frontpage.

Show HN: Cryptographic post signing and verification for WordPress

https://wordpress.org/plugins/archiviomd/

1•mvpprojects•1h ago

ArchivioMD + ArchivioID — Markdown file management, cryptographic post signing, and Git-anchored integrity for WordPress

In February 2023, a developer named James Tomasino wrote about signing blog posts with GPG keys and ended with one line:

"If you're using WordPress, you'll need to find some other path forward."

That sat unanswered for two years. I built the path forward — and the foundation it runs on. Two GPL plugins.

ArchivioMD solves a problem every WordPress site on managed hosting hits eventually: you need files at the site root security.md, privacy.md, disclosure.md, robots.txt and you have no FTP access to put them there.

The plugin manages 30+ predefined Markdown documents from the WordPress admin, writes them to wherever the server will accept them (.well-known/meta-docs/ site root uploads fallback), and serves them via WordPress rewrite rules so they appear at the correct URL regardless of physical location. Every document gets a UUID, a checksum, and an append-only changelog. No more one-off file placements nobody can audit or reproduce.

On top of that: cryptographic hash verification for posts (SHA-256 through BLAKE3, HMAC mode, hash_equals() throughout), external Git anchoring that pushes JSON integrity records to GitHub or GitLab via a persistent queue with exponential backoff, HTML rendering of Markdown files, compliance tooling, and sitemap management. ArchivioID is the OpenPGP signing extension. Authors sign posts locally with their own GPG key — private key never touches the server.

A badge appears on published posts. Any reader can verify with standard GPG tools, no WordPress required. Server-side verification handles Ed25519 via libsodium, RSA and ECDSA via phpseclib v3. Browser signing via OpenPGP.js for editors who aren't comfortable with a terminal. Full audit log with CSV export. The proof outlives the platform.

ArchivioMD (WordPress.org): https://wordpress.org/plugins/archiviomd

ArchivioMD (GitHub): https://github.com/MountainViewProvisions/archiviomd

ArchivioID (GitHub): https://github.com/MountainViewProvisions/ArchivioID/release... PHP 7.4+, WordPress 6.0+, phpseclib v3, OpenPGP-PHP, OpenPGP.js, libsodium, GPL-2.0.

Law of Universal Uniqueness

Show HN: Nodal.gg – Game recommender with interactive map

Show HN: Gix – A Go CLI for AI generated commit messages

You are not supposed to install OpenClaw on your personal computer

Copper Scroll of the Dead Sea Scrolls (3Q15)

Show HN: Pantagruel, an Accessible Specification Language

Eric Trump is deleting all crypto related x posts

Threat hunting for home users and SMBs

Which web frameworks are most token-efficient for AI agents?

The Physics and Economics of Moving 44 Tonnes at 56mph

Donut Lab Solid-State Battery: Fast Charge Test [video]

Snowflake's AI coding agent beats Claude Code at data engineering

You Only Think the Service Provider Works for You

Observations from Building with AI Agents

Lost value: what decades of data reveal about Canada's early-stage funding gap

Economic idea transfixed Wall Street and Washington. It may be a mirage

Tesla is having a hard time turning over its FSD traffic violation data

Show HN: RespectASO – Free, open-source, self-hosted ASO keyword research tool

Controlling Off-Odors in Plant Proteins Using Sequential Fermentation

Are we becoming better coworkers only because AI demands it? [video]

AI-powered reverse-engineering of Rosetta 2 for Linux

Dispatch: For those juggling 10 Claude Code instances. Now just type /dispatc

Show HN: Crash-safe job queue – lease-expiry race and fencing fix

Dev job postings grew 10% YoY in the US while overall postings declined 5.8%

OpenAI: WebSocket Mode

Change your default date format to the least ambiguous

NumPy-Ts: NumPy for Browser and Node.js

Show HN: PureBee – A software-defined GPU running Llama 3.2 1B at 3.6 tok/SEC

FreeBSD doesn't have Wi-Fi driver for my old MacBook. AI build one for me

Optimizing a Rust Thread-Pool (Part 1/?)