Title: WP jCryption Security Author: andreyk Published: 2015 年 1 月 1 日 Last modified: 2015 年 5 月 16 日 --- 搜尋外掛 ![](https://ps.w.org/wp-jcryption/assets/banner-772x250.png?rev=1057868) 這個外掛**並未在最新的 3 個 WordPress 主要版本上進行測試**。開發者可能不再對這個 外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。 ![](https://s.w.org/plugins/geopattern-icon/wp-jcryption_68bca9.svg) # WP jCryption Security 由 [andreyk](https://profiles.wordpress.org/andreyk/) 開發 [下載](https://downloads.wordpress.org/plugin/wp-jcryption.zip) * [詳細資料](https://tw.wordpress.org/plugins/wp-jcryption/#description) * [使用者評論](https://tw.wordpress.org/plugins/wp-jcryption/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/wp-jcryption/#installation) * [開發資訊](https://tw.wordpress.org/plugins/wp-jcryption/#developers) [技術支援](https://wordpress.org/support/plugin/wp-jcryption/) ## 外掛說明 The plugin increases security of a site in case it has no SSL certificate, useful for owners of small sites who want to secure their passwords and other posted data but don’t want to buy SSL certificate for each domain and subdomain: it protects from sniffering the most important data such as passwords when they are being sent from forms of your site to the server. When the form served by the plugin is submitted all input data are being joined into a string, then this string is being encrypted with AES algorythm by disposable key and only encrypred string will be sent. A browser encrypts the disposable key in javascript by the RSA public key and sends it to the server; then the server decrypts it with the RSA private key and then use it to decrypt the posted data with AES. Translations included: Ukrainian, Russian, German and Brazilian Portuguese. I just adapted usage in WordPress the jCryption jQuery plugin, v. 3.1.0. Please check www.jcryption.org to learn how jCryption works. ## 螢幕擷圖 * [[ * HTTP headers without encryption. * [[ * Log-in process encrypted by WP jCryption. ## 安裝方式 Upload wp-jcryption.zip using the wordpress plugin installation interface and activate the plugin. On the very first activation 1024-bit RSA key pair will be generated and the list of forms the plugin is primarily destinated for will be saved. You may add other form IDs to this list on the plugin settings page: Settings – WP jCryption. ## 常見問題集 Installation Instructions Upload wp-jcryption.zip using the wordpress plugin installation interface and activate the plugin. On the very first activation 1024-bit RSA key pair will be generated and the list of forms the plugin is primarily destinated for will be saved. You may add other form IDs to this list on the plugin settings page: Settings – WP jCryption. Why should I use this plugin? If you don’t use https on your site your password could be stolen through man-in- the-middle attack when you are submitting log-in form because form data (including password) are being sent as plain text. This plugin encrypts submitted data in a way similar to https transmission. Does this plugin encrypts transmission of my site pages entirely? No. The plugin encrypts only data being posted from most important forms (that contain password fields: login, reset password, user profile) and forms you specify additionally. To secure all incoming and outgoing traffic of your site a SSL certificate is needed. I have SSL certificate installed on my site already. Do I need to install the plugin? No. Can I check whether the form data are being sent encrypted? Yes, you can do it by means of Firefox LiveHTTPHeaders extension, Fiddler or similar tools. What are system requirements for the plugin? PHP version >= 5.3 with OpenSSL PHP extension. Do I need to generate RSA private and public key files with Linux commands? No. PHP generates keys for you and save them in a database. So, this plugin is usable on (almost) any shared hosting. The plugin works with login form but disables other form during it’s being submitted. Try to enable the plugin option: Fix button id=”submit” and name=”submit”. ## 使用者評論 ![](https://secure.gravatar.com/avatar/b6853eab0d51da161561de8cca10ba04b2cea39ed97c1f728acea8fcc5ffe617? s=60&d=retro&r=g) ### 󠀁[Don't have SSL? Then this is indispensable!](https://wordpress.org/support/topic/dont-have-ssl-then-this-is-indispensable/)󠁿 [Gahapati](https://profiles.wordpress.org/gahapati/) 2016 年 9 月 3 日 For a number of years I found this plugin to be quite indispensable, since until recently I did not have access to SSL-encryption. If ever I were to set up WordPress on a server that lacked SSL again, WP jCryption Security would be the first plugin to install! ![](https://secure.gravatar.com/avatar/93a1c7798169c84b5cabf316a321e86190361e5b82a8ae0f19770f0546fcde42? s=60&d=retro&r=g) ### 󠀁[Great](https://wordpress.org/support/topic/great-4369/)󠁿 [sotnas](https://profiles.wordpress.org/sotnas/) 2016 年 9 月 3 日 A small necessary tool! [ 閱讀全部 3 則使用者評論 ](https://wordpress.org/support/plugin/wp-jcryption/reviews/) ## 參與者及開發者 以下人員參與了開源軟體〈WP jCryption Security〉的開發相關工作。 參與者 * [ andreyk ](https://profiles.wordpress.org/andreyk/) [將〈WP jCryption Security〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/wp-jcryption) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/wp-jcryption/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/wp-jcryption/),或透過 [RSS](https://plugins.trac.wordpress.org/log/wp-jcryption/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/wp-jcryption/)。 ## 變更記錄 #### 0.5.1 * Minified javascript. #### 0.5 * Minified javascript. * Changed endpoint URL to avoid it got cached by caching plugins. * Unset session jCryptionKey after decryption. #### 0.4.1 * German and Brazilian Portuguese translations by Matthias. #### 0.4 * removed unnecessary printing $_POST in the end of wp_jcryption_entry function ( it was there for testing purpose but could be a target for XSS, thanks to Konstantin Kovshenin for this notice). #### 0.3 * ‘fix_submit’ plugin setting is checked on install to let the plugin work with the user profile form; * testing of system requirements enhanced. #### 0.2 * jCryption entry point moved into the ‘plugins_loaded’ action. #### 0.1 * initial version, with separate entry point file using SHORTINIT. ## 中繼資料 * 版本 **0.5.1** * 最後更新 **11 年前** * 啟用安裝數 **30+** * WordPress 版本需求 ** 3.8.1 或更新版本 ** * 已測試相容的 WordPress 版本 **4.8.28** * 語言 * [English (US)](https://wordpress.org/plugins/wp-jcryption/) * 標籤: * [encryption](https://tw.wordpress.org/plugins/tags/encryption/)[forms](https://tw.wordpress.org/plugins/tags/forms/) [login](https://tw.wordpress.org/plugins/tags/login/)[password](https://tw.wordpress.org/plugins/tags/password/) [security](https://tw.wordpress.org/plugins/tags/security/) * [進階檢視](https://tw.wordpress.org/plugins/wp-jcryption/advanced/) ## 評分 4.7 星,滿分為 5 星 * [ 2 個 5 星使用者評論 ](https://wordpress.org/support/plugin/wp-jcryption/reviews/?filter=5) * [ 1 個 4 星使用者評論 ](https://wordpress.org/support/plugin/wp-jcryption/reviews/?filter=4) * [ 0 個 3 星使用者評論 ](https://wordpress.org/support/plugin/wp-jcryption/reviews/?filter=3) * [ 0 個 2 星使用者評論 ](https://wordpress.org/support/plugin/wp-jcryption/reviews/?filter=2) * [ 0 個 1 星使用者評論 ](https://wordpress.org/support/plugin/wp-jcryption/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/wp-jcryption/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/wp-jcryption/reviews/) ## 參與者 * [ andreyk ](https://profiles.wordpress.org/andreyk/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/wp-jcryption/)