Peace Protocol

Screenshots

Peace Protocol enables WordPress site administrators to authenticate as their website and send cryptographically signed “peace” messages to other WordPress sites running the same protocol and/or indie auth. 🔒 Security-First Design Admin-Only Authentication WordPress Administrators Only: This plugin is designed exclusively for WordPress site administrators Site-Level Authentication: Admins authenticate as their website, not as individual users No Public Registration: No public user registration system – only federated users created after secure handshakes Cryptographic Tokens: Each site uses cryptographically secure tokens for authentication Federated User System Limited Permissions: Federated users can only comment on posts, no admin access Automatic Cleanup: Federated users are removed when the plugin is uninstalled Role-Based Security: Federated users have the federated_peer role with minimal capabilities No Dashboard Access: Federated users cannot access WordPress admin areas Token Security Cryptographically Secure: Tokens are generated using WordPress’s secure password generator Token Rotation: Support for multiple tokens with automatic rotation Secure Storage: Tokens are stored securely in WordPress options Expiring Authorization Codes: Authorization codes expire after 5 minutes 🌟 Key Features Core Functionality Send Peace: Send cryptographically signed peace messages to other WordPress sites Peace Log Wall: Display received peace messages using the [peaceprotocol_log_wall] shortcode Automatic Feed Subscription: Automatically subscribe to peace feeds from sites you connect with Token Management: Generate, rotate, and manage authentication tokens User Banning System: Ban problematic users with reason tracking IndieAuth Support: Alternative authentication using the IndieAuth standard with PKCE Federated Login System Cross-Site Authentication: Users from remote sites can comment as their site identity Seamless Integration: Works with existing WordPress comment systems Secure Handshake: Only sites completing the cryptographic handshake can create federated logins Automatic User Creation: Creates federated users automatically after successful handshake Dual Authentication: Support for both Peace Protocol tokens and IndieAuth standard Admin Interface Token Management: Generate, view, and delete authentication tokens Feed Management: View and manage subscribed peace feeds Peace Log: View all received peace messages in the admin area User Banning: Ban users with reason tracking and management Settings Configuration: Configure button position and auto-insertion Frontend Features Peace Button: Floating peace hand button (✌️) that can be positioned anywhere Auto-Insertion: Automatically insert the peace button on your site Shortcode Support: Use [peaceprotocol_hand_button] to manually place the button Responsive Design: Works on all devices and screen sizes Dark Mode Support: Automatically adapts to user’s color scheme preference Choice Modal: User-friendly modal to choose between Peace Protocol and IndieAuth authentication Technical Features REST API: Modern REST API endpoints for all functionality AJAX Fallback: AJAX endpoints for sites with REST API disabled CORS Support: Proper CORS headers for cross-site communication Translation Ready: Full internationalization support with multiple languages Custom Post Types: Uses custom post types for peace logs IndieAuth Endpoints: Full IndieAuth specification compliance with authorization and token endpoints PKCE Support: Proof Key for Code Exchange for enhanced security 🚀 How It Works For WordPress Administrators Install & Activate: Install the plugin and activate it on your WordPress site Generate Tokens: Go to Settings > Peace Protocol and generate authentication tokens Send Peace: Use the peace button to send cryptographically signed peace to other sites Build Network: Connect with other WordPress sites and build a network of trust 🔐 Federated Login Process Peace Protocol Authentication User from Site A visits Site B and wants to comment User clicks “Peace” button on Site B User chooses “Login with Peace Protocol” from the choice modal Site B redirects to Site A for authentication Site A validates the user and generates an authorization code User is redirected back to Site B with the authorization code Site B automatically logs in the user as a federated user from Site A User can comment on Site B as “siteacom” IndieAuth Authentication User from Site A visits Site B and wants to comment User clicks “Peace” button on Site B User chooses “Login with IndieAuth” from the choice modal Site B discovers IndieAuth endpoints on Site A Site B redirects to Site A’s IndieAuth authorization endpoint Site A validates the user and generates an authorization code User is redirected back to Site B with the authorization code Site B exchanges the code for an access token using PKCE Site B automatically logs in the user as a federated user from Site A User can comment on Site B as “Logged in as siteacom” Security Flow Cryptographic Handshake: Sites exchange cryptographically signed tokens Token Validation: Each peace message is validated using secure tokens Federated User Creation: Only after successful handshake are federated users created Limited Permissions: Federated users have minimal permissions and no admin access Automatic Cleanup: All federated data is removed on plugin uninstall 🛡️ Security Considerations What This Plugin Does NOT Do ❌ No Public User Registration: Only WordPress administrators can use this plugin (federated users are created automatically after secure handshakes) ❌ No Admin Access for Federated Users: Federated users cannot access WordPress admin ❌ No Database Access: Federated users cannot access sensitive site data ❌ No File System Access: Federated users cannot upload or modify files ❌ No Plugin/Theme Management: Federated users cannot install or modify plugins/themes What This Plugin DOES Do ✅ Site-to-Site Authentication: WordPress admins authenticate as their website ✅ Cryptographic Verification: All peace messages are cryptographically signed ✅ Limited Federated Access: Federated users can only comment on posts ✅ Automatic Cleanup: All federated data is removed on uninstall ✅ Secure Token Management: Tokens are cryptographically secure and can be rotated 🌍 Internationalization Peace Protocol is fully translation-ready and includes translations for: – English (default) – Spanish (es_ES) – French (fr_FR) – Japanese (ja) – Chinese Simplified (zh_CN)