I spent the whole of today camped out in a Kiwi cafe in Berlin, nutting out how to handle end to end encryption in WordPress. The result of all that effort, is a WordPress plugin called “End to end”.

If you are insanely paranoid, or simply have sensitive data you don’t want to trust being stored in the clear on your server (which WordPress does by default), then this plugin is for you.

You can download it from the End to end WordPress plugin page.

This isn’t a perfect solution for handling encryption within WordPress. It doesn’t handle post titles or images, but it does encrypt the post content very strongly.

There are other plugins out there which claim to encrypt your posts, but I haven’t seen any which do it in a secure way. There is virtually no point whatsoever in encrypting something in a database, if the decryption key is sitting in clear text on the same server :/, yet this is how most of these plugins seem to work.

The downside of course to true end to end encryption, is that WordPress itself can’t read your content, which makes many filters, search tools etc. redundant. It’s likely that most people will only want to encrypt some of their content anyway though, so hopefully that won’t be a huge problem. Personally, I only need to encrypt the most extremely sensitive data I have. Currently I don’t store that stuff online because I didn’t have anywhere I trusted to store it.