| 开发者 | Senderek Web Security |
|---|---|
| 更新时间 | 2015年2月10日 23:03 |
| 捐献地址: | 去捐款 |
| PHP版本: | 2.9.2 及以上 |
| WordPress版本: | 4.0 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
/home/gpg.
Change the ownership to the web server user and remove all permissions except for the
owner.encrypted-contact.tgz to your /wp-content/plugins/
directory and extract the plugin files. The files will be stored in a separate directory
encrypted-contact.
1. Log into your admin panel and activate the new plugin through the plugins menu.
1. Place the contact form in some place like the sidebar through the widgets menu, where
the new widget Encrypted Contact will show up.
1. Log into your admin panel and create a new key pair for you via the Key Management
button. Alternatively you can upload an existing private key via the Key Management tool.
1. Decide whether or not you will store the messages (encrypted or not) on the server.
Set the Archive Messages select box to yes. A subdirectory messages will be created
automatically inside the safe place for your encryption keys and copies of all messages
will be archived here before the are sent out via email.
You can read these messages and even decrypt them online using the admin panel.Yes, because the software relies on the operation system capabilities of Linux to work securely. It also requires an installation of GnuPG on the server, which is usually present already.
Not necessarily. But you have to trust the system administrators, because the encryption is done on the server and can be intercepted there. In order to perform the installation you need a safe place for the encryption key(s), which is located outside the web server tree. The default installation assumes that you use the directory "/home/gpg" for this purpose. You need to ask your system administrator to create this directory for you and to make it writeable for the web server process only. That means, if you cannot use a safe place for your encryption keys with restrictive access permissions, your encryption will refuse to work. This is not a bug but a desired performance of Encrypted Contact. Once your server's sysadmin has created such a directory for you, and its name matches the setting for $GPGDIR in the file "gpgconfig.php", then all key management can be done via the admin panel without any further help from the sysadmin. If you like to read more about the desirable server environment for encryption, have a look at [this article] (https://senderek.ie/articles/what-is-a-secure-server.php).
Because, if you don't you trick your website visitors into entering confidential messages into a form that transfers these messages insecurely, i.e. unencrypted to your server. And your website visitors will not even be sure their messages will arrive a the server you call yours. Under these circumstances it is pointless to encrypt something on the server that has arrived insecurely. Encrypted Contact will check, if the message has arrived via https, and it will refuse to work, if not. HTTPS is a basic requirement, if you are serious about the security of your website.