The minimum WordPress version requirement is now 4.2.0.<\/p>","1.0.0":"
First Release<\/p>"},"ratings":{"1":0,"2":0,"3":0,"4":0,"5":0},"assets_icons":{"icon-256x256.png":{"filename":"icon-256x256.png","revision":"1828560","resolution":"256x256","location":"assets"}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":"1828549","resolution":"1544x500","location":"assets"},"banner-772x250.png":{"filename":"banner-772x250.png","revision":"1828905","resolution":"772x250","location":"assets"}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0.0","1.1.0","1.2.0"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[125,2552,5939],"plugin_category":[54],"plugin_contributors":[79892],"plugin_business_model":[],"class_list":["post-81902","plugin","type-plugin","status-closed","hentry","plugin_tags-secure","plugin_tags-update","plugin_tags-upgrade","plugin_category-security-and-spam-protection","plugin_contributors-ericmann","plugin_committers-ericmann"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/s.w.org\/plugins\/geopattern-icon\/dgxpco_488fb3.svg","icon_2x":false,"generated":true},"screenshots":[],"raw_content":"\n
DGXPCO (Digital Guarantees for eXplicitly Permitted Core Operations) is a proof-of-concept cryptographic signature verification utility for WordPress software updates. The plugin will source manual (offline) signatures for WordPress core updates and prevent the application from updating unless the contents of the update payload are verified with a remote signature.<\/p>\n\n
This provides a second<\/em> source of truth for the integrity of WordPress updates beyond the MD5 content hash supplied in the header from the WordPress update server. If that server were ever breached, it's unlikely the server hosting the signatures<\/em> of the files was also breached. If the signatures ever fail to validate, you can know your site was protected from an attack.<\/p>\n\n\n At the moment, Eric Mann<\/a> will personally verify and sign every new update payload once it's released by the core team. The signatures of each core file are hosted in a separate GitHub repository<\/a>, with every commit signed by Eric's GPG private key<\/a> for redundant verification.<\/p><\/dd>\n\n<\/dl>\n\n\nManual Installation<\/h4>\n\n
\n
\/dgxpco<\/code> directory to the \/wp-content\/plugins\/<\/code> directory.<\/li>\n\n
Manual Installation<\/h4>\n\n
\n
\/dgxpco<\/code> directory to the \/wp-content\/plugins\/<\/code> directory.<\/li>\n1.2.0<\/h4>\n\n
\n
1.1.0<\/h4>\n\n
\n
1.0.0<\/h4>\n\n
\n