Great tool, but there is a room for improvement
-
I would like to say thank you to the author for providing our WordPress community such a great tool with free charge. It works pretty well with a simple but clever design and I hope I can implement it in the real production sometime in future.
However, there are several things for improvement with PGP implementation. I haven’t got a chance to try out the plugin with S/MIME
1. The plugin’s built-in keypair generator only provides me the PGP private/public keys with the default emailwodrpress@mydomain.com
. It doesn’t work with my own keys paste into the plugin’s key input boxes.
2. There is no passphrase to protect my private key. If attackers get into my admin dashboard then the game is over. It is worse as there is no way to revoke the keys unfortunately.
3. There is no expiry date for the generated keys. This is very important feature that you should be able to set a expiry date for your key in case it’s compromised, then it may solve the problem itself with the expiry date even you can’t revoke it.
4. The plugin doesn’t work with my own PGP keys generated by other tools ie Kleopatra. I paste my own keys in then I got an uncaught error when I tried to login with a test user account with PGP enabled and the error message was fully shown in my browser even I turned off the debug.
5. Using GpgOL within Outlook 2016, I can’t encrypt the message with the public key generated by the plugin’s built-in keypair generator. I got an error message when trying to do this – Crypto operation failed: Unusable public key. Note that the GpgOL works perfectly with my current keys generated by Kleopatra.Anyway, I think it’s a greatest plugin so far in the WordPress community in terms of email encryption for website. I hope that the author can improve it in some ways in the near future.
- The topic ‘Great tool, but there is a room for improvement’ is closed to new replies.