This is a README for "OpenPGPComment v1.2", a plugin for WordPress 1.5. It uses GnuPG to verify if digitally signed comments have a valid (good) signature and thus haven't been modified. This plugin is probably of no use to you if you don't use PGP/GPG yourself and have some knowledge about keyrings and handling them. Most of what has to be done is described inside openpgpcomment.php but here we go again... 1. Copy openpgpcomment.php and cleancomments.php to $WORDPRESS/wp-content/plugins You have to activate it in "Plugins", keyring administration can be found in "Manage". 2. Copy signature-popup.php into your WordPress-directory. This file is more or less a stripped down version of wp-comments-popup.php without the bells and whistles. 3. If you only want to get rid of the signature stuff around the comment, set $do_verify = 'false'; to skip the whole GnuPG-stuff. Skip to 5. 4. Create a directory to keep the GnuPG-stuff. Then use gpg to add your own public key. mkdir /path/to/gpgkeyring/dir gpg --export -a 0x123456 > mypubkey.asc gpg --homedir /path/to/gpgkeyring/dir --import mypubkey.asc You have to tweak this in openpgpcomment.php and openpgpcommentadmin.php to make the skript know where to find the key and where to find the GnuPG-binary: $gpg_binary = "/usr/local/bin/gpg"; $gpg_home = "/path/to/gpgkeyring/dir"; This directory should only be readable and writable by the user the webserver runs as. Actually that is not a good idea to have files writable by the webserver-user but in this case GnuPG needs write the trustdb. chown -R user:group /path/to/gpgkeyring/dir chmod 700 /path/to/gpgkeyring/dir The permissions can be 755, but in that case GnuPG would complain. The default options care for that: $gpg_options = "--always-trust --no-permission-warning --no-secmem-warning"; 5. Adjust the variables at the top of openpgpcomment.php to point to your blog and translate or adjust the strings given. 6. Phil Ringnalda suggested do a change to wp-admin/post.php Look for the part where it says "case 'confirmdeletecomment':" and look for a line containing (probably line 528): stripslashes($commentdata["comment_content"]) Change it to htmlspecialchars(stripslashes($commentdata["comment_content"])) 7. Activate the plugin. TODO: - whatever comes to my mind later KNOWN ISSUES: - there is code in openpgpcomment.php for searching keys by emailaddress. but as each keyID usually has several emailaddresses the user is asked interactively which one to chose. but as a TTY is needed for that and PHP doesn't have a TTY this does not work. that is why it is commented out. (this code has been removed for now) -- Christoph 'Bronski' Rummel openpgpcomment (at) bronski.net http://bronski.net/