SimpleSecure is a secure contact form plugin that encrypts messages using a pure PHP implementation of GPG / PGP.
SimpleSecure is a plugin that adds a secure contact form using GPG to encrypt messages
PGP is a software utility that is used to encrypt data using "public key encryption."
GPG is an open source version of PGP that is free for personal and commercial use.
Public key encryption is a method of encryption that does not require any of the parties to share any common, secret information, such as a password, in order to communication securely.
More info is at http://www.gnupg.org/
A tutorial video is available at http://www.youtube.com/watch?v=FFxFevczuRg
The first step is to install GPG, either the command line version or a graphical interface on your computer. Once installed you will generate a public/private key pair. You can publish or share your public key with anyone and they use this to send you encrypted messages. The private key is kept confidential and you use this to decrypt messages sent to you.
Once you have generated your keypair, you export your public key as a text file. In SimpleSecure settings you provide your public key. SimpleSecure will use this key to encrypt messages that are sent to you.
SimpleSecure uses a pure PHP implementation of GPG which supports a subset of the full GPG functionality. Supported keys are RSA and DSS up to 4096 bits in length.
This message appears when SimpleSecure detects that the website is not being browsed in SSL mode (ie HTTPS). Without SSL enabled the information entered by your visitor is sent from their computer to their server as plain, unencrypted text. It is possible that their information could be viewed by others. Since SimpleSecure is meant to be a secure form processor, a warning is displayed when the page is not being viewed with SSL.
To get rid of this you should make sure that you link to the correct SSL URL for your contact page (ie HTTPS instead of HTTP). If you do not have SSL enabled then you can contact your web host for more information.
There is no legitimate way to disable this alert otherwise - it is there for a reason. If you don't want your visitors to see it then you should use a non-secure form plugin instead.
No. The whole point of encryption is that it cannot be decrypted without the private key and password. For this reason you should keep your key and password backed up in a secure location where you will not lose them and others will not have access to them.
Requires: 2.9 or higher
Compatible up to: 3.9.2
Last Updated: 2013-12-12
1 of 2 support threads in the last two months have been resolved.
Got something to say? Need help?