FAIR

Federated and Independent Repositories

ArchivioMD

Plugin Banner

ArchivioMD

by mtnviewpro

Download
Description

ArchivioMD gives WordPress sites a cryptographic proof layer. Every post, page, and document gets a verifiable integrity record — independently checkable without trusting the platform, the host, or the database.

Built for journalists, compliance teams, legal publishers, and anyone for whom the question “was this changed after it was published?” has a real answer.

Cryptographic Integrity Layer

Content Hashing
* Deterministic hash of every post and page on publish and update
* Standard algorithms: SHA-256, SHA-224, SHA-384, SHA-512, SHA-512/224, SHA-512/256, SHA3-256, SHA3-512, BLAKE2b-512, BLAKE2s-256, SHA-256d, RIPEMD-160, Whirlpool-512
* Extended algorithms: BLAKE3-256, SHAKE128-256, SHAKE256-512, GOST R 34.11-94, GOST R 34.11-94 (CryptoPro)
* Verification badge on every post: ✓ Verified, ✗ Unverified, − Not Signed
* Downloadable verification files for offline confirmation
* Shortcode placement via [hash_verify]

HMAC Integrity Mode
* Adds a shared-secret keyed authentication layer on top of hashing
* Private key lives in wp-config.php — never in the database
* An adversary with database access alone cannot silently update the hash
* Offline verification requires the secret key

define('ARCHIVIOMD_HMAC_KEY', 'your-secret-key');

Ed25519 Document Signing
* Posts, pages, and media signed automatically on save using PHP sodium (ext-sodium)
* Private key stored in wp-config.php as ARCHIVIOMD_ED25519_PRIVATE_KEY — never in the database
* Public key published at /.well-known/ed25519-pubkey.txt for independent third-party verification
* No WordPress dependency required to verify — standard sodium tooling works
* In-browser keypair generator included

DSSE Envelope Mode
* Wraps Ed25519 signatures in a Dead Simple Signing Envelope (DSSE) per the Sigstore specification
* Pre-Authentication Encoding (PAE) binds the payload type to the signature, preventing cross-protocol replay attacks
* Bare hex signature always preserved alongside for backward compatibility
* keyid field is SHA-256 fingerprint of the public key bytes

External Anchoring

Git Repository Anchoring
* Commits integrity records (hash, algorithm, HMAC status, timestamp) to GitHub or GitLab on every anchor job
* Repository commit history creates a secondary independent audit trail
* Supports public and private repositories, including self-hosted GitLab

RFC 3161 Trusted Timestamps
* Sends content hash to an RFC 3161-compliant Time Stamp Authority (TSA) on every anchor job
* TSA returns a signed .tsr token binding the hash to a specific time — independently verifiable offline
* RFC 3161, Git, and Rekor anchoring can all run simultaneously on every job
* Four built-in providers: FreeTSA.org, DigiCert, GlobalSign, Sectigo
* Custom TSA endpoint supported
* .tsr and .tsq files stored locally, blocked from direct HTTP access, served via authenticated download handler
* Offline verification via OpenSSL: openssl ts -verify -in response.tsr -queryfile request.tsq -CAfile tsa.crt

Sigstore / Rekor Transparency Log
* Submits a hashedrekord v0.0.1 entry to the public Rekor append-only transparency log (rekor.sigstore.dev) on every anchor job
* Rekor entries are immutable and publicly verifiable by anyone without pre-trusting the signer
* When site Ed25519 keys are configured, entries are signed with the long-lived site key and the public key fingerprint links to /.well-known/ed25519-pubkey.txt
* Without site keys, a per-submission ephemeral keypair is generated automatically — the content hash is still immutably logged
* Embedded provenance metadata in every entry: site URL, document ID, post type, hash algorithm, plugin version, public key fingerprint
* Inline verification in the admin: fetches live inclusion proof from Rekor API without leaving the admin
* Independent verification: rekor-cli verify --artifact-hash sha256:<HASH> --log-index <INDEX> or https://search.sigstore.dev/?logIndex=<INDEX>
* No API key required — Rekor is a free public API operated by the Linux Foundation’s Sigstore project

Document Management

Meta-Documentation
* Create and edit Markdown files for security.txt, privacy policy, terms of service, and more
* HTML rendering from Markdown with syntax highlighting
* Automatic UUID assignment and SHA-256 checksum tracking
* Append-only changelog for all modifications (timestamp, user, checksum)

SEO and Compliance Files
* robots.txt, llms.txt, ads.txt, app-ads.txt, sellers.json, ai.txt
* Direct URL access at yoursite.com/robots.txt, etc.
* Browser-based editing — no FTP or server access required

Sitemap Generation
* Standard and comprehensive XML sitemap formats
* Optional auto-update on post publish/delete
* Sitemap index and post-type-specific sitemaps

Compliance & Audit Tools

Signed Exports
* Metadata CSV, Compliance JSON, and Backup ZIP each generate a companion .sig.json integrity receipt
* Receipt contains: SHA-256 hash of the file, export type, filename, generation timestamp (UTC), site URL, plugin version
* When Ed25519 is configured, the receipt additionally includes a detached cryptographic signature binding all fields

Structured Compliance JSON
* Exports complete evidence package as a single JSON file
* Preserves full relationships between posts, hash history, anchor log entries, and RFC 3161 TSR manifests
* Suitable for legal evidence packages, compliance audits, and SIEM ingestion

Metadata Verification
* Manual checksum verification against stored values
* Reports: ✓ VERIFIED, ✗ MISMATCH, ⚠ MISSING FILE
* Read-only — does not modify files or metadata

Backup & Restore
* Portable ZIP archives of all metadata and files
* Mandatory dry-run analysis before any restore
* Restore is explicit and admin-confirmed

WP-CLI Support
* wp archiviomd process-queue
* wp archiviomd anchor-post <id>
* wp archiviomd verify <id>
* wp archiviomd prune-log

Ideal For

  • Journalists and news publishers requiring tamper-evident records
  • Legal teams and compliance departments needing auditable document trails
  • Organizations subject to HIPAA, ISO 27001, SOC 2, or NIST SP 800-171 aligned requirements
  • Whistleblower platforms and activist publishers requiring integrity without platform trust
  • Security researchers and open source projects requiring transparent, verifiable publish records
  • Any WordPress site where the integrity of published content is material

Important Notes

Database Storage: All metadata (UUIDs, checksums, changelogs) is stored in the WordPress database. Regular WordPress database backups are required.

Manual Operations: All verification, export, and backup operations are admin-triggered. No automatic enforcement, silent cleanup, or background modification of content.

File Locations: Markdown and SEO files are stored in uploads/meta-docs/. Files are preserved when the plugin is uninstalled.

What This Plugin Does NOT Provide: Automatic compliance certification, legal advice or guarantees, automatic integrity enforcement, or integration with external compliance platforms.

Getting Started

First Steps

  1. Flush Permalinks (required)

    • Navigate to Settings Permalinks Save Changes
    • This enables WordPress to serve your meta-documentation files

  2. Create Your First Document

    • Go to Meta Docs & SEO
    • Find a predefined file (e.g., security.txt.md)
    • Click to expand, enter content, save
    • UUID and first changelog entry are created automatically

  3. Enable Content Hashing

    • Go to Cryptographic Verification Settings
    • Choose a hash algorithm (SHA-256 default)
    • Save — new and updated posts will be hashed automatically

  4. Configure Ed25519 Signing (Optional)

    • Use the in-browser keypair generator to create your keys
    • Add both constants to wp-config.php
    • Enable signing — posts, pages, and media are signed on save

  5. Enable Rekor Transparency Log (Optional)

    • Go to ArchivioMD Rekor / Sigstore
    • Review server requirements (ext-sodium, ext-openssl)
    • Enable and test connection — no API key required
    • Anchor jobs will submit to Rekor alongside Git and RFC 3161

Automatic Installation

  1. Log in to your WordPress admin panel
  2. Navigate to Plugins Add New
  3. Search for “ArchivioMD”
  4. Click “Install Now” and then “Activate”
  5. Navigate to Settings Permalinks and click “Save Changes” (required for file serving)

Manual Installation

  1. Download the plugin ZIP file
  2. Upload to WordPress via Plugins Add New Upload Plugin
  3. Activate the plugin
  4. Navigate to Settings Permalinks and click “Save Changes”

Post-Installation

After activation you will see:
* Main Menu: “Meta Docs & SEO” in the WordPress admin sidebar
* Tools Menu: “ArchivioMD” under Tools for compliance features
* Admin Notice: Reminder to flush permalinks (dismissible)

Where are my files stored?

Markdown and SEO files are stored in your uploads directory under meta-docs/. Metadata (UUIDs, checksums, changelogs) is stored in the WordPress database in the wp_options table with the prefix mdsm_doc_meta_.

Do I need to back up the database?

Yes. All metadata is stored in the database. The plugin’s Backup & Restore tool provides portable archives, but standard database backups are still required.

What happens if I uninstall the plugin?

By default all metadata is preserved in the database and all files remain in the uploads directory. If metadata cleanup is explicitly enabled, only database options are deleted — files always remain.

Can I edit files via FTP?

Yes, but this will cause checksum mismatches. Re-save the file through the plugin’s admin interface to update the stored checksum.

Does this plugin enforce file integrity?

No. The plugin tracks integrity via checksums and provides manual verification tools. Verification is admin-triggered and read-only. It does not prevent or block modifications.

Can I verify signatures without WordPress?

Yes. Ed25519 signatures can be verified with any standard sodium-compatible tool. Retrieve the public key from /.well-known/ed25519-pubkey.txt and verify against the canonical message format documented in the plugin.

Can I verify RFC 3161 timestamps independently?

Yes. Download the .tsr and .tsq files from the compliance tools page and run: openssl ts -verify -in response.tsr -queryfile request.tsq -CAfile tsa.crt

Can I verify Rekor entries independently?

Yes. Use rekor-cli verify --artifact-hash sha256:<HASH> --log-index <INDEX> or look up the entry at https://search.sigstore.dev/?logIndex=<INDEX>. No plugin or account required.

Does Rekor require an API key?

No. The Rekor public good instance (rekor.sigstore.dev) is a free, unauthenticated public API operated by the Linux Foundation’s Sigstore project.

Is this plugin GDPR compliant?

The plugin does not collect, store, or process personal data from visitors. It stores administrative metadata associated with WordPress user accounts. Compliance with GDPR depends on how you use the plugin. Consult your legal team.

Can non-admin users access these features?

No. All features require the manage_options capability (administrator role).

What Markdown syntax is supported?

The plugin uses PHP Parsedown. Standard Markdown including headings, lists, links, code blocks, tables, and GitHub-flavored Markdown features like task lists are supported.

1.7.0

  • Added Sigstore / Rekor transparency log as a fourth anchor provider. Every anchor job can simultaneously submit a hashedrekord v0.0.1 entry to the public Rekor log (rekor.sigstore.dev) alongside GitHub, GitLab, and RFC 3161.
  • Rekor entries include embedded provenance metadata: site URL, document ID, post type, hash algorithm, plugin version, public key fingerprint, and key type (site long-lived or ephemeral).
  • When site Ed25519 keys are configured, entries are signed with the long-lived key; the public key fingerprint links to /.well-known/ed25519-pubkey.txt for independent verification. Without site keys, a per-submission ephemeral keypair is generated automatically via PHP Sodium — the content hash is still immutably logged.
  • Added inline Rekor Activity Log with live “Verify” button — fetches inclusion proof directly from the Rekor API without leaving the admin.
  • Added Rekor / Sigstore submenu page with server requirements checklist, settings toggle, Test Connection button (read-only GET, no dummy entries written), and scoped activity log.
  • Expanded hash algorithm library. New standard algorithms: SHA-224, SHA-384, SHA-512/224, SHA-512/256, BLAKE2s-256, SHA-256d, RIPEMD-160, Whirlpool-512. New extended algorithms: GOST R 34.11-94, GOST R 34.11-94 (CryptoPro). Legacy algorithms available but not recommended: MD5, SHA-1.
  • Rekor is optional and disabled by default. Requires ext-sodium (standard since PHP 7.2) and ext-openssl.

1.6.8

  • Added DSSE (Dead Simple Signing Envelope) mode to Ed25519 Document Signing, per the Sigstore DSSE specification.
  • When enabled, every post and media signature is wrapped in a structured JSON envelope stored in the _mdsm_ed25519_dsse post meta key. The bare hex signature in _mdsm_ed25519_sig is always written alongside — all existing verifiers continue to work without migration.
  • Envelope format: { "payload": base64(canonical_msg), "payloadType": "application/vnd.archiviomd.document", "signatures": [{ "keyid": sha256_hex(pubkey_bytes), "sig": base64(sig_bytes) }] }.
  • Signing is over the DSSE Pre-Authentication Encoding (PAE) — prevents cross-protocol signature confusion attacks.
  • Added sign_dsse(), verify_dsse(), verify_post_dsse(), public_key_fingerprint(), is_dsse_enabled(), and set_dsse_mode() public static methods.
  • DSSE Envelope Mode toggle added to Cryptographic Verification settings, nested beneath the Ed25519 card. Disabled until Ed25519 is fully configured and active.
  • Verification files downloaded from the badge now include the full DSSE envelope plus step-by-step offline verification instructions.
  • Media attachments receive DSSE envelopes when DSSE mode is on.

1.6.7

  • Added Signed Export Receipts to all three compliance export types: Metadata CSV, Compliance JSON, and Backup ZIP.
  • Every export generates a companion .sig.json integrity receipt containing: SHA-256 hash of the exported file, export type, filename, generation timestamp (UTC), site URL, plugin version, and generating user ID.
  • When Ed25519 Document Signing is configured, the receipt includes a detached Ed25519 signature binding all fields — preventing replay against a different file or context.
  • “Download Signature” button appears inline after each successful export.

1.6.6

  • Fixed verification badge download failing on sites with WP_DEBUG enabled. Root cause: RFC 3161 cross-reference query ran without first checking the anchor log table exists. Fix: added SHOW TABLES existence check and wrapped with wpdb->suppress_errors().
  • Added ads.txt, app-ads.txt, sellers.json, and ai.txt to SEO Files section.
  • Added Ed25519 Document Signing. Private key in wp-config.php, public key at /.well-known/ed25519-pubkey.txt, in-browser keypair generator included.

1.6.5

  • Fixed fatal PHP parse error from unescaped apostrophe in DigiCert TSA profile notes string.
  • Fixed fatal load-order error where RFC 3161 provider class was required before its interface was defined.
  • Fixed undefined variable $settings inside store_tsr().

1.6.4

  • Added multi-provider anchoring: RFC 3161 and Git can now run simultaneously on every anchor job.
  • Each provider tracked independently — failure or rate-limiting of one does not block the other.
  • Each provider writes its own entry to the Anchor Activity Log.
  • Existing single-provider installations migrated automatically on next settings read.

1.6.3

  • Added structured Compliance JSON export.
  • Preserves full relationships between posts, hash history, anchor log entries, and inlined RFC 3161 TSR manifests.
  • Suitable for legal evidence packages, compliance audits, and SIEM ingestion.

1.6.2

  • Fixed redundant double hash computation in HTML anchoring.
  • Added admin notice when anchor jobs permanently fail after all retries.
  • TSR and TSQ files now blocked from direct HTTP access via .htaccess; served via authenticated download handler.
  • Verification file download now includes RFC 3161 timestamp details when available.
  • Scheduled posts correctly anchored when they go live.
  • Added WP-CLI commands: process-queue, anchor-post, verify, prune-log.
  • Added configurable log retention (default 90 days) with automatic daily pruning.

1.6.1

  • Hardened anchor queue against concurrent processing on high-traffic sites.
  • Added queue size cap to prevent unbounded option row growth.

1.6.0

  • Added RFC 3161 trusted timestamping support.
  • Four built-in TSA providers: FreeTSA.org, DigiCert, GlobalSign, Sectigo. Custom endpoint supported.
  • Timestamp tokens (.tsr files) stored locally for independent offline verification.

1.5.9

  • Added HMAC Integrity Mode with secret key support (ARCHIVIOMD_HMAC_KEY constant).
  • Added External Anchoring to GitHub and GitLab repositories.
  • Expanded hash algorithm support: SHA3-256, SHA3-512, BLAKE2b, BLAKE3, SHAKE128-256, SHAKE256-512.
  • Security hardening: input sanitization, output escaping, nonce validation.

1.4.1

  • Fixed fatal error on PHP < 7.2 when ARCHIVIOMD_HMAC_KEY constant was defined.
  • Added function_exists() check for hash_hmac_algos() before usage.
  • BLAKE2b algorithm gracefully falls back to SHA-256 on PHP < 7.2.

1.3.0

  • Added Archivio Post content hash verification system.
  • Deterministic SHA-256 hash generation with post ID and author ID binding.
  • Visual verification badges: Verified (green), Unverified (red), Not Signed (gray).

1.1.1

  • Added Metadata Cleanup on Uninstall feature (opt-in, disabled by default).
  • Added audit logging for cleanup setting changes.
  • Enhanced nonce verification and capability checks.

1.1.0

  • Initial public release.
  • Meta-documentation management with Markdown support.
  • SEO file management (robots.txt, llms.txt, ads.txt, etc.).
  • XML sitemap generation.
  • Document metadata tracking (UUIDs, SHA-256, changelogs).
  • HTML rendering from Markdown files.
  • Public index page with customizable document visibility.
  • Compliance tools: Metadata Export (CSV), Backup & Restore, Manual metadata verification.
Back to top