1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

WordPress site encryption?

Discussion in 'Blogging' started by ShadeDream, Oct 4, 2013.

  1. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    Does anyone know if it would be possible to encrypt a live WordPress site? I'm sure there's a way, just don't think anything free or paid is available?

    I want to store some data online (nothing important, just some personal stuff) in the format of a WordPress blog but want to make sure that even the host can't snoop around.

    Any ideas?
     
  2. Panther28

    Panther28 Elite Member

    Joined:
    May 2, 2010
    Messages:
    2,268
    Likes Received:
    3,405
    Occupation:
    Internet.
    Location:
    Internet.
    is it the articles on the front end that has to be encrypted, or the admin backend you mean?
     
  3. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    Well, it actually looks more complicated then I originally thought, unless I've confused myself. I was after encrypting the whole database, so if someone hacks the server and gets a hold of the database, they won't be able to access any of the blog posts.
     
  4. SEOHULK

    SEOHULK BANNED BANNED

    Joined:
    Aug 20, 2013
    Messages:
    102
    Likes Received:
    45
    If you're going to use standard PHP/MySQL webhosting (most of them are using cPanel) that could prove difficult.
    Wordpress relies on a MySQL database to store the data and I haven't heard of any functionality that would allow you to encrypt MySQL data.

    You're probably going to have to turn to some other CMS for that.
     
  5. SEOHULK

    SEOHULK BANNED BANNED

    Joined:
    Aug 20, 2013
    Messages:
    102
    Likes Received:
    45
    If it's only the contents of the posts you're worried about, just make sure to:
    - regulary update Wordpress
    - install some security addons like "Bulletproof", "Better WP security" and "Wordfrence
    - host the site on a reputable webhost that takes its security serious

    The webhost admins will be able to see your files and database contents in that case, though.
    But they're probably way too busy with work and reddit to look at your stuff.
     
    • Thanks Thanks x 1
  6. Panther28

    Panther28 Elite Member

    Joined:
    May 2, 2010
    Messages:
    2,268
    Likes Received:
    3,405
    Occupation:
    Internet.
    Location:
    Internet.
    technically you could. As the data inside the sql table can hold any range or type of characters. It would require something like an on the fly php encrypter/decrypter though, which might be a bit pointless if someone can still just come along and scrape the pages?
     
  7. SEOHULK

    SEOHULK BANNED BANNED

    Joined:
    Aug 20, 2013
    Messages:
    102
    Likes Received:
    45
    He will probably put the site under password so it won't be publicly available.
    Maybe under htaccess protecton.

    But to achieve encryption on a Wordpress site one would need extensive WP + PHP/MySQL knowledge.
     
  8. Akiee

    Akiee Registered Member

    Joined:
    Sep 30, 2013
    Messages:
    59
    Likes Received:
    6
    what you Mean WordPress site encryption?
     
  9. innosoft

    innosoft Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 25, 2008
    Messages:
    1,632
    Likes Received:
    639
    Occupation:
    Software Developer, SEO
    Location:
    Office
    Home Page:
    i dont think so.. bcoz it has to split content in html format to get rendered... as far as i know u can just encrypt page codes using zend or something.... u cant encrypt html.. u can block right click but its only upto certain limits.
     
  10. GoDesain

    GoDesain Regular Member

    Joined:
    Feb 26, 2011
    Messages:
    292
    Likes Received:
    63
    Still confuse.. but if you want protect your content from someone who can access your DB server.. this my option...
    1. encript your php source code with byterun or somethink like that..
    2. protect admin panel with htaccess ( u will got 2 protection )
    3. use ( http://crypo.in.ua/tools/eng_mpg5.php ) to create secured password
    expl. bhw = 1%NT2%m34R%%533mOP45N1P3 ( if some one try to use brute force software, they need more times to take over your panel )
    4. Change your panel password if you found unidentified Ip address in your panel last login
    5. Don't use unsecure computer to access your panel, just to avoid keylog.

    If you worry your host provider will stole your data, just search trusted webhosting or use u'r own computer...
     
  11. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,834
    Likes Received:
    7,450
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    openssl aes-256-cbc -a -in INFILE -out OUTFILE


     
  12. Freeopkiller

    Freeopkiller Junior Member

    Joined:
    Dec 30, 2009
    Messages:
    117
    Likes Received:
    47
    Location:
    Montana
    I'm not following you exactly. You just want to encrypt your database to keep anyone from stealing data contained in it.
    You also mention personal data and live site. Public or Private Member site ?

    Are you talking about a public article type site everyone can read, private site that require a member to be logged in to view encrypted post or a personal private site ?

    Public viewable site and encrypted database contents you could use a mcrypt function.
    Member viewable only site you could use session key to decrypt the post from the database. ( Key can be Sniffed )
    Full encryption using cipherchain for hardware transparent encryption of everything if using your own server..

    If you could elaborate a little more on what your wanting to do I might be able to help.

    If its just a regular standard website and you just want to encrypt the database, you would have to encrypt the contents of the database, not the actual database. That I think you could do with the php mcrypt function, not sure how it would effect memory and server loads running a wordpress site doing this.. Caching your pages would most likely be required..

    I love figuring out problems like this. Not looking for a job but if you want some help figuring it out let me know...
     
    • Thanks Thanks x 1
  13. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    What I meant by encrypting "a live WordPress site" was that it would still be accessible via the Internet (so it would just be private and only those with a password would be able to access the site and its contents), but at the same time anyone with access to the server / shared hosting (legitimate access or hacked) would not be able to snoop on the contents of the website just by snooping at the database. The database would be useless unless the person trying to access it would have the wp-admin login details.

    I think this is more complicated than I originally thought and therefore I will probably abandon this for now.
     
  14. Freeopkiller

    Freeopkiller Junior Member

    Joined:
    Dec 30, 2009
    Messages:
    117
    Likes Received:
    47
    Location:
    Montana
    Private site makes it easier. Here's a couple plugins that might do the trick...
    http://wordpress.org/plugins/encrypted-blog/
    http://wordpress.org/plugins/wpclef/

    First link looks perfect, however in alpha stage might be something to keep and eye on..
    Second looks like a nice accompaniment login for a private blog.

    (edit) Appears to be a security issues(s) with encrypted blog.
    http://blog.k3170makan.com/2013/08/xss-and-uncontrolled-redirect-vulns-in.html

    Still worthy of keeping an eye on..Free
     
    Last edited: Oct 4, 2013
  15. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    According to this it's not a simple task, so I'm not sure how the above plugins would work... I've seen the first one, and it seems like a mess.
     
  16. Freeopkiller

    Freeopkiller Junior Member

    Joined:
    Dec 30, 2009
    Messages:
    117
    Likes Received:
    47
    Location:
    Montana
    You might still be interested in this, else I'm posting for anyone else who is interested in this thread.

    I had a chance to play around with encrypted blog.. The plugin works good. Does just what you want to do.. It's automatic, you don't have to crypt/decrypt every time you want to read or post something. It for the most part operates 'transparently'.

    You login to WP. Then you are prompted to enter your encryption key..

    If the key is correct, you can read the blog post normally, an incorrect key, post are unreadable. I checked the Database post field the post data is encrypted..
    So your post and database are encrypted (post field anyway).

    I would use this on a new site. It will encrypt the contents of the post, but not the post title. You can browse and operated the site normally.

    Pretty simple process, simple plugin could be adapted to any key fetching process. Encryption was fast and instant. You wouldn't even know you were on an encrypted website unless you used the wrong key..
    Doesn't specify the level of encryption. Looking at the code appears to use RIJNDAEL 128 and SHA256 hash.

    Wasn't planning on writing a review, I needed the post count...
     
    Last edited: Oct 6, 2013
  17. ShadeDream

    ShadeDream Elite Member

    Joined:
    Nov 27, 2008
    Messages:
    2,209
    Likes Received:
    5,230
    Location:
    He who laughs last, laughs longest.
    After reading your post above I thought I might as well check it out. Although it works, it's faulty because it creates duplicate entries within the database. So even though it encrypts the post, the original is duplicated and visible within the database due to revisions. This makes it useless. Maybe if I played around a bit I could solve this, but it's too much of a hassle for what I need at this time.