plugin-icon

Peace Protocol

Par Billy Wilcosky·
A secure, decentralized protocol for WordPress administrators to connect their sites and build a network of trust through cryptographic handshakes.
cryptographic
decentralized
federation
Note
Ajouter un Avis
Version
1.2.7
Mis à jour récemment
Aug 27, 2025
Peace Protocol

Peace Protocol enables WordPress site administrators to authenticate as their website and send cryptographically signed « peace » messages to other WordPress sites running the same protocol. This creates a decentralized network where admins can establish trust relationships, share peace, and enable cross-site interactions.

🔒 **Security-First Design**

Admin-Only Authentication

  • WordPress Administrators Only: This plugin is designed exclusively for WordPress site administrators
  • Site-Level Authentication: Admins authenticate as their website, not as individual users
  • No Public Registration: No public user registration system – only federated users created after secure handshakes
  • Cryptographic Tokens: Each site uses cryptographically secure tokens for authentication

Federated User System

  • Limited Permissions: Federated users can only comment on posts, no admin access
  • Automatic Cleanup: Federated users are removed when the plugin is uninstalled
  • Role-Based Security: Federated users have the federated_peer role with minimal capabilities
  • No Dashboard Access: Federated users cannot access WordPress admin areas

Token Security

  • Cryptographically Secure: Tokens are generated using WordPress’s secure password generator
  • Token Rotation: Support for multiple tokens with automatic rotation
  • Secure Storage: Tokens are stored securely in WordPress options
  • Expiring Authorization Codes: Authorization codes expire after 5 minutes

🌟 **Key Features**

Core Functionality

  • Send Peace: Send cryptographically signed peace messages to other WordPress sites
  • Peace Log Wall: Display received peace messages using the [peaceprotocol_log_wall] shortcode
  • Automatic Feed Subscription: Automatically subscribe to peace feeds from sites you connect with
  • Token Management: Generate, rotate, and manage authentication tokens
  • User Banning System: Ban problematic users with reason tracking
  • IndieAuth Support: Alternative authentication using the IndieAuth standard with PKCE

Federated Login System

  • Cross-Site Authentication: Users from remote sites can comment as their site identity
  • Seamless Integration: Works with existing WordPress comment systems
  • Secure Handshake: Only sites completing the cryptographic handshake can create federated logins
  • Automatic User Creation: Creates federated users automatically after successful handshake
  • Dual Authentication: Support for both Peace Protocol tokens and IndieAuth standard

Admin Interface

  • Token Management: Generate, view, and delete authentication tokens
  • Feed Management: View and manage subscribed peace feeds
  • Peace Log: View all received peace messages in the admin area
  • User Banning: Ban users with reason tracking and management
  • Settings Configuration: Configure button position and auto-insertion

Frontend Features

  • Peace Button: Floating peace hand button (✌️) that can be positioned anywhere
  • Auto-Insertion: Automatically insert the peace button on your site
  • Shortcode Support: Use [peaceprotocol_hand_button] to manually place the button
  • Responsive Design: Works on all devices and screen sizes
  • Dark Mode Support: Automatically adapts to user’s color scheme preference
  • Choice Modal: User-friendly modal to choose between Peace Protocol and IndieAuth authentication

Technical Features

  • REST API: Modern REST API endpoints for all functionality
  • AJAX Fallback: AJAX endpoints for sites with REST API disabled
  • CORS Support: Proper CORS headers for cross-site communication
  • Translation Ready: Full internationalization support with multiple languages
  • Custom Post Types: Uses custom post types for peace logs
  • IndieAuth Endpoints: Full IndieAuth specification compliance with authorization and token endpoints
  • PKCE Support: Proof Key for Code Exchange for enhanced security

🚀 **How It Works**

For WordPress Administrators

  1. Install & Activate: Install the plugin and activate it on your WordPress site
  2. Generate Tokens: Go to Settings > Peace Protocol and generate authentication tokens
  3. Send Peace: Use the peace button to send cryptographically signed peace to other sites
  4. Build Network: Connect with other WordPress sites and build a network of trust

Federated Login Process

Peace Protocol Authentication

  1. User from Site A visits Site B and wants to comment
  2. User clicks « Peace » button on Site B
  3. User chooses « Login with Peace Protocol » from the choice modal
  4. Site B redirects to Site A for authentication
  5. Site A validates the user and generates an authorization code
  6. User is redirected back to Site B with the authorization code
  7. Site B automatically logs in the user as a federated user from Site A
  8. User can comment on Site B as « siteacom »

IndieAuth Authentication

  1. User from Site A visits Site B and wants to comment
  2. User clicks « Peace » button on Site B
  3. User chooses « Login with IndieAuth » from the choice modal
  4. Site B discovers IndieAuth endpoints on Site A
  5. Site B redirects to Site A’s IndieAuth authorization endpoint
  6. Site A validates the user and generates an authorization code
  7. User is redirected back to Site B with the authorization code
  8. Site B exchanges the code for an access token using PKCE
  9. Site B automatically logs in the user as a federated user from Site A
  10. User can comment on Site B as « Logged in as siteacom »

Security Flow

  1. Cryptographic Handshake: Sites exchange cryptographically signed tokens
  2. Token Validation: Each peace message is validated using secure tokens
  3. Federated User Creation: Only after successful handshake are federated users created
  4. Limited Permissions: Federated users have minimal permissions and no admin access
  5. Automatic Cleanup: All federated data is removed on plugin uninstall

🛡️ **Security Considerations**

What This Plugin Does NOT Do

  • No Public User Registration: Only WordPress administrators can use this plugin (federated users are created automatically after secure handshakes)
  • No Admin Access for Federated Users: Federated users cannot access WordPress admin
  • No Database Access: Federated users cannot access sensitive site data
  • No File System Access: Federated users cannot upload or modify files
  • No Plugin/Theme Management: Federated users cannot install or modify plugins/themes

What This Plugin DOES Do

  • Site-to-Site Authentication: WordPress admins authenticate as their website
  • Cryptographic Verification: All peace messages are cryptographically signed
  • Limited Federated Access: Federated users can only comment on posts
  • Automatic Cleanup: All federated data is removed on uninstall
  • Secure Token Management: Tokens are cryptographically secure and can be rotated

🌍 **Internationalization**

Peace Protocol is fully translation-ready and includes translations for: – English (default) – Spanish (es_ES) – French (fr_FR) – Japanese (ja) – Chinese Simplified (zh_CN)

Gratuitsur le plan Business
Commencer
En procédant à l’installation, vous acceptez les Conditions d’utilisation de WordPress.com ainsi que les Conditions de l’extension tierce.
Testé jusqu’à version
WordPress 6.8.3
Cette extension est disponible en téléchargement pour votre site .
Télécharger