WordPress.org

Ready to get started?Download WordPress

Plugin Directory

SimpleSecure

SimpleSecure is a secure contact form plugin that encrypts messages using a pure PHP implementation of GPG / PGP.

1. What is SimpleSecure?

SimpleSecure is a plugin that adds a secure contact form using GPG to encrypt messages

2. What is GPG and PGP?

PGP is a software utility that is used to encrypt data using "public key encryption."

GPG is an open source version of PGP that is free for personal and commercial use.

Public key encryption is a method of encryption that does not require any of the parties to share any common, secret information, such as a password, in order to communication securely.

More info is at http://www.gnupg.org/

3. Where do I get GPG?

GPG can be downloaded from http://www.gnupg.org/, however there are user interfaces for Windows and Mac users at http://www.gpg4win.org/ and https://gpgtools.org/

4. How do I get started with GPG?

A tutorial video is available at http://www.youtube.com/watch?v=FFxFevczuRg

The first step is to install GPG, either the command line version or a graphical interface on your computer. Once installed you will generate a public/private key pair. You can publish or share your public key with anyone and they use this to send you encrypted messages. The private key is kept confidential and you use this to decrypt messages sent to you.

Once you have generated your keypair, you export your public key as a text file. In SimpleSecure settings you provide your public key. SimpleSecure will use this key to encrypt messages that are sent to you.

4. What key types are supported?

SimpleSecure uses a pure PHP implementation of GPG which supports a subset of the full GPG functionality. Supported keys are RSA and DSS up to 4096 bits in length.

5. My contact form shows an alert message that the page is not secure. How can I get rid of that?

This message appears when SimpleSecure detects that the website is not being browsed in SSL mode (ie HTTPS). Without SSL enabled the information entered by your visitor is sent from their computer to their server as plain, unencrypted text. It is possible that their information could be viewed by others. Since SimpleSecure is meant to be a secure form processor, a warning is displayed when the page is not being viewed with SSL.

To get rid of this you should make sure that you link to the correct SSL URL for your contact page (ie HTTPS instead of HTTP). If you do not have SSL enabled then you can contact your web host for more information.

There is no legitimate way to disable this alert otherwise - it is there for a reason. If you don't want your visitors to see it then you should use a non-secure form plugin instead.

6. I lost my private key and/or password. Can you decrypt a message for me?

No. The whole point of encryption is that it cannot be decrypted without the private key and password. For this reason you should keep your key and password backed up in a secure location where you will not lose them and others will not have access to them.

Requires: 2.9 or higher
Compatible up to: 3.9.2
Last Updated: 2013-12-12
Downloads: 1,559

Ratings

4 stars
4.4 out of 5 stars

Support

1 of 3 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

0 people say it works.
0 people say it's broken.

100,1,1
100,1,1
100,2,2