Title: Secure Messaging
Author: Eric Mann
Published: <strong>July 30, 2017</strong>
Last modified: December 30, 2017

---

Search plugins

This plugin **hasn’t been tested with the latest 3 major releases of WordPress**.
It may no longer be maintained or supported and may have compatibility issues when
used with more recent versions of WordPress.

![](https://ps.w.org/secure-messaging/assets/icon-256x256.png?rev=1705367)

# Secure Messaging

 By [Eric Mann](https://profiles.wordpress.org/ericmann/)

[Download](https://downloads.wordpress.org/plugin/secure-messaging.0.4.1.zip)

 * [Details](https://wordpress.org/plugins/secure-messaging/#description)
 * [Reviews](https://wordpress.org/plugins/secure-messaging/#reviews)
 *  [Installation](https://wordpress.org/plugins/secure-messaging/#installation)
 * [Development](https://wordpress.org/plugins/secure-messaging/#developers)

 [Support](https://wordpress.org/support/plugin/secure-messaging/)

## Description

Automatically encrypt certain WordPress messages using your GPG public key to ensure
no one but you can ever read the message.

This is primarily used to secure password reset emails so, even if an attacker were
to gain access to your email account, they couldn’t change your WordPress password.

## Installation

#### Requirements

This plugin requires PHP 7 or greater to operate. It _does not_ check for PHP compatibility
directly and _will not work_ if installed on an older server.

The GPG functionality requires GPG to be installed and available to WordPress. The
plugin will try to test for this functionality upon activation, but _will not work_
if GPG is unavailable.

#### Manual Installation

 1. Upload the entire `/secure-messaging` directory to the `/wp-content/plugins/` directory.
 2. Activate Secure Messaging through the ‘Plugins’ menu in WordPress.

## FAQ

  Installation Instructions

#### Requirements

This plugin requires PHP 7 or greater to operate. It _does not_ check for PHP compatibility
directly and _will not work_ if installed on an older server.

The GPG functionality requires GPG to be installed and available to WordPress. The
plugin will try to test for this functionality upon activation, but _will not work_
if GPG is unavailable.

#### Manual Installation

 1. Upload the entire `/secure-messaging` directory to the `/wp-content/plugins/` directory.
 2. Activate Secure Messaging through the ‘Plugins’ menu in WordPress.

  Does the server sign messages as well?

Not by default. On many installations, the GPG keychain folder needs to live in 
the `/wp-content` directory and might be readable by third parties. To avoid leaking
GPG secret keys, none are ever added by the system in the first place. This means
the server can’t sign messages before they’re sent.

  Is there a limit to the size of the GPG key I can use?

Not to my knowledge. We’re using Pear’s [Crypt_GPG](http://pear.php.net/package/Crypt_GPG)
module, which defer’s to the server’s GPG module directly. So long as GPG itself
supports a key, this plugin will as well.

  What if my host doesn’t support GPG?

Not every host does. Most self-hosting platforms will have GPG support by default,
but some (like _WP Engine_) do not support the GPG subsystem and will not allow 
you to proactively encrypt messages.

I highly suggest you look into a managed host like [Liquid Web](https://www.liquidweb.com/managedwordpress/),
who _does_ support GPG, for your hosting needs.

_Note:_ This plugin has been tested to work with both Liquid Web’s managed WordPress
hosting platform and the [Dockerized WordPress](https://github.com/10up/wp-local-docker)
system published by [10up](https://10up.com/).

## Reviews

There are no reviews for this plugin.

## Contributors & Developers

“Secure Messaging” is open source software. The following people have contributed
to this plugin.

Contributors

 *   [ Eric Mann ](https://profiles.wordpress.org/ericmann/)

[Translate “Secure Messaging” into your language.](https://translate.wordpress.org/projects/wp-plugins/secure-messaging)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/secure-messaging/),
check out the [SVN repository](https://plugins.svn.wordpress.org/secure-messaging/),
or subscribe to the [development log](https://plugins.trac.wordpress.org/log/secure-messaging/)
by [RSS](https://plugins.trac.wordpress.org/log/secure-messaging/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 0.4.1

 * Fix: Explicitly add Eric Mann’s public key for the GPG subsystem test

#### 0.4.0

 * Update: Store the public key fingerprint instead of the entire key for better
   references later
 * Update: Introduce the `SECUREMSG_KEYCHAIN_DIR` constant for overriding where 
   keys are stored
 * Fix: Test for the presence of the GPG subsystem upon activation to prevent downstream
   errors

#### 0.3.0

 * Update: Switch to the Pear GPG library for better RSA compatibility

#### 0.2.0

 * Update: Use a new GPG library for better PHP compatibility
 * Update: Add nonce checks on the profile page
 * Update: Add Romanian translations

#### 0.1.0

 * First release

## Meta

 *  Version **0.4.1**
 *  Last updated **8 years ago**
 *  Active installations **Fewer than 10**
 *  WordPress version ** 4.7.3 or higher **
 *  Tested up to **4.9.29**
 * Tags
 * [gpg](https://wordpress.org/plugins/tags/gpg/)[pgp](https://wordpress.org/plugins/tags/pgp/)
   [security](https://wordpress.org/plugins/tags/security/)
 *  [Advanced View](https://wordpress.org/plugins/secure-messaging/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/secure-messaging/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/secure-messaging/reviews/)

## Contributors

 *   [ Eric Mann ](https://profiles.wordpress.org/ericmann/)

## Support

Got something to say? Need help?

 [View support forum](https://wordpress.org/support/plugin/secure-messaging/)

## Donate

Would you like to support the advancement of this plugin?

 [ Donate to this plugin ](https://paypal.me/eam)