdomain: it protects from sniffering the most important data such as passwords when they are being sent from forms of your site to the server.
When the form served by the plugin is submitted all input data are being joined into a string, then this string is being encrypted with AES algorythm by disposable key and only encrypred string will be sent.
The disposable key is encrypted by the RSA public key, then the server decrypts it with the RSA private key and then decrypts the posted data with it by AES.
Ukrainian and Russian translations for the plugin settings page are included.
I just adapted usage in WordPress the jCryption library. Please check www.jcryption.org to learn how jCryption works.
Installation
Upload wp-jcryption.zip using the wordpress plugin installation interface and activate the plugin. On the very first activation 1024-bit RSA key pair will be generated and the list of forms the plugin is primarily destinated for will be saved. You may add other form IDs to this list on the plugin settings page: Settings — WP jCryption.
Frequently Asked Questions
= Does this plugin encrypts transmission of my site pages entirely? =
No. The plugin encrypts only data being posted from most important forms (that contain password fields: login, reset password, user profile) and forms you specify additionally. To secure all incoming and
outgoing traffic of your site a SSL certificate is needed.
= I have SSL certificate installed on my site already. Do I need to install the plugin? =
No.
= Can I check whether the form data are being sent encrypted? =
Yes, you can do it by means of Firefox LiveHTTPHeaders extension, Fiddler or similar tools.
= What are system requirements for the plugin? =
PHP version >= 5.3 with OpenSSL PHP extension.
= Do I need to generate RSA private and public key files with Linux commands? =
No. PHP generates keys for you and save them in a database. So, this plugin is usable on (almost) any shared hosting.
Screenshots
1. HTTP headers without encryption.
2. Log-in process encrypted by WP jCryption.
Changelog
= 0.2 =
jCryption entry point moved into the ‘plugins_loaded’ action.
= 0.1 =
initial version, with separate entry point file using SHORTINIT.
Download WP jCryption