Articles of encryption

Sniffing wordpress user's credentials

Coming to WordPress development from more “hardcore” (slow) development, I find it extremely odd that the WordPress login process provides absolutely no defense from sniffing credentials data. It all goes in plain text, which makes it extremely easy to fish anyone’s login credentials under a public WiFi, including admins, if the website doesn’t have any […]

PGP-Encrypt system-generated notifications

I was wondering if there is a way to get WordPress to encrypt notification mails (“Please moderate …” and so on) using PGP. I have found a bunch of plugins providing PGP-encrypted eMail forms, but that’s not what I was looking for, as I want the system mails to be encrypted, not the user mails. […]

Encrypt emails?

We need to maintain HIPPA compliance for forms on our website that are currently mailed to an internal email address. While the user/customers provides the info over HTTPS, we still want to make sure that we remain compliant… Are there any plugins for ensuring that emails sent from the WordPress application to a recipient are […]

How to validate WordPress generated password in DB using PHP?

I am working with site that is done with WordPress, and I need to add some parts that are outside WP, and to check user login, Logging users outside WP. I tried with md5 of password but it’s not… I tried this code: require_once( ‘wp-includes/class-phpass.php’ ); $wp_hasher = new PasswordHash( 8, TRUE ); $password = […]

Security in WordPress plugin development

My plugin is Mailer.app for WordPress, I’m 85% completed and I’m focusing on security before release. Before the questions, I should outline the plugins architecture: The plugin is able to take in username & password and relative imap/smtp server details. The details are validated and made sure that correct imap/smtp are entered (valid connection(s) made) […]

How WordPress encrypt password?

Possible Duplicate: How to validate WordPress generated password in DB using PHP? I am working with site that is done with WordPress, and I need to add some parts that are outside WP, and to check user login, but I can’t find how WP is encrypting password before it writes it in DB… I tried […]

Are the default salts secure?

When installing a fresh wordpress, one of the things one should do is, updating the salts in wp-config.php. The section looks like this define(‘AUTH_KEY’, ‘put your unique phrase here’); define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’); define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’); define(‘NONCE_KEY’, ‘put your unique phrase here’); define(‘AUTH_SALT’, ‘put your unique phrase here’); define(‘SECURE_AUTH_SALT’, ‘put […]

How to store username and password to API in wordpress option DB?

I’m currently developing a plugin and the chances are that I will more than likely release it on the public plugin repository so others can use it. The plugin will be using an API and to use this API you need to pass a username and password. So my plugin needs to store these login […]