Prevents forms data against sniffing network traffic through encryption provided by jCryption javascript library.
The plugin increases security of a site in case it has no SSL certificate,
useful for owners of small sites who want to secure their passwords and
other posted data but don’t want to buy SSL certificate for each domain
and subdomain: it protects from sniffering the most important data such as
passwords when they are being sent from forms of your site to the server.
When the form served by the plugin is submitted all input data are being
joined into a string, then this string is being encrypted with AES algorythm
by disposable key and only encrypred string will be sent.
A browser encrypts the disposable key in javascript by the RSA public key
and sends it to the server; then the server decrypts it with the RSA private
key and then use it to decrypt the posted data with AES.
Translations included: Ukrainian, Russian, German and Brazilian Portuguese.
I just adapted usage in WordPress the jCryption jQuery plugin, v. 3.1.0.
Please check www.jcryption.org to learn how jCryption works.
Upload wp-jcryption.zip using the wordpress plugin installation interface
and activate the plugin. On the very first activation 1024-bit RSA key pair
will be generated and the list of forms the plugin is primarily destinated
for will be saved. You may add other form IDs to this list on the plugin
settings page: Settings – WP jCryption.
Upload wp-jcryption.zip using the wordpress plugin installation interface
and activate the plugin. On the very first activation 1024-bit RSA key pair
will be generated and the list of forms the plugin is primarily destinated
for will be saved. You may add other form IDs to this list on the plugin
settings page: Settings – WP jCryption.
If you don’t use https on your site your password could be stolen through
man-in-the-middle attack when you are submitting log-in form because form data
(including password) are being sent as plain text. This plugin encrypts submitted
data in a way similar to https transmission.
No. The plugin encrypts only data being posted from most important forms
(that contain password fields: login, reset password, user profile)
and forms you specify additionally. To secure all incoming and
outgoing traffic of your site a SSL certificate is needed.
No.
Yes, you can do it by means of Firefox LiveHTTPHeaders extension, Fiddler or similar tools.
PHP version >= 5.3 with OpenSSL PHP extension.
No. PHP generates keys for you and save them in a database. So, this plugin is usable on (almost) any shared hosting.
Try to enable the plugin option: Fix button id=”submit” and name=”submit”.