[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fJVNKJmG_T1cfHGPb4VkE9Eojfb5Dq32c9B_TuWQiW70":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":23,"download_link":24,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27,"vulnerabilities":28,"developer":29,"crawl_stats":26,"alternatives":34,"analysis":137,"fingerprints":274},"encrypted-post-type","Encrypted Post Type","1.0.0","NewJenk","https:\u002F\u002Fprofiles.wordpress.org\u002Fnewjenk\u002F","\u003Cp>When you’re doing things that are confidential, or private, or personal, then they should remain so.\u003C\u002Fp>\n\u003Cp>Encrypted Post Type adds an encrypted \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Farticle\u002Fpost-types\u002F#custom-post-types\" rel=\"ugc\">post type\u003C\u002Fa> where the content of posts is encrypted using \u003Ca href=\"https:\u002F\u002Fwww.openssl.org\u002F\" rel=\"nofollow ugc\">OpenSSL\u003C\u002Fa>. Use it to write notes, keep a diary, draft letters, plan your next career move, even project manage – basically anything important that you want to keep private, Encrypted Post Type is the place to put it.\u003C\u002Fp>\n\u003Cp>Coming complete with an advanced but simple tagging system you can easily organise your posts to create a powerful tool that works just the way you need it to, and can replace other tools like Roam, Workflowy, OneNote, Evernote, and more.\u003C\u002Fp>\n\u003Ch3>Features of this plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Easily tag your posts to organise them and build relationships between things you’re working on. Never used tags before? Here’s a handy \u003Ca href=\"https:\u002F\u002Fencryptedposttype.com\u002Fkb\u002Fbeginners-guide-to-tags\u002F\" rel=\"nofollow ugc\">guide on using tags\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Works with all core Gutenberg blocks and should work with most custom blocks that aren’t doing anything too funky with the markup.\u003C\u002Fli>\n\u003Cli>Collaboration out of the box: multiple users can view and edit posts, with encryption\u002Fdecryption happening seamlessly in the background (the \u003Ca href=\"https:\u002F\u002Fencryptedposttype.com\u002Fpro\u002F\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa> allows individual posts, viewable only to the author).\u003C\u002Fli>\n\u003Cli>Choose a name for the post type. By default it’s set to ‘Notes’ but you can name it anything you like, and even set an icon in the sidebar! \u003Ca href=\"https:\u002F\u002Fencryptedposttype.com\u002Fkb\u002Fnaming-your-post-type\u002F\" rel=\"nofollow ugc\">Read more about naming the post type here\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>It’s been tested with content over 20,000 words in length and worked an absolute champ!\u003C\u002Fli>\n\u003Cli>Posts display in order of most recently edited on the ‘All Posts’ screen; this is a great way to quickly see what you’re working on right now. You can re-order by created date, title, and you can change last updated to ascending (oldest first).\u003C\u002Fli>\n\u003Cli>Revisions work! Content is decrypted on the fly so you can see the differences between versions.\u003C\u002Fli>\n\u003Cli>The free version has 1 way of storing the encryption keys, but the \u003Ca href=\"https:\u002F\u002Fencryptedposttype.com\u002Fpro\u002F\" rel=\"nofollow ugc\">Pro version\u003C\u002Fa> beefs up security significantly by introducing an innovation called \u003Ca href=\"https:\u002F\u002Fencryptedposttype.com\u002Fkb\u002Frest-key-management-rkm\u002F\" rel=\"nofollow ugc\">Rest Key Management (RKM)\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>You can easily add links via the link pop-up of the paragraph and heading block to other posts, and when you click on one of the links you’ll go straight to the post!\u003C\u002Fli>\n\u003Cli>The block editor (Gutenberg) also includes word, character, paragraph, and heading counts, so you can easily keep track on the progress of what you’re writing all within the block editor without having to rely on additional tools. \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FWordPress\u002Fgutenberg\u002Fpull\u002F41611\" rel=\"nofollow ugc\">Reading length\u003C\u002Fa> will be added in a future version of the block editor, which will come in really handy for drafting documents.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Want a feature added? You can \u003Ca href=\"https:\u002F\u002Fus1.onform.net\u002Fencryptedposttype\u002Frequest-a-feature\u002F\" rel=\"nofollow ugc\">request a new feature here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>How does it work?\u003C\u002Fh3>\n\u003Cp>The block editor (Gutenberg) saves data in post_content as html markup – it’s this that is encrypted.\u003C\u002Fp>\n\u003Cp>When the plugin is installed and activated a key is randomly generated that is saved in the options table of your site. This key is \u003Cstrong>not\u003C\u002Fstrong> used to encrypt content of posts – we’ll come back to it in a second. A directory is also created in the uploads directory that is used to store the encryption keys – the keys in this directory are used to encrypt data, but before they are saved in the directory they are encrypted with the key that was saved in the options table (with the Pro version the keys are saved on a different site for added security). So, the encryption keys are themselves encrypted.\u003C\u002Fp>\n\u003Cp>When you create a new post the encryption key for that post is saved in the directory mentioned above (but remember, it’s encrypted before being saved) along with something called an Initialisation Vector (IV), which ensures the encrypted output (ciphertext) is unique.\u003C\u002Fp>\n\u003Cp>When you save your post the key that was saved in the directory when the post was initially created is first decrypted using [a] the key saved in the options table, and [b] the Initialisation Vector (IV) that was saved alongside the key; the decrypted key is then used to encrypt the content and an IV is also saved alongside the post. The IV is updated each time the post is saved to ensure the encrypted output (ciphertext) is unique.\u003C\u002Fp>\n\u003Cp>Encryption is done using \u003Ca href=\"https:\u002F\u002Fen.wikipedia.org\u002Fwiki\u002FAdvanced_Encryption_Standard\" rel=\"nofollow ugc\">aes128\u003C\u002Fa> and the \u003Ca href=\"https:\u002F\u002Fwww.php.net\u002Fmanual\u002Fen\u002Fbook.openssl.php\" rel=\"nofollow ugc\">OpenSSL library\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch4>Important considerations\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Media that you upload to your site is not encrypted. If you want this feature \u003Ca href=\"https:\u002F\u002Fus1.onform.net\u002Fencryptedposttype\u002Frequest-a-feature\u002F\" rel=\"nofollow ugc\">request it here\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>If you delete your encryption keys and you don’t have a backup there’s no way of getting your data back. It will be gone for good.\u003C\u002Fli>\n\u003Cli>Reusable blocks are not encrypted. If you want this feature \u003Ca href=\"https:\u002F\u002Fus1.onform.net\u002Fencryptedposttype\u002Frequest-a-feature\u002F\" rel=\"nofollow ugc\">request it here\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Each post has its own encryption key that will be saved in a file (or via \u003Ca href=\"https:\u002F\u002Fencryptedposttype.com\u002Fkb\u002Frest-key-management-rkm\u002F\" rel=\"nofollow ugc\">RKM\u003C\u002Fa>). These files are very small (approx 255 bytes), which means 3,900 will take up approximately 1MB, and 3,900,000 will take up approximately 1GB of server space. It’s safe to say you’ll have to create lots and lots and lots of posts before space becomes an issue.\u003C\u002Fli>\n\u003Cli>Encryption should be part of a broader security strategy. There are a few simple things you can do to help protect your data in addition to using Encrypted Post Type: [1] use a strong password, [2] use 2-factor authentication, [3] minimise the number of plugins you use, and only use plugins from reputable sources, [4] keep WordPress up-to-date, including your theme\u002Fs and plugins.\u003C\u002Fli>\n\u003Cli>Encryption happens server-side. End-to-end encryption was considered but there are limitations to end-to-end encryption that make it impractical in many applications. There are plenty of legitimate use cases where server-side encryption makes more sense. For example, there are several potential features in the pipe-line like reminders and mentions that would be very very difficult to pull off with end-to-end encryption.\u003C\u002Fli>\n\u003Cli>Encryption is complex, and Encrypted Post Type aims to bring encryption to WordPress in a way that is accessible to all. As with all software, there may be bugs present. The plugin is open source and if you spot a bug please feel free to contribute over on Github here: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FNewJenk\u002FEPT\u002F\" rel=\"nofollow ugc\">github.com\u002FNewJenk\u002FEPT\u003C\u002Fa>, pull requests are welcome.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Why WordPress, the block editor (Gutenberg), and Encrypted Post Type make a great combo\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>The block editor is flexible; whether you need easy access to tags when you’re writing (they display in the sidebar), or if you want a screen free of distractions to do your best work, the block editor can do it with ease. And combined with Encrypted Post Type, you can confidently maximise the true potential of the block editor safe in the knowledge that your data is secure.\u003C\u002Fli>\n\u003Cli>WordPress is very mature and works great for managing lots of content – tags have been part of WordPress since 2008!\u003C\u002Fli>\n\u003Cli>The details pop-up (the i icon in the block editor toolbar) includes super useful information perfect for note taking, drafting documents and more!\u003C\u002Fli>\n\u003Cli>The block editor comes with some really smart keyboard shortcuts that can boost productivity. For example, highlight text and use CTRL+K (CMD+K on Mac) to add a link, or use CTRL+S (CMD+S on Mac) to save your work.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The WordPress block editor (also called Gutenberg) is an excellent writing tool. It’s better than Microsoft Word at word processing (although that probably says more about Word), and is also a formidable website page builder (albeit a significant departure from WordPress of old). And it is so powerful, and has so much potential, that it could conceivably become the de-facto editor of the internet. It makes an excellent tool for taking notes, writing documents, and building web pages. And it has another trick up its sleeve that lends itself very well to encryption. Because of the need for Gutenberg to be backwards compatible with the rest of WordPress, the output of Gutenberg is simple html markup. Because the markup Gutenberg generates is so simple, almost all Gutenberg blocks are compatible with encryption.\u003C\u002Fp>\n\u003Ch3>Pro version\u003C\u002Fh3>\n\u003Cp>If you want to make your content even more secure you can upgrade to the Pro version that includes an innovative way to manage your encryption keys called \u003Ca href=\"https:\u002F\u002Fencryptedposttype.com\u002Fkb\u002Frest-key-management-rkm\u002F\" rel=\"nofollow ugc\">REST Key Management (RKM)\u003C\u002Fa>. RKM stores your encryption keys on a separate WordPress site that you control, meaning that both the site where your encrypted content is stored AND the site where your keys are stored would have to be compromised for your data to be at risk – and it would have to be a very bad day for that to happen.\u003C\u002Fp>\n\u003Cp>Included with Pro:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Rest Key Management (RKM) – offers a significant security boost!\u003C\u002Fli>\n\u003Cli>Archive Posts – don’t want a post to show up in ‘All Posts’? Mark it as archived and it’ll only be viewable in a special ‘Archive’ mode.\u003C\u002Fli>\n\u003Cli>Individual Posts – only the author of an individual post can view and edit it.\u003C\u002Fli>\n\u003Cli>Hide the front-end of your site – only use your WP site to write notes, or draft documents? Easily hide the front-end.\u003C\u002Fli>\n\u003Cli>Premium email support.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fus1.onform.net\u002Fencryptedposttype\u002Fwaitlist\u002F\" rel=\"nofollow ugc\">PRO VERSION COMING SOON – get on the waitlist*\u003C\u002Fa>\u003C\u002Fp>\n\u003Cp>*Your email will only be used to let you know when the Pro version is available.\u003C\u002Fp>\n\u003Ch3>Request a feature\u003C\u002Fh3>\n\u003Cp>The core plugin is available for anyone to contribute to on Github here: \u003Ca href=\"https:\u002F\u002Fgithub.com\u002FNewJenk\u002FEPT\u002F\" rel=\"nofollow ugc\">github.com\u002FNewJenk\u002FEPT\u003C\u002Fa>, pull requests are welcome. In addition, you can \u003Ca href=\"https:\u002F\u002Fus1.onform.net\u002Fencryptedposttype\u002Frequest-a-feature\u002F\" rel=\"nofollow ugc\">request a feature by filling in the form here\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Compatibility with other plugins\u003C\u002Fh3>\n\u003Cp>Developer-friendly plugins can be extended to encrypt\u002Fdecrypt content. Here are examples of how content can be encrypted and decrypted:\u003C\u002Fp>\n\u003Ch4>Encrypting content\u003C\u002Fh4>\n\u003Cp>See the method \u003Ccode>en_p_t_encrypt_the_post\u003C\u002Fcode> in encrypted-post-type.php for an example of how to encrypt content.\u003C\u002Fp>\n\u003Ch4>Decrypting content\u003C\u002Fh4>\n\u003Cp>See the example here: \u003Ca href=\"https:\u002F\u002Fencryptedposttype.com\u002Fkb\u002Fabout#decrypting-content\" rel=\"nofollow ugc\">https:\u002F\u002Fencryptedposttype.com\u002Fkb\u002Fabout#decrypting-content\u003C\u002Fa>\u003C\u002Fp>\n","Encrypted Post Type provides a custom post type where the content of each post is encrypted.",0,961,20,1,"2022-10-05T07:40:00.000Z","6.0.11","5.5.0","7.2",[20,21,22],"encryption","privacy","security","https:\u002F\u002Fencryptedposttype.com","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fencrypted-post-type.1.0.0.zip",85,null,"2026-03-15T15:16:48.613Z",[],{"slug":30,"display_name":7,"profile_url":8,"plugin_count":14,"total_installs":11,"avg_security_score":25,"avg_patch_time_days":31,"trust_score":32,"computed_at":33},"newjenk",30,84,"2026-04-04T11:01:14.330Z",[35,56,72,95,114],{"slug":36,"name":37,"version":38,"author":39,"author_profile":40,"description":41,"short_description":42,"active_installs":43,"downloaded":44,"rating":45,"num_ratings":46,"last_updated":47,"tested_up_to":48,"requires_at_least":49,"requires_php":50,"tags":51,"homepage":54,"download_link":55,"security_score":25,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":27},"wp-pgp-encrypted-emails","WP PGP Encrypted Emails","0.8.0","Meitar","https:\u002F\u002Fprofiles.wordpress.org\u002Fmeitar\u002F","\u003Cp>WP PGP Encrypted Emails can automatically sign and encrypt any email that WordPress sends to your site’s admin email address or your users’s email addresses. You give it a copy of the recipient’s OpenPGP public key and\u002For their S\u002FMIME certificate, and it does the rest. You can even automatically generate an OpenPGP signing keypair for your site to use.\u003C\u002Fp>\n\u003Cp>Encrypting outgoing emails protects your user’s privacy by ensuring that emails intended for them can be read only by them, and them alone. Moreover, signing those emails helps your users verify that email they receive purporting to be from your site was \u003Cem>actually\u003C\u002Fem> sent by your server, and not some imposter. If you’re a plugin or theme developer, you can encrypt and\u002For sign \u003Cem>arbitrary data\u003C\u002Fem> using this plugin’s OpenPGP and S\u002FMIME APIs, which are both built with familiar, standard WordPress filter hooks. This enables you to develop highly secure communication and publishing tools fully integrated with your WordPress install. See the \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails\u002F#readme\" rel=\"nofollow ugc\">\u003Ccode>README.markdown\u003C\u002Fcode>\u003C\u002Fa> file for details on cryptographic implementation and API usage.\u003C\u002Fp>\n\u003Cp>\u003Cem>Donations for this and my other free software plugins make up a chunk of my income. If you continue to enjoy this plugin, please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WP%20PGP%20Encrypted%20Emails&item_number=wp-pgp-encrypted-emails&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa>. 🙂 Thank you for your support!\u003C\u002Fem>\u003C\u002Fp>\n\u003Cp>Plugin features:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Processes \u003Cem>all\u003C\u002Fem> email your site generates, automatically and transparently.\u003C\u002Fli>\n\u003Cli>Configure outbound signing: sign email sent to \u003Cem>all\u003C\u002Fem> recipients, or just savvy ones.\u003C\u002Fli>\n\u003Cli>Per-user encryption keys and certificates; user manages their own OpenPGP keys and S\u002FMIME certificates.\u003C\u002Fli>\n\u003Cli>Compatible with thousands (yes, thousands) of third-party contact form plugins.\u003C\u002Fli>\n\u003Cli>Full interoperability with all standards-compliant OpenPGP and S\u002FMIME implementations.\u003C\u002Fli>\n\u003Cli>Options to enforce further privacy best practices (e.g., removing \u003Ccode>Subject\u003C\u002Fcode> lines).\u003C\u002Fli>\n\u003Cli>Fully multisite compatible, out of the box. No additional configuration for large networks!\u003C\u002Fli>\n\u003Cli>No binaries to install or configure; everything you need is in the plugin itself.\u003C\u002Fli>\n\u003Cli>Bells and whistles included! For instance, visitors can encrypt comments on posts so only the author can read them.\u003C\u002Fli>\n\u003Cli>Built-in, customizable integration with popular third-party plugins, such as \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwoocommerce\u002F\" rel=\"ugc\">WooCommerce\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Always \u003Cstrong>FREE\u003C\u002Fstrong>. Replaces paid email encryption “upgrades,” and gets rid of yearly subscription fees. (\u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WP%20PGP%20Encrypted%20Emails&item_number=wp-pgp-encrypted-emails&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">Donations\u003C\u002Fa> appreciated!)\u003C\u002Fli>\n\u003Cli>And \u003Cem>more\u003C\u002Fem>, of course. 😉\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The plugin works transparently for \u003Cem>all email\u003C\u002Fem> your site generates, and will also sign and encrypt outgoing email generated by other plugins (such as contact form plugins) or the built-in WordPress notification emails. All you have to do is add one or more OpenPGP keys or an S\u002FMIME certificate to the Email Encryption screen (WordPress Admin Dashboard → Settings → Email Encryption). Each user can opt to also remove envelope information such as email subject lines, which encryption schemes cannot protect. With this plugin, there’s no longer any need to pay for the “pro” version of your favorite contact form plugin to get the benefit of email privacy.\u003C\u002Fp>\n\u003Cp>Each of your site’s users can supply their own, personal OpenPGP public key and\u002For X.509 S\u002FMIME certificate for their own email address to have WordPress automatically encrypt any email destined for them. (They merely need to update their user profile.) They can choose which encryption method to use. Once set up, all future emails WordPress sends to that user will be encrypted using the standards-based OpenPGP or S\u002FMIME technologies.\u003C\u002Fp>\n\u003Cp>The OpenPGP-encrypted emails can be decrypted by any OpenPGP-compatible mail client, such as \u003Ca href=\"https:\u002F\u002Fgpgtools.org\u002F\" rel=\"nofollow ugc\">MacGPG\u003C\u002Fa> (macOS), \u003Ca href=\"https:\u002F\u002Fwww.gpg4win.org\u002F\" rel=\"nofollow ugc\">GPG4Win\u003C\u002Fa> (Windows), \u003Ca href=\"https:\u002F\u002Fwww.enigmail.net\u002F\" rel=\"nofollow ugc\">Enigmail\u003C\u002Fa> (cross-platform), \u003Ca href=\"https:\u002F\u002Fopenkeychain.org\u002F\" rel=\"nofollow ugc\">OpenKeychain\u003C\u002Fa> (Android), or \u003Ca href=\"https:\u002F\u002Fipgmail.com\u002F\" rel=\"nofollow ugc\">iPGMail\u003C\u002Fa> (iPhone\u002FiOS). For more information on reading encrypted emails, generating keys, and other uses for OpenPGP-compatible encryption, consult any (or all!) of the following guides:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fssd.eff.org\u002Fen\u002Fmodule\u002Fintroduction-public-key-cryptography-and-pgp\" rel=\"nofollow ugc\">The Electronic Frontier Foundation’s Surveillance Self-Defense guide to PGP\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fhelp.riseup.net\u002Fen\u002Fgpg-best-practices\" rel=\"nofollow ugc\">RiseUp.net’s OpenPGP best practices guide\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fwww.openpgp.org\u002F\" rel=\"nofollow ugc\">OpenPGP.org\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>The S\u002FMIME-encrypted emails can be decrypted by any S\u002FMIME-compatible mail client. These include \u003Ca href=\"http:\u002F\u002Fsiber-sonic.com\u002Fmac\u002FMailSMIME\u002F\" rel=\"nofollow ugc\">Apple’s Mail on macOS\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fsupport.apple.com\u002Fen-au\u002FHT202345\" rel=\"nofollow ugc\">iOS for iPhone and iPad\u003C\u002Fa>, \u003Ca href=\"https:\u002F\u002Fsupport.office.com\u002Fen-us\u002Farticle\u002FEncrypt-messages-by-using-S-MIME-in-Outlook-Web-App-2E57E4BD-4CC2-4531-9A39-426E7C873E26\" rel=\"nofollow ugc\">Microsoft Outlook\u003C\u002Fa>, \u003Ca href=\"http:\u002F\u002Fwww.claws-mail.org\u002Ffaq\u002Findex.php\u002FS\u002FMIME_howto\" rel=\"nofollow ugc\">Claws Mail for GNU\u002FLinux\u003C\u002Fa>, and more.\u003C\u002Fp>\n\u003Cp>For developers, WP PGP Encrypted Emails provides \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails\u002Fblob\u002Fdevelop\u002FREADME.markdown#openpgp-api\" rel=\"nofollow ugc\">an easy to use API to both OpenPGP\u003C\u002Fa> and \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails\u002Fblob\u002Fdevelop\u002FREADME.markdown#smime-api\" rel=\"nofollow ugc\">S\u002FMIME\u003C\u002Fa> encryption, decryption, and integrity validation operations through the familiar \u003Ca href=\"https:\u002F\u002Fcodex.wordpress.org\u002FPlugin_API\" rel=\"nofollow ugc\">WordPress plugin API\u003C\u002Fa> so you can use this plugin’s simple filter hooks to build custom OpenPGP- or S\u002FMIME-based encryption functionality into your own plugins and themes.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Security Disclaimer\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>Security is a process, not a product. Using WP PGP Encrypted Emails does not guarantee that your site’s outgoing messages are invulnerable to every attacker, in every possible scenario, at all times. No single security measure, in isolation, can do that.\u003C\u002Fp>\n\u003Cp>Do not rely solely on this plugin for the security or privacy of your webserver. See the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fwp-pgp-encrypted-emails\u002Ffaq\u002F\" rel=\"ugc\">Frequently Asked Questions\u003C\u002Fa> for more security advice and for more information about the rationale for this plugin.\u003Cbr \u002F>\nIf you like this plugin, \u003Cstrong>please consider \u003Ca href=\"https:\u002F\u002Fwww.paypal.com\u002Fcgi-bin\u002Fwebscr?cmd=_donations&business=TJLPJYXHSRBEE&lc=US&item_name=WP%20PGP%20Encrypted%20Emails&item_number=wp-pgp-encrypted-emails&currency_code=USD&bn=PP%2dDonationsBF%3abtn_donate_SM%2egif%3aNonHosted\" rel=\"nofollow ugc\">making a donation\u003C\u002Fa> for your use of the plugin\u003C\u002Fstrong> or, better yet, contributing directly to \u003Ca href=\"http:\u002F\u002FCyberbusking.org\u002F\" rel=\"nofollow ugc\">my Cyberbusking fund\u003C\u002Fa>. Your support is appreciated!\u003C\u002Fp>\n\u003Ch4>Themeing\u003C\u002Fh4>\n\u003Cp>Theme authors can use the following code snippets to integrate a WordPress theme with this plugin.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>To link to a site’s OpenPGP signing public key: \u003Ccode>\u003C?php print admin_url( 'admin-ajax.php?action=download_pgp_signing_public_key' ); ?>\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Plugin hooks\u003C\u002Fh4>\n\u003Cp>This plugin offers additional functionality intended for other plugin developers or theme authors to make use of. This functionality is documented here.\u003C\u002Fp>\n\u003Ch3>Filters\u003C\u002Fh3>\n\u003Ch4>`wp_user_encryption_method`\u003C\u002Fh4>\n\u003Cp>Gets the user’s preferred encryption method (either \u003Ccode>pgp\u003C\u002Fcode> or \u003Ccode>smime\u003C\u002Fcode>), if they have provided both an OpenPGP public key and an S\u002FMIME certificate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>WP_User\u003C\u002Fcode> \u003Ccode>$user\u003C\u002Fcode> – The WordPress user object. Defaults to the current user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`wp_openpgp_user_key`\u003C\u002Fh4>\n\u003Cp>Gets the user’s saved OpenPGP public key from their WordPress profile data, immediately usable in other \u003Ccode>openpgp_*\u003C\u002Fcode> filters.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>WP_User\u003C\u002Fcode> \u003Ccode>$user\u003C\u002Fcode> – The WordPress user object. Defaults to the current user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`openpgp_enarmor`\u003C\u002Fh4>\n\u003Cp>Gets an ASCII-armored representation of an OpenPGP data structure (like a key, or an encrypted message).\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The data to be armored.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Optional parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$marker\u003C\u002Fcode> – The marker of the block (the text that follows \u003Ccode>-----BEGIN\u003C\u002Fcode>). Defaults to \u003Ccode>MESSAGE\u003C\u002Fcode>, but you should set this to a more appropriate value. If you are armoring a PGP public key, for instance, set this to \u003Ccode>PGP PUBLIC KEY BLOCK\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>\u003Ccode>string[]\u003C\u002Fcode> \u003Ccode>$headers\u003C\u002Fcode> – An array of strings to apply as headers to the ASCII-armored block, usually used to insert comments or identify the OpenPGP client used. Defaults to \u003Ccode>array()\u003C\u002Fcode> (no headers).\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: ASCII-armor a binary public key.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$ascii_key = apply_filters('openpgp_enarmor', $public_key, 'PGP PUBLIC KEY BLOCK');\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_key`\u003C\u002Fh4>\n\u003Cp>Gets a binary OpenPGP public key for use in later PGP operations from an ASCII-armored representation of that key.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$key\u003C\u002Fcode> – The ASCII-armored PGP public key block.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Get a key saved as an ASCII string in the WordPress database option \u003Ccode>my_plugin_pgp_public_key\u003C\u002Fcode>.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$key = apply_filters('openpgp_key', get_option('my_plugin_pgp_public_key'));\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_sign`\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fwww.gnupg.org\u002Fgph\u002Fen\u002Fmanual\u002Fx135.html#AEN152\" rel=\"nofollow ugc\">Clearsigns\u003C\u002Fa> a message using a given private key.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required parameters:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The message data to sign.\u003C\u002Fli>\n\u003Cli>\u003Ccode>OpenPGP_SecretKeyPacket\u003C\u002Fcode> \u003Ccode>$signing_key\u003C\u002Fcode> – The signing key to use, obtained by passing the ASCII-armored private key through the \u003Ccode>openpgp_key\u003C\u002Fcode> filter.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Sign a short string.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$message = 'This is a message to sign.';\n$signing_key = apply_filters('openpgp_key', $ascii_key);\n$signed_message = apply_filters('openpgp_sign', $message, $signing_key);\n\u002F\u002F $signed_message is now a clearsigned message\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_encrypt`\u003C\u002Fh4>\n\u003Cp>Encrypts data to one or more PGP public keys or passphrases.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – Data to encrypt.\u003C\u002Fli>\n\u003Cli>\u003Ccode>array|string\u003C\u002Fcode> \u003Ccode>$keys\u003C\u002Fcode> – Passphrases or keys to use to encrypt the data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Encrypt the content of a blog post.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>\u002F\u002F First, get the PGP public key(s) of the recipient(s)\n$ascii_key = '-----BEGIN PGP PUBLIC KEY BLOCK-----\n[...snipped for length...]\n-----END PGP PUBLIC KEY BLOCK-----';\n$encryption_key = apply_filters('openpgp_key', $ascii_key);\n$encrypted_post = apply_filters('openpgp_encrypt', $post->post_content, $encryption_key);\n\u002F\u002F Now you can safely send or display $encrypted_post anywhere you like and only\n\u002F\u002F those who control the corresponding private key(s) can decrypt it.\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_sign`\u003C\u002Fh4>\n\u003Cp>Signs a message (arbitrary data) with the given private key.\u003C\u002Fp>\n\u003Cp>Note that if your plugin uses the built-in WordPress core \u003Ccode>wp_mail()\u003C\u002Fcode> function and this plugin is active, your plugin’s outgoing emails are already automatically signed so you do not need to do anything. This filter is intended for use by plugin developers who want to create custom, trusted communiques between WordPress and some other system.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The data to sign.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>OpenPGP_SecretKeyPacket\u003C\u002Fcode> \u003Ccode>$privatekey\u003C\u002Fcode> – The private key used for signing the message. The default is to use the private key automatically generated during plugin activation. The automatically generated keypair is intended to be a low-trust, single-purpose keypair for your website itself, so you probably do not need or want to use this argument yourself.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Example: Send a signed, encrypted JSON payload to a remote, insecure server.\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$comment_data = get_comment(2); \u002F\u002F get a WP_Comment object with comment ID 2\n\u002F\u002F Create JSON payload\n$json = array('success' => true, 'action' => 'new_comment', 'data' => $comment_data);\n$url = 'http:\u002F\u002Finsecure.example.com\u002F';\n$response = wp_safe_remote_post($url, array(\n));\n\u003C\u002Fcode>\u003C\u002Fpre>\n\u003Ch4>`openpgp_sign_and_encrypt`\u003C\u002Fh4>\n\u003Cp>A convenience filter that applies \u003Ccode>openpgp_sign\u003C\u002Fcode> and then \u003Ccode>openpgp_encrypt\u003C\u002Fcode> to the result.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$data\u003C\u002Fcode> – The data to sign and encrypt.\u003C\u002Fli>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$signing_key\u003C\u002Fcode> – The signing key to use.\u003C\u002Fli>\n\u003Cli>\u003Ccode>array|string\u003C\u002Fcode> \u003Ccode>$recipient_keys_and_passphrases\u003C\u002Fcode> – Public key(s) of the recipient(s), or passphrases to encrypt to.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`wp_openpgp_user_key`\u003C\u002Fh4>\n\u003Cp>Gets the user’s saved S\u002FMIME public certificate from their WordPress profile data, immediately usable in other \u003Ccode>smime_*\u003C\u002Fcode> filters.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Optional arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>WP_User\u003C\u002Fcode> \u003Ccode>$user\u003C\u002Fcode> – The WordPress user object. Defaults to the current user.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`smime_certificate`\u003C\u002Fh4>\n\u003Cp>Gets a PHP resource handle to an X.509 Certificate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>mixed\u003C\u002Fcode> \u003Ccode>$cert\u003C\u002Fcode> – The certificate, either as a string to a file, or raw PEM-encoded certificate data.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`smime_certificate_pem_encode`\u003C\u002Fh4>\n\u003Cp>Encodes (“exports”) a given X.509 certificate as PEM format.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>resource\u003C\u002Fcode> \u003Ccode>$cert\u003C\u002Fcode>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>`smime_encrypt`\u003C\u002Fh4>\n\u003Cp>Encrypts a message as an S\u002FMIME email given a public certificate.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Required arguments:\n\u003Cul>\n\u003Cli>\u003Ccode>string\u003C\u002Fcode> \u003Ccode>$message\u003C\u002Fcode> – The message contents to encrypt.\u003C\u002Fli>\n\u003Cli>\u003Ccode>string|string[]\u003C\u002Fcode> \u003Ccode>$headers\u003C\u002Fcode> – The message headers for the encrypted part.\u003C\u002Fli>\n\u003Cli>\u003Ccode>resource|array\u003C\u002Fcode> \u003Ccode>$certificates\u003C\u002Fcode> – The recipient’s certificate, or an array of recipient certificates.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>This filter returns an array with two keys, \u003Ccode>headers\u003C\u002Fcode> and \u003Ccode>message\u003C\u002Fcode>, wherein the message is encrypted.\u003C\u002Fp>\n\u003Cp>Example: send an encrypted email via \u003Ccode>wp_mail()\u003C\u002Fcode>. (You do not need to do this if the recipient is registered as your site’s user, because this plugin does that automatically. Only do this if you need to send S\u002FMIME encrypted email to an address not stored in WordPress’s own database.)\u003C\u002Fp>\n\u003Cpre>\u003Ccode>$cert = apply_filters( 'smime_certificate', get_option( 'my_plugin_smime_certificate' ) );\n$body = 'This is a test email message body.';\n$head = array(\n    'From' => get_option( 'admin_email' ),\n);\n$smime_data = apply_filters( 'smime_encrypt', $body, $head, $cert );\nif ( $smime_data ) {\n    wp_mail(\n        'recipient@example.com',\n        'Test message.',\n        $smime_data['message'], \u002F\u002F message is sent encrypted\n        $smime_data['headers']\n    );\n}\n\u003C\u002Fcode>\u003C\u002Fpre>\n","Signs and encrypts emails using PGP\u002FGPG keys or X.509 certificates. Provides OpenPGP and S\u002FMIME functions via WordPress plugin API.",400,25921,92,16,"2021-05-25T19:04:00.000Z","5.7.15","4.4","",[52,20,53,21,22],"email","pgp","https:\u002F\u002Fgithub.com\u002Ffabacab\u002Fwp-pgp-encrypted-emails","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwp-pgp-encrypted-emails.0.8.0.zip",{"slug":57,"name":58,"version":6,"author":59,"author_profile":60,"description":61,"short_description":62,"active_installs":11,"downloaded":63,"rating":11,"num_ratings":11,"last_updated":50,"tested_up_to":64,"requires_at_least":65,"requires_php":66,"tags":67,"homepage":50,"download_link":69,"security_score":70,"vuln_count":11,"unpatched_count":11,"last_vuln_date":26,"fetched_at":71},"cryptnote-secure-links","CryptNote Secure Links","Lucas Catão Moraes","https:\u002F\u002Fprofiles.wordpress.org\u002Fdolutech\u002F","\u003Cp>Create messages with expiration\u002Flimited views via the \u003Cstrong>CryptNote.pro\u003C\u002Fstrong> API without leaving WordPress.\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Admin form to generate \u003Ccode>share_url\u003C\u002Fcode> and token via API.\u003C\u002Fli>\n\u003Cli>Option to replace all sent emails (\u003Ccode>wp_mail\u003C\u002Fcode>) with a secure link (attachments are removed).\u003C\u002Fli>\n\u003Cli>Customizable placeholders in the email body: \u003Ccode>{share_url}\u003C\u002Fcode>, \u003Ccode>{token}\u003C\u002Fcode>, \u003Ccode>{max_views}\u003C\u002Fcode>, \u003Ccode>{expire_minutes}\u003C\u002Fcode>.\u003C\u002Fli>\n\u003Cli>Support for optional password, expiration in minutes, and Markdown\u002FHTML flags.\u003C\u002Fli>\n\u003Cli>Configurable endpoint (default \u003Ccode>https:\u002F\u002Fcryptnote.pro\u002Fapi\u002Fv1\u003C\u002Fcode>) and optional \u003Ccode>X-API-Key\u003C\u002Fcode> header.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Privacy\u003C\u002Fh3>\n\u003Cp>This plugin uses the external \u003Cstrong>CryptNote\u003C\u002Fstrong> service to generate and host the secure link and token. When creating a link, the protected content and metadata (views, expiration, optional password) are sent to \u003Ccode>https:\u002F\u002Fcryptnote.pro\u002Fapi\u002Fv1\u003C\u002Fcode>. See the service’s privacy policy at https:\u002F\u002Fcryptnote.pro\u002Fprivacy.php?lang=en.\u003C\u002Fp>\n","Integrates CryptNote.pro to generate encrypted links directly from the WordPress dashboard and replace emails with secure links.",96,"6.9.4","5.8","7.4",[52,20,68,21,22],"links","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptnote-secure-links.1.0.0.zip",100,"2026-03-15T10:48:56.248Z",{"slug":73,"name":74,"version":75,"author":76,"author_profile":77,"description":78,"short_description":79,"active_installs":80,"downloaded":81,"rating":82,"num_ratings":83,"last_updated":84,"tested_up_to":64,"requires_at_least":49,"requires_php":85,"tags":86,"homepage":90,"download_link":91,"security_score":92,"vuln_count":93,"unpatched_count":11,"last_vuln_date":94,"fetched_at":27},"jonradio-private-site","My Private Site","4.1.0","David Gewirtz","https:\u002F\u002Fprofiles.wordpress.org\u002Fdgewirtz\u002F","\u003Cp>\u003Cstrong>My Private Site\u003C\u002Fstrong> makes your WordPress site private so only logged-in users can see your content. With one click, you can restrict access to all posts and pages, automatically redirect visitors to the login screen, and keep your site visible only to people you trust.\u003C\u002Fp>\n\u003Cp>Unlike full membership or subscription systems, My Private Site focuses on strong privacy without unnecessary complexity. It is ideal for family sites, schools, clubs, client previews, or development environments where you want to share content with a trusted audience without managing payments, profiles, or custom roles.\u003C\u002Fp>\n\u003Ch3>Ideal Use Cases\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>\u003Cstrong>Family sites and school projects\u003C\u002Fstrong>: Share personal updates, photos, or assignments only with family members, classmates, or teachers you choose.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Development and staging sites\u003C\u002Fstrong>: Safely show work-in-progress to clients or teammates without exposing unfinished content or letting it be indexed by search engines.\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Clubs, groups, and internal blogs\u003C\u002Fstrong>: Create a private online space for members or staff without the overhead of a complex membership system.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Digital Fortress protection\u003C\u002Fh3>\n\u003Cp>My Private Site helps protect the “front door” of your private site with built-in safeguards for login and user registration, including registration spam protection and optional reCAPTCHA support. It also includes AI Crawler Defense to discourage automated collection of your site’s content.\u003C\u002Fp>\n\u003Ch3>Key Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Make your entire WordPress site private with a single setting  \u003C\u002Fli>\n\u003Cli>Redirect logged-out visitors automatically to the login page  \u003C\u002Fli>\n\u003Cli>Choose where users land after login (requested page, home, dashboard, or custom URL)  \u003C\u002Fli>\n\u003Cli>Support user self-registration on private sites when enabled  \u003C\u002Fli>\n\u003Cli>Protect registration with built-in spam controls and optional reCAPTCHA  \u003C\u002Fli>\n\u003Cli>Optionally block unauthenticated access to the WordPress REST API  \u003C\u002Fli>\n\u003Cli>Simple, no-code setup using standard WordPress settings \u003C\u002Fli>\n\u003Cli>Privacy shortcode lets you selectively show or hide content within a page or post.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Built-in AI Crawler Defense\u003C\u002Fh3>\n\u003Cp>The internet is rapidly changing, with AI crawlers and bots harvesting content without consent. My Private Site helps you defend your work with integrated \u003Cstrong>AI Crawler Defense\u003C\u002Fstrong> features:\u003Cbr \u002F>\n* \u003Cstrong>NoAI and NoImageAI tags\u003C\u002Fstrong>: Automatically add meta tags and headers that signal compliant AI systems not to use your text or images for training.\u003Cbr \u002F>\n* \u003Cstrong>Block GPTBot\u003C\u002Fstrong>: Add a robots.txt rule to prevent OpenAI’s crawler from accessing your site.\u003Cbr \u002F>\n* \u003Cstrong>Really Simple Licensing (RSL)\u003C\u002Fstrong>: Publish a machine-readable license that explicitly prohibits AI training on your content.\u003C\u002Fp>\n\u003Cp>These protections are included free in the core plugin, easy to enable with a checkbox, and designed to safeguard your site without affecting normal visitors or search engines. You can use them even if you’re not using any other site privacy features.\u003C\u002Fp>\n\u003Ch3>Watch the Video Overview and Demo\u003C\u002Fh3>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002Fjry3DHD-OB8?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Ch3>Premium Add-ons\u003C\u002Fh3>\n\u003Cp>Premium add-ons turn My Private Site into a comprehensive privacy suite, giving you enterprise-style layered security defenses, smarter oversight, and flexible access, without the complexity or cost.\u003C\u002Fp>\n\u003Cp>Advanced AI Crawler Defense, Visitor Intelligence, and Block IP provide protections regardless of whether you’re using any site privacy features.\u003C\u002Fp>\n\u003Cp>\u003Cspan class=\"embed-youtube\" style=\"text-align:center; display: block;\">\u003Ciframe loading=\"lazy\" class=\"youtube-player\" width=\"750\" height=\"422\" src=\"https:\u002F\u002Fwww.youtube.com\u002Fembed\u002FB6s8O9VZLc0?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent\" allowfullscreen=\"true\" style=\"border:0;\" sandbox=\"allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox\">\u003C\u002Fiframe>\u003C\u002Fspan>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-public-pages\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Public Pages 2.0\u003C\u002Fstrong>\u003C\u002Fa>: Allows site operators to designate certain specific pages, or pages with specified prefix, to be available to the public without login. Now also allows public site, private pages. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fu7BuYtzS_pI\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-advanced-ai-defense\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Advanced AI Crawler Defense\u003C\u002Fstrong>\u003C\u002Fa>: Protect WordPress content from AI crawlers using licensing, opt-out tags, selective bot blocking, and firewall defenses to control and safeguard your data. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FEb4qQDafaRk\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-visitor-intelligence\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Visitor Intelligence\u003C\u002Fstrong>\u003C\u002Fa>: Track logins, logouts, failed attempts, and bot activity with a unified log, anomaly detection, and export tools for stronger site oversight and security. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FTTK8bGVD8pM\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-guest-access\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Guest Access\u003C\u002Fstrong>\u003C\u002Fa>: Grant temporary, secure access to private WordPress content using unique shareable links with expiration, one-time use, and full admin-controlled invite management. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002Fj1vYV8lhqcc\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-block-ip\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Block IP\u003C\u002Fstrong>\u003C\u002Fa>: Block unwanted visitors by IP address or range with full IPv4\u002FIPv6 support, configurable scope, and fast enforcement to secure your WordPress site. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FvsxLqYXWITs\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-tags-and-categories\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Tags & Categories\u003C\u002Fstrong>\u003C\u002Fa>: Allows you to make pages public or (with Public Pages 2.0) private based on tags and categories. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FdEv7lXxU5lo\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-selective-content\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Selective Content\u003C\u002Fstrong>\u003C\u002Fa>: Allows hiding, showing, and obscurifying page content through the use of shortcodes. Can also selectively hide widgets and sidebars. \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FexgJrJJSCNY\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003Cli>\u003Ca href=\"https:\u002F\u002Fzatzlabs.com\u002Fproject\u002Fmy-private-site-pricing\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Digital Fortress Bundle\u003C\u002Fstrong>\u003C\u002Fa>: All add-ons are available in bundle form.  \u003Ca href=\"https:\u002F\u002Fyoutu.be\u002FB6s8O9VZLc0\" rel=\"nofollow ugc\">Watch the video\u003C\u002Fa>\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Limits\u003C\u002Fh3>\n\u003Cp>This plugin does not hide non-WordPress web pages, such as .html and .php files. It also won’t restrict images and other media and text files directly accessed by their URL. If your hosting provider’s filesystem protections haven’t been set up correctly, files may also be accessed by directory listing.\u003C\u002Fp>\n\u003Ch3>Support Note\u003C\u002Fh3>\n\u003Cp>Support has moved to the ZATZLabs site and is no longer provided on the WordPress.org forums. If you need a timely reply from the developer, please \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Fsubmit-ticket\u002F\" rel=\"nofollow ugc\">open a ticket\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Mailing List\u003C\u002Fh3>\n\u003Cp>If you’d like to keep up with the latest updates to this plugin, please visit \u003Ca href=\"http:\u002F\u002Fzatzlabs.com\u002Flab-notes\u002F\" rel=\"nofollow ugc\">David’s Lab Notes\u003C\u002Fa> and add yourself to the mailing list.\u003C\u002Fp>\n","Make your WordPress site private with one click for family, projects, or teams. Protection for content, login, and registration.",20000,568968,90,80,"2026-01-28T21:00:00.000Z","5.4",[87,21,88,89,22],"login","private-site","registration","http:\u002F\u002Fzatzlabs.com\u002Fplugins\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fjonradio-private-site.4.1.0.zip",99,2,"2024-02-16 00:00:00",{"slug":96,"name":97,"version":98,"author":99,"author_profile":100,"description":101,"short_description":102,"active_installs":80,"downloaded":103,"rating":63,"num_ratings":104,"last_updated":105,"tested_up_to":64,"requires_at_least":106,"requires_php":66,"tags":107,"homepage":111,"download_link":112,"security_score":70,"vuln_count":14,"unpatched_count":11,"last_vuln_date":113,"fetched_at":27},"restricted-site-access","Restricted Site Access","7.6.1","10up","https:\u002F\u002Fprofiles.wordpress.org\u002F10up\u002F","\u003Cp>Limit access your site to visitors who are logged in or accessing the site from a set of specified IP addresses. Send restricted visitors to the log in page, redirect them, or display a message or page. A great solution for Extranets, publicly hosted Intranets, or parallel development \u002F staging sites.\u003C\u002Fp>\n\u003Cp>Adds a number of new configuration options to the Reading settings panel as well as the Network Settings panel in multisite. From these panels you can:\u003C\u002Fp>\n\u003Cul>\n\u003Cli>Enable or disable site restriction\u003C\u002Fli>\n\u003Cli>Change the restriction behavior: send to login, redirect, display a message, display a page\u003C\u002Fli>\n\u003Cli>Add IP addresses to an unrestricted list, including ranges\u003C\u002Fli>\n\u003Cli>Quickly add your current IP to the unrestricted list\u003C\u002Fli>\n\u003Cli>Customize the redirect location, including an option to send them to the same requested path and set the HTTP status code for SEO friendliness\u003C\u002Fli>\n\u003Cli>Define a simple message to show restricted visitors, or select a page to show them – great for “coming soon” teasers!\u003C\u002Fli>\n\u003C\u002Ful>\n","Limit access to visitors who are logged in or allowed by IP addresses. Includes many options for handling blocked visitors.",1120245,62,"2026-01-04T21:22:00.000Z","6.6",[108,109,21,110,22],"limited","permissions","restrict","https:\u002F\u002F10up.com\u002Fplugins\u002Frestricted-site-access-wordpress\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Frestricted-site-access.7.6.1.zip","2022-08-31 00:00:00",{"slug":115,"name":116,"version":117,"author":118,"author_profile":119,"description":120,"short_description":121,"active_installs":122,"downloaded":123,"rating":124,"num_ratings":125,"last_updated":126,"tested_up_to":64,"requires_at_least":127,"requires_php":128,"tags":129,"homepage":134,"download_link":135,"security_score":92,"vuln_count":14,"unpatched_count":11,"last_vuln_date":136,"fetched_at":27},"cryptx","CryptX","4.0.11","Ralf Weber","https:\u002F\u002Fprofiles.wordpress.org\u002Fd3395\u002F","\u003Cp>No more SPAM by spiders scanning your site for email addresses. With CryptX you can hide all your email addresses, with and without a mailto-link, by converting them using javascript or UNICODE.\u003C\u002Fp>\n\u003Cp>CryptX protects your email addresses from spambots while keeping them readable and functional for your visitors. The plugin automatically detects email addresses in your content and encrypts them using various methods including JavaScript encryption, Unicode conversion, and image replacement.\u003C\u002Fp>\n\u003Cp>\u003Cstrong>Key Features:\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cul>\n\u003Cli>\u003Cstrong>Automatic Email Detection\u003C\u002Fstrong> – Finds and encrypts email addresses in posts, pages, comments, and widgets\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Multiple Encryption Methods\u003C\u002Fstrong> – JavaScript, Unicode, image replacement, and custom text options\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Widget Support\u003C\u002Fstrong> – Works with text widgets and other widget content\u003C\u002Fli>\n\u003Cli>\u003Cstrong>RSS Feed Control\u003C\u002Fstrong> – Option to disable encryption in RSS feeds\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Whitelist Support\u003C\u002Fstrong> – Exclude specific domains from encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Per-Post Control\u003C\u002Fstrong> – Enable\u002Fdisable encryption on individual posts and pages\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Shortcode Support\u003C\u002Fstrong> – Use \u003Ccode>[cryptx]email@example.com[\u002Fcryptx]\u003C\u002Fcode> for manual encryption\u003C\u002Fli>\n\u003Cli>\u003Cstrong>Template Functions\u003C\u002Fstrong> – Developer-friendly functions for theme integration\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>\u003Ca href=\"http:\u002F\u002Fweber-nrw.de\u002Fwordpress\u002Fcryptx\u002F\" title=\"Plugin Homepage\" rel=\"nofollow ugc\">Plugin Homepage\u003C\u002Fa>\u003C\u002Fp>\n","No more SPAM by spiders scanning your site for email addresses!",10000,280578,88,19,"2025-12-18T08:01:00.000Z","6.7","8.3",[130,131,132,21,133],"antispam","email-encryption","mail","spam-protection","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fcryptx\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fcryptx.4.0.11.zip","2025-12-04 20:35:36",{"attackSurface":138,"codeSignals":225,"taintFlows":236,"riskAssessment":264,"analyzedAt":273},{"hooks":139,"ajaxHandlers":221,"restRoutes":222,"shortcodes":223,"cronEvents":224,"entryPointCount":11,"unprotectedCount":11},[140,147,152,156,160,164,168,172,176,180,184,188,192,197,202,206,209,213,217],{"type":141,"name":142,"callback":143,"priority":144,"file":145,"line":146},"filter","rest_prepare_en_p_t","en_p_t_prepare_filter",10,"encrypted-post-type.php",58,{"type":148,"name":149,"callback":150,"priority":92,"file":145,"line":151},"action","admin_enqueue_scripts","en_p_t_scripts_and_styles_admin",61,{"type":148,"name":153,"callback":154,"priority":144,"file":145,"line":155},"wp_insert_post","en_p_t_create_post_key",64,{"type":148,"name":157,"callback":158,"priority":144,"file":145,"line":159},"save_post","en_p_t_encrypt_the_post",66,{"type":141,"name":161,"callback":162,"priority":144,"file":145,"line":163},"_wp_post_revision_field_post_content","en_p_t_display_decrypted_revision_with_diffs",71,{"type":148,"name":157,"callback":165,"priority":166,"file":145,"line":167},"en_p_t_save_meta_to_revision",12,73,{"type":148,"name":169,"callback":170,"priority":144,"file":145,"line":171},"wp_restore_post_revision","en_p_t_restore_revision",75,{"type":141,"name":173,"callback":174,"file":145,"line":175},"wp_insert_post_data","en_p_t_set_post_to_private",77,{"type":148,"name":177,"callback":178,"file":145,"line":179},"template_redirect","en_p_t_redirect_404_to_edit_screen",79,{"type":141,"name":181,"callback":182,"file":183,"line":125},"manage_en_p_t_posts_columns","en_p_t_pt_modified_col_register","inc\\classes\\class-posts-table.php",{"type":148,"name":185,"callback":186,"priority":144,"file":183,"line":187},"manage_en_p_t_posts_custom_column","en_p_t_pt_modified_col_display",21,{"type":141,"name":189,"callback":190,"file":183,"line":191},"manage_edit-en_p_t_sortable_columns","en_p_t_pt_modified_col_sort",23,{"type":148,"name":193,"callback":194,"priority":195,"file":183,"line":196},"pre_get_posts","en_p_t_pt_default_orderby",9,25,{"type":148,"name":198,"callback":199,"priority":11,"file":200,"line":201},"init","en_p_t_r_post_type","inc\\classes\\class-register-post-type.php",32,{"type":141,"name":203,"callback":204,"file":200,"line":205},"post_updated_messages","en_p_t_r_messages",35,{"type":148,"name":198,"callback":207,"priority":11,"file":200,"line":208},"en_p_t_r_taxonomy",38,{"type":148,"name":210,"callback":211,"file":200,"line":212},"admin_menu","en_p_t_r_add_tags_to_menu_item",41,{"type":141,"name":214,"callback":215,"priority":144,"file":200,"line":216},"parent_file","en_p_t_r_set_sidebar_active_item",44,{"type":141,"name":218,"callback":219,"file":200,"line":220},"submenu_file","en_p_t_r_set_sidebar_active_item_tax",47,[],[],[],[],{"dangerousFunctions":226,"sqlUsage":227,"outputEscaping":229,"fileOperations":11,"externalRequests":11,"nonceChecks":11,"capabilityChecks":14,"bundledLibraries":235},[],{"prepared":11,"raw":11,"locations":228},[],{"escaped":230,"rawEcho":93,"locations":231},42,[232,234],{"file":183,"line":146,"context":233},"raw output",{"file":183,"line":83,"context":233},[],[237,256],{"entryPoint":238,"graph":239,"unsanitizedCount":14,"severity":255},"en_p_t_redirect_404_to_edit_screen (encrypted-post-type.php:818)",{"nodes":240,"edges":252},[241,246],{"id":242,"type":243,"label":244,"file":145,"line":245},"n0","source","$_GET",824,{"id":247,"type":248,"label":249,"file":145,"line":250,"wp_function":251},"n1","sink","wp_redirect() [Open Redirect]",829,"wp_redirect",[253],{"from":242,"to":247,"sanitized":254},false,"medium",{"entryPoint":257,"graph":258,"unsanitizedCount":14,"severity":255},"\u003Cencrypted-post-type> (encrypted-post-type.php:0)",{"nodes":259,"edges":262},[260,261],{"id":242,"type":243,"label":244,"file":145,"line":245},{"id":247,"type":248,"label":249,"file":145,"line":250,"wp_function":251},[263],{"from":242,"to":247,"sanitized":254},{"summary":265,"deductions":266},"The \"encrypted-post-type\" v1.0.0 plugin exhibits a very strong security posture based on the provided static analysis.  The absence of any detected AJAX handlers, REST API routes, shortcodes, or cron events significantly limits the plugin's attack surface. The code analysis reveals a commitment to secure coding practices, with all detected SQL queries utilizing prepared statements and a high percentage of output being properly escaped. The lack of file operations and external HTTP requests further reduces potential risks.\n\nWhile the overall picture is positive, there are a couple of minor areas for attention. The taint analysis identified two flows with unsanitized paths, which, although not resulting in critical or high severity issues in this instance, represents a potential vector for future vulnerabilities if not addressed. Furthermore, the absence of nonce checks is a concern, as it suggests that actions triggered by this plugin might not have the necessary protection against Cross-Site Request Forgery (CSRF) attacks, especially if any actions are performed on the backend without proper authorization.\n\nThe plugin's vulnerability history, being entirely clear, is a significant strength, indicating a mature and well-maintained codebase to date.  In conclusion, \"encrypted-post-type\" v1.0.0 appears to be a securely developed plugin with excellent adherence to best practices. The primary areas for improvement lie in addressing the identified unsanitized paths and implementing nonce checks to further harden its defenses against potential attacks.",[267,270],{"reason":268,"points":269},"Taint flows with unsanitized paths found",8,{"reason":271,"points":272},"No nonce checks implemented",5,"2026-03-17T06:44:04.509Z",{"wat":275,"direct":283},{"assetPaths":276,"generatorPatterns":279,"scriptPaths":280,"versionParams":281},[277,278],"\u002Fwp-content\u002Fplugins\u002Fencrypted-post-type\u002Fassets\u002Fcss\u002Fadmin\u002Fadmin-style.css","\u002Fwp-content\u002Fplugins\u002Fencrypted-post-type\u002Fassets\u002Fjs\u002Fadmin\u002FonEditScreen.js",[],[278],[282,6],"encrypted-post-type?ver=",{"cssClasses":284,"htmlComments":285,"htmlAttributes":286,"restEndpoints":287,"jsGlobals":289,"shortcodeOutput":291},[],[],[],[288],"\u002Fwp-json\u002Fwp\u002Fv2\u002Fen_p_t",[290],"en_p_t",[]]