Articles of encryption

Protect Post Permalink From Copy

It is possible to protect my post permalinks to get copy from other users or bots ? Let’s say the post permalinks that tagged with tag “A” to get encrypted and all post to show in browser with: Post title (1)permalink => mysite.com/A Post title (2)permalink => mysite.com/A Post title (3)permalink => mysite.com/A Post title […]

Store and Encrypt Contact Form 7 Submissions in Database?

I have an additional security requirement (in addition to SSL) and I’m looking for a method (either a plugin or custom solution) of how to encrypt and store submissions from Contact Form 7 in the database. For example there are plugins such as Flamingo that allow the submissions to to be stored in the DB, […]

Detect change in site_url and home_url

Is there an easy way to check if the site url or the home url has been updated ? Im looking for a hook that I can preferably plug into. I have a cryptographic function that needs to run only once because its compute expensive. This calculation can be cached as long as the value […]

Apply function to update_option Variable

I found some instructions on encrypting an options field for a plugin here, using: encrypt($input_string, $key){ $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB); $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND); $h_key = hash(‘sha256′, $key, TRUE); return base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, $h_key, $input_string, MCRYPT_MODE_ECB, $iv)); And here, recommending WP’s Portable PHP Password hashing framework: require_once( ‘/path/to/wp-includes/class-phpass.php’ ); $wp_hasher = new PasswordHash( 8, TRUE ); $password […]

Is the login encrypted before it is sent? If so how to do I encrypt it the same way?

I’ve moved my WordPress site onto a https server, but now I’m wondering if I still need to manually encrypt the login credentials for my remote login. Is the default login encrypted before it is sent? Everything I’ve read, code included, is all plain text which is really bad for http sites. In my other […]

Pass MD5 value to prepopulate field

this is my scenario: I have a gravity form A where i collect user data and users are automatically registered to my site (via gravity forms user registration plugin). Users then automatically login and go to gravity form B where i collect some more data. I have a field in form B that is prepopulated […]

Using an Encryption class in a WordPress Plugin

I’m making a WordPress plugin that works with sensitive data. So I need to store/retrieve date with a trusty encryption method. I did some searches among many php encryption wrapper classes, and finally found Defuse\Crypto as one of the best options. The class needs minimum PHP 5.4 and also uses openssl_ and hash_hmac What do […]

Auto login subdomain from main domain on single sites with different DB

I would like to auto login to subdomain from main domain as well as from subdomain to main domain (if possible). I was already able to do this by sending url with encoded params to own php login file but weak security and encryption php control for the url param would put perfomance load on […]

Moving away from MD5: Where to declare the custom global $wp_hasher?

I want to move away from using MD5 for hashing passwords in the database. The plan is to declare a custom global $wp_hasher as hinted at in the docs for wp hash password(): Unless the global $wp_hasher is set, the default implementation uses PasswordHash, which adds salt to the password and hashes it with 8 […]

CNAME site attempts to load files over HTTP instead of HTTPS

The main site https://www.ptacunits.com loads fine. We have a CNAME pointing from the above domain to the following domain, https://www.ptacfactoryparts.com however, the page source shows HTTP for all the asset files. Even the Google Font which is hard coded as HTTPs //fonts.googleapis.com/css?family=Asap:400,700,400italic,700italic is loaded over HTTP, why is that?