The Subrosa plugin is Free Software licensed under the GNU GPL.
Before you start
Encryption can significantly improve your privacy and security. But you should have at least some basic understanding of the technology of Public Key encryption. You might want to read a nice Wikipedia article on Public Key encryption, and you will additionally find valuable information in the section Background below.
If you don't have a PGP Key pair yet, you need to create it, for example with gpg4win, Enigmail or some other GnuPG frontend. This is not hard, and you will find advice on how to achieve this on the respective web sites.
Once you have a key pair, you can proceed with installing this plugin.
Have problems unpacking archives? Try the latest 7zip.
... is a 5-minutes-breeze:
- Download the plugin
- Unpack it and upload the folder
subrosato your plugins directory
- Make sure that your theme's
header.phpis not missing the
- Open your contact form plugin in a text editor and replace the word
ctsr_mailin the call to the
mail()function. (This line you're looking for will look something like
mail($to, $subject, $message, $header).)
- Export the public key to the e-mail address you use for the contact form and save it as
pubkey.ascin the plugin's directory.
- Open the file
subrosa.phpand edit the settings at the beginning of the file. The defaults should work with Contact Form ][. Most important is the
- While you’re there, you can edit the styles that are applied automatically to the encryption section (only if
$ctsr_do_autostyleis set to
- Activate the plugin in your admin panel, go to your contact page, and be amazed.
There is also an illustrated and very detailed howto by Kai Schott. If you feel overstrained with the above instructions, you should have a look at his tutorial.
Some words on security
Public Key encryption allows the sender to encrypt a message with a publicly available key and without a password. This so called Public Key is complemented by a so-called Private Key, which must be kept secret by the owner. Because of the two-fold approach, this method is also known as asymetric encryption. It can be considered extremely secure – so secure that even the CIA couldn’t read your message, at least not within the next 100 years (although this depends on the key length).
However, there is still a little chance for an attacker to subvert your communication: If he succeeds to change the public key (e.g. by hacking your server or performing a man-in-the-middle-attack), he might get the sender to encrypt confidential data with a fake key – preferably his own. Therefore, if you need 100% security, you should arrange a phone call with the sender and compare the so-called fingerprint of the key. If it is not identical, you are very likely to be eavesdropped.
Hints on using the Subrosa plugin
To understand the benefits of encryption, you must understand how your electronic communication can be eavesdropped. You should know that sending e-mails is like sending a postcard – everybody can read it. If you’re in an office, your co-workers or your admin could have a network analyzer like Wireshark installed. This is a very useful tool, but – better: because – it allows to read all data transmitted within a subnetwork (under certail circumstances). You should also know that the administrators of your mail server also can read all mail. Also, if somebody installed malicious software on your computer (like a worm or a trojan horse), they might be able to read your mail. Of course, you can trust all these people, but sometimes it is even beyond their reach to secure you privacy (For example if your mail server is being cracked).
You have nothing to hide, you say? You do, believe me. Confidential information can be of many fashions. For example if you need somebody to help you with your website, you will need to send your access data, and you will not want to have them read by others. Or if you write an e-mail to your wife, you don’t want your co-workers or admin to read it. Or maybe you want to mail with your business partners about a great deal? You better use encryption, or you might get unhitched. If you think that this doesn’t apply to you, you might want to read a chapter or two about industrial espionage. You will see, everybody sometimes needs to protect his or her privacy.
There are localized versions available in
- German: (included with the plugin download)
If you want to translate the plugin to your own language, please grab the
ctsr.pot, fill in the empty fields and compile it with a tool like poEdit. Please don’t forget to send me a copy, so I can make it available to others.
See the plugin working
The Subrosa plugin can be seen in action on our Contact page.
Feedback and improvments are as always highly welcome. Please leave a comment below. That’s it! Have a lot of fun with the Subrosa plugin!
In case you need individual, advanced support: Zirona also provides professional support for this software and its integration on your website (as well as WordPress support in general). Please don’t hesitate to contact us and ask about our services.