W
by unknown_user
4.6 (16 reviews)
WP PGP Encrypted Emails
Signs and encrypts emails using PGP/GPG keys or X.509 certificates. Provides OpenPGP and S/MIME functions via WordPress plugin API.
Tested up to WP 5.7 (Current: 6.9)
v0.8.0
Current Version v0.8.0
Updated 4 years ago
Last Update on 25 May, 2021
Synced 14 hours ago
Last Synced on
Rank
#9,706
-3 this week
Active Installs
400+
—
No change
KW Avg Position
66
—
No change
Downloads
25.6K
+3 today
Support Resolved
0%
—
No change
Rating
92%
Review 4.6 out of 5
4.6
(16 reviews)
Next Milestone 500
400+
500+
140
Ranks to Climb
-
Growth Needed
8,000,000
Active Installs
Pro
Unlock Exact Install Count
See the precise estimated active installs for this plugin, calculated from real-time ranking data.
- Exact install estimates within tiers
- Track install growth over time
- Milestone progress predictions
Need 18 more installs to reach 500+
Rank Changes
Current
#9,706
Change
Best
#
Downloads Growth
Downloads
Growth
Peak
Upgrade to Pro
Unlock 30-day, 90-day, and yearly download history charts with a Pro subscription.
Upgrade NowReviews & Ratings
4.6
16 reviews
Overall
92%
5
13
(81%)
4
2
(13%)
3
0
(0%)
2
0
(0%)
1
1
(6%)
Tracked Keywords
Showing 2 of 2| Keyword | Position | Change | Type | Updated |
|---|---|---|---|---|
| pgp | 3 | — | Tag | 15 hours ago |
| encryption | 129 | — | Tag | 15 hours ago |
Unlock Keyword Analytics
Track keyword rankings, search positions, and discover new ranking opportunities with a Pro subscription.
- Full keyword position tracking
- Historical ranking data
- Competitor keyword analysis
Track This Plugin
Get detailed analytics, keyword tracking, and position alerts delivered to your inbox.
Start Tracking FreePlugin Details
- Version
- 0.8.0
- Last Updated
- May 25, 2021
- Requires WP
- 4.4+
- Tested Up To
- 5.7
- PHP Version
- N/A
- Author
- unknown_user
Support & Rating
- Rating
- ★ ★ ★ ★ ★ 4.6
- Reviews
- 16
- Support Threads
- 0
- Resolved
- 0%
Keywords
Upgrade to Pro
Unlock keyword rankings, search positions, and detailed analytics with a Pro subscription.
Upgrade NowSimilar Plugins
WP Adminify – White Label WordPress, Admin Menu Editor, Login Customizer
7K+ installs
#2,738
Master Addons For Elementor - White Label, Free Widgets, Hover Effects, Conditions, & Animations
40K+ installs
#930
Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin
200K+ installs
#256
MW
MW WP Form
200K+ installs
#262
SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers
200K+ installs
#266
Frequently Asked Questions
Common questions about WP PGP Encrypted Emails
An OpenPGP-compatible client is simply an app that can read, write, and verify messages encrypted or signed using PGP technology. There are great, free apps for every major platform, including Windows, Mac, Linux, Android, iPhones, iPads, and more. Which app you choose depends largely on which device you already have, and then a bit about your personal tastes. Since there are so many OpenPGP-compatible apps to choose from, I recommend sticking to the ones listed on the PRISM-Break.org website. (Note that PRISM-Break calls it "GPG" instead of "PGP," but the two terms are generally synonymous.) Once you choose an OpenPGP-compatible app for your platform, consider seeking out its help and support documentation to get started using it, or check out some of the generic PGP/GPG guides listed at the end of this plugin's Installation page. I can't decrypt messages addressed to my admin email address! If you have registered a WordPress user account with the same email address as your site's admin email address (in the Settings → General screen), then WP PGP Encrypted Emails will first check for a public key or certificate in the administrative Email Encryption settings (Settings → Email Encryption) before looking at your user's profile settings. If an encryption key or certificate exists in the administrative settings, that key will be used instead of the key or certificate in the user's profile. To resolve this issue, either ensure that you enter encryption keys in only one location (the administrative screen or the user's profile), or ensure these keys are the same. If you still cannot decrypt messages, make absolutely certain you have the matching private key or certificate corresponding to the public key or certificate that was used to encrypt the message. Unfortunately, it is highly infeasible that anyone on Earth will be able to decrypt messages encrypted to a public key or certificate that you do not have the associated private key for. That is, of course, the whole point of this software.
If you have received a "Private" comment, you will need to use an OpenPGP-compatible PGP client to decrypt and read it. There are many free apps that do this. Which one you choose depends on what kind of computer you are already using. If you use Windows, I suggest installing and using GPG4Win since it provides the most features. For Mac OS X users, I suggest MacGPG for the same reason, and Linux users should check their distro's package repository for compatible options. (For Ubuntu users, the Seahorse-Nautilus plugin is popular.) I might also add support for an in-browser client based on OpenPGP.js at some point, but for now you will still need an external program to read encrypted comments. Please consider donating to help resource me work on this if that is a feature you'd like to see.
Make sure the emails the other plugin sends are being addressed to an email account that WordPress knows about and that WordPress knows which OpenPGP public key or S/MIME certificate to use when encrypting email destined for that address. More specifically, this means the TO: field of the outgoing email needs to match either your WordPress's "admin email" address or the email address of one of your WordPress user accounts, and you need to provide the OpenPGP public key or S/MIME public certificate you want WordPress to use when encrypting the message and sending email to that address. In many contact form plugins, you can supply an arbitrary email address to send those emails to, but if that email address is not the address of a user on your site, WP PGP Encrypted Emails won't know which OpenPGP public key or S/MIME public certificate to use for encryption. As a workaround, simply create an unprivileged ("Subscriber" role) new WordPress user account with that email address and enter the OpenPGP public key or S/MIME certificate in that user's profile. (Either accept the automatically generated password, or supply a new very strong passphrase, since you will not need to remember it because you will never need to log in with that user account.)
Issues with character sets, accented characters, different human languages, or content types not appearing correctly are almost always the result of a misconfiguration in the email-sending plugin you are using. Many contact form plugins, for example, allow you to supply custom email headers. WP PGP Encrypted Emails takes great care not to corrupt the email message sent by the underlying plugin that generated the email in the first place. However, this also means that if you do not set up your contact form or email-sending plugin correctly, this plugin won't fix the error. Most often, this is simply a matter of setting the correct Content-Type header in your contact form or email-sending plugin's settings.
Against the NSA? No, probably not. Against a nosy co-worker? Yes, probably. The "realness" of security cannot "really" be measured in abstract, imprecise terms, but rather only based on what real threats you are likely to face and what risks you are vulnerable to if those threats materialize in reality. You have a much better sense of the answers to these things than I do for your situation, because I am not you. Security professionals call this process "threat modeling," and if you are "really" concerned for your security (I encourage you to be!) then learning how to conduct a threat assessment for yourself is a good idea. Learn more about threat modeling from the EFF's Surveillance Self-Defense Guide.
TL;DR: Don't let perfect be the enemy of good. First of all, not everyone's security needs are the same. (See "threat modeling," discussed in the previous question.) Against an opportunistic attacker, your security measures merely need to be better than your neighbor's in order to be sufficient to deter attacks. This is "good enough" security for most users of WordPress, especially on shared hosting accounts (which are generally closer to the unsafe side of the security spectrum no matter what plugins you install anyway). Against a well-resourced, determined adversary who has specifically singled you out, however, what matters is that your ability to secure yourself exceeds your adversary's ability to compromise the specific security precautions you've put in place. Your relative security as compared with your neighbor's doesn't matter. In this case, it is better to do anything and everything you reasonably can do for your protection, even if no specific security measure will be enough on its own. This is known as "defense in depth" and is analogous to the way a medival castle had a moat that surrounded an outer wall which itself surrounded an inner wall protecting a keep. These concentric rings of security provide redundancy and serve to slow an attacker's intrusion. This plugin can be considered one small part of a larger defense-in-depth security approach for your website. Read Bruce Schneier's "Lessons from the Sony Hack" for a brief, real-life case study in understanding this important nuance between opportunistic and focused attackers. Further, security is largely a matter of operational practice, not theoretics. If you never use PGP/GPG because the only tools you have access to are not perfect, then you will not have the experience you need to know how to use PGP/GPG when you actually get access to it, because you never even practiced using it. By way of analogy, if you want to learn swordfighting but all you have is sticks you picked up in the forest, you are better off picking up those sticks and practicing with them than waiting and not practicing at all until you get your hands on steel swords.
Yes. You can use any OpenPGP public key you generate from any OpenPGP-compatible client.
When generating an OpenPGP signing keypair for your WordPress site, this plugin will create a 2,048-bit RSA OpenPGP keypair. This is considered "okay" (but not "great") by 2018 standards. Unfortunately, many hosts will not allow the plugin to create a stronger keypair because of the computation required. Then again, this key is used only for signing, not encryption. Your own OpenPGP public key is always used for encryption, and you are of course encouraged to make that key as strong as you want. If you want to use a stronger signing keypair, you can generate one yourself (offline), though you will need to load the key into your WordPress database yourself to use it with this plugin. I consider this extra step "paranoid," but you are of course welcome to be as careful as you feel is appropriate. :)