I’ve been looking into making a completely private WordPress blog and have found useful blogs/tutorials along the way that have helped such as David Hewsons pretty detailed walkthrough.
I currently have a system in place (online) that is nice and private and requires login credentials to access the blog, now here-in lies the problem. I’m worried that if my web server is hacked in some way (I’m not going to be ignorant to the fact that this may occur) and my database accessed then all of my posts will be viewable – thus defeating all of the front-end privation work.
I’ve looked for pre-built solutions to encrypt the posts themselves but nothing exists yet, what I need is a helping hand in the right direction for writing a WordPress plugin as I haven’t a clue where to start in relation to coding plugins in WordPress, any help/tutorial links would be appreciated.
I do have quite extensive knowledge of PHP/MySQL albeit not in the WordPress fashion of API’s etc.
As far as I know what you ask is not really possible with WordPress (or any plain PHP app) alone. It is same dilemma as with database credentials in WP – if FTP is hacked then hacker gets database login/password from
wp-config.php
. It is impossible to protect those because WordPress (or any other PHP app really) needs them for database access. Even if they are stored encrypted at some point they will need to be decrypted.Same thing with posts – even if store encrypted posts in database at some point WordPress will need to decrypt them. If WordPress can decrypt them then so does person who hacked account.
You can probably somehow separate keys from WordPress installation, but that is simply moving issue around – now still have to think about protecting keys from being hacked/leaked, they are just in another place.
So you want a system that encrypts the text before it enters the database, and decrypts it before it leaves the database. If you don’t want to save the password on the server, you would need to find a way to provide this via the browser every time you make a request that needs encrypted data.
You could do this in PHP, but maybe also in JavaScript. If we simplify the question by requiring only encryption of the post content and not other data (title, dates, …), you could probably hook your code to a TinyMCE event on the admin side, which asks for your password (or remembers it in Local Storage or another safe place that doesn’t leave your computer), decrypts the text before it is shown in the editor, and the encrypts it again when you save it. This way, all WordPress sees is encrypted text. (You probably need to disable all kinds of content filters so nothing gets changed on the server side.)
On the public side of your blog you can do the same thing: send a block of encrypted data to the client, and decrypt it using JavaScript.
This scheme is workable if you are the only one reading and writing, otherwise you would need a way to share the encrypting but let everyone have different passwords and such. But if you really are in the single-user scenario, are you sure WordPress is the best medium for your work? Maybe Evernote or another note-taking solution with support for encryption would work better?
Might I suggest taking a look at this site. I am new to WordPress and haven’t setup my own WordPress blog yet. However, while researching starting my own blog, I too wanted to have the capability to encrypt certain blog postings.
After searching within Google, I stumbled onto this website http://www.vincentcheung.ca/jsencryption/
Basically the blog posts are encrypted by utilizing JavaScript and PHP. By default posts are encrypted in 128-Bit AES but by recompiling PHP you can add 256-Bit AES Support. I haven’t yet started to create my own WordPress blog yet because I want to see if there is a way to integrate Vincent’s idea into WordPress somehow.
By creating a plugin based upon Vincent’s work, the posts could be encrypted within WordPress without having to visit his site, encrypt the post and then paste the resulting text/code into a WordPress post.
When the posts are decrypted, everything happens client-side. The password or decryption key is never sent to the server, all the decrypting happens on the client-side through JavaScript. This means that even if a hacker got a hold of your database, he wouldn’t be able to read the encrypted posts, because the key is not stored in the database!
While I am proficient in PHP, I don’t know enough yet about how to write good WordPress plugins to make a plugin myself, yet…
Exactly; everything can be decrypted by a group public key possibly with multiple private keys that are held on client sides.
Since the blog is private naturally technically there is no need for maintaining private keys on a central server which only stores encrypted data.
Not 100%, but this would add one layer of security: You could write a plugin that uses base64_encode to encrypt specific entries, and then to the encoding, add salt made from an md5 hash of the username (since those can’t be changed), or something of the like. base64_decode works very fast and the user probably wouldn’t notice any delay.