Sending Encrypted Email From WordPress

One of the primary functions of many business sites is gathering leads and inquiries using forms. There are many plugins available that make this possible, including the popular Contact Form 7, most themes provide contact forms of some sort, and WordPress has built-in email capability.

However, as anyone who keeps abreast of tech news knows, email is not a secure method of communication. In fact, email is insecure by design: it was never intended to be a secure and attempts to make it secure are largely bolted-on remedies that don’t work very well. Services like Gmail provide moderate levels of security by encrypting the connection between client and server, but, because most email servers around the world are incapable of handling encrypted email, everything sent outside of GMail is transmitted unencrypted, and, of course, emails are not encrypted when they are on Google’s servers.

For many businesses, secure communication is essential, both because of security and privacy concerns and for regulatory compliance. For such companies, the standard WordPress email system is not adequate, but fortunately there is a WordPress plugin that allows companies to integrate content forms that send emails that have been encrypted using OpenPGP.

Understanding OpenPGP

OpenPGP is a set of standards for public-key cryptography. Public-key cryptography is a method of encryption which relies on a key-pair which consists of a public and a private key. Information is encrypted using the public key, which, as the name suggests, is distributed publicly. That data can only be decrypted using the private key, which is kept secret. In this way, data can be sent securely from a sender to its recipients.

Encrypting Form Mail On WordPress

The snappily-named wp2pgpmail plugin integrates openPGP encryption with WordPress forms, allowing users to very easily send encrypted enquiries via email to the site’s owners. For the person filling in the form, the process is simply a matter of entering information into the form and hitting “encrypt”. The plugin uses a client-side JavaScript implementation of OpenPGP so information is encrypted on the user’s computer and no information is transmitted before encryption.


Site owners will need to already have a key pair, the public part of which is entered into the plugin’s configuration dialogue. They will also need an email client that is OpenPGP capable so that they can decrypt mail received from the site. There are many email clients that are natively able to deal with encryption or that have plugins that enable OpenPGP functionality, including Mail on OS X with GPGTools and Gpg4win on Windows.

About Graeme Caldwell
Graeme works as an inbound marketer forNexcess, a leading provider of Magento and WordPress hosting. Follow Nexcess on Twitter at @nexcess, Like them on Facebook and check out their tech/hosting blog,

Leave a Reply

Your email address will not be published. Required fields are marked *