End to end encryption for WordPress
Skip to: Installation
The leaking of information by Edward Snowden has helped increased awareness of privacy, but unfortunately most people do not know how to securely store their own data. I have seen people storing extremely sensitive data within WordPress installations and assuming everything is fine since they used a “private page” or placed a password on it. But even though WordPress provides private and password protected pages, these still leave your data open to spying at both the server level and whilst in transit. Even if your server is locked down and secure, and you route the data over https, a man in the middle attack could still be used to gain access to your data.
The only true solution to securing your data within WordPress, is through the use of end to end encryption. The End to end encryption plugin for WordPress is my attempt to help alleviate this problem within the WordPress sphere and perhaps increase the prevalence of secure data storage across the interwebz.
The trick to ensuring true end to end encryption within WordPress, is to encrypt your posts before they are sent back to the server and only decrypt them once they arrive back at browser level. This means that there is no point of failure outside of the computers being used to access the web pages.
Even if the server is hacked, the only thing which could be obtained is a blob of encrypted data. To access the content, either your computer would need to be hacked or you would need to be forced to hand over the encryption key. With the End to end plugin, not even your WordPress installation will be able to decrypt your content, due to it’s use of true end to end encryption.
The big downside to end to end encryption, is that you need to provide the encryption keys every time you want to access the content. I may be able to implement encryption key storage via browser offline storage in future, but I haven’t implemented it yet.
You will not be able to perform server side searching with encrypted posts. Since the content is encrypted, WordPress has no way to search through it. Front-end searching is technically possible, but not practically feasible due to the need to download every page on your site before searching.
The normal filters on WordPress content can not be applied (since WordPress can’t read the content anyway). So things like paragraph tags and line breaks need to be manually added. The content you put into the WordPress editor will be read as raw HTML. Any extra content added by plugins will also not work on encrypted posts, including many plugins which add things like social sharing icons (since most of them work by filtering the post content).
The encryption used within the end to end WordPress plugin, is the simple but highly effective AES style encryption provided by Chris Veness. AES is a powerful encryption algorithm based on the Rijndael cipher. This is the exact same cipher used and recommended by many government agencies for top secret data storage and is considered the industry standard for storing extremely sensitive data.
To learn more about AES symmetric ciphers, check out Symmetric Ciphers from Leo Laporte and Steve Gibson. To ensure maximal security, it is recommended that use a complex encryption key. Head on over to Steve Gibson’s password haystacks page to help find a suitable password/encryption key.
There is nothing particularly innovative about this WordPress plugin, but it is intended as a way to drop the barrier of entry for those wanting to properly encrypt their own content online. I’ve seen plenty of other tools which claim to protect your data through encryption, but these almost always have failures in some ways. The recent case of the USA authorities compelling Ladar Levison to hand over the SSL keys for the Lavabit email service is a prime example of the problems associated with attempting to secure content with true end to end encryption in place.
I’m not guaranteeing anything with this plugin! To the best of my knowledge, the cipher is secure and in principle I believe there is no way to access your data without you sending data in the clear. There are some bugs in the current implementation which can cause you to send unencrypted data if you aren’t careful. This plugin is here as a proof of concept at this stage and is definitely not intended to be trusted for securing highly sensitive data.
Note 1: This is a beta and contains some known issues (see below)
Note 2: This was created before the Gutenberg block system was added to WordPress. To use this plugin, first install the Classic Editor plugin for WordPress to disable the block system
Download the End to end plugin beta, install it in your WordPress site and activate it.
There will be an encryption key input field above “Publish” when editing a post. If a key is set, then encryption will be applied and you will be prompted to re-enter it to view the content again.
It is critical to ensure that you do not forget the keys. If you forget them, you will never be able to recover the content (which is the point of this plugin – it should be uncrackable).
Note: Since this is true end-to-end encryption, you will be required to enter this EVERY time you access this content.
- Using the WordPress visual editor can produce unintended results and break the encryption
- Saving as a draft can result in unencrypted versions being saved
- Auto-save can accidentally save unencrypted versions
- Click “Preview” can result in unexpected behaviours. Future versions will fix this problem.
- If someone can see your screen, then they could work out what keys you are pressing by reversing the encryption for each keystroke.
- https via regular certificate providers is known to be cracked by various governments, including the Five Eyes. To avoid this issue, it is best to use a self-signed certificate with the certificate manually added to your web browser.
Personally, I’m not paranoid enough to require that much protection just yet, but it may be a suitable project for the future perhaps. If anyone would like to tackle it, I’m super keen to work together on it.
I’ve put up a demo at geek.hellyer.kiwi/encryption-demo. The encryption key for this demo is “test” (but you should never use a key which is this short, I just did it this time since it is here for demo purposes).
I have been storing my own sensitive data in a pseudo-secure way for a long time now and after listening to many episodes of the Security Now podcast by Steve Gibson and Leo Laporte over the past few years, I decided it was time I found a solution to my problems. The End to end encryption plugin now allows me to store anything I like within my WordPress installation without fear that evil doers may be snooping in.