This article focuses on the possibility of bringing selected OpenPGP features into WordPress to improve system’s overall security with use of public key cryptography. It weighs benefits and problems of such integration. The article also contains overview of notification emails security in the current version of WordPress. You might find it useful if you are a WordPress developer or user who is interested in security.
The article assumes basic understanding of assymetric cryptography and the role of private and public keys.
Security of WordPress
The core of WordPress CMS might contain security flaws, as any other computer system, but once they are recognized they are fixed in the blink of an eye and patches are available soon for users.
Many more security problems may result from user’s mistakes and lacks in knowledge about computer security. Common problems can be detected and solved by plugins such as iThemes Security. Even after that, passwords might be sent in clear text unless you configure TLS for the server. I recommend to use HTTPS at least for the admin panel, but that’s another story.
After you’ve configured all those basic means of security and want to further minimize the risk of the leak of potentially confidential information, you might want to check some cryptography methods to secure the data. But is this worth the attention and can it really improve security in some aspects?