Description
w3mypq provides a privacy-focused file encryption and sharing tool for WordPress. Files are encrypted in the user’s browser before upload using ML-KEM and AES-GCM.
The plugin combines modern cryptographic standards with low-level binary packing, thread isolation, and forensic memory management. Its low-overhead, browser-based w3Gemini engine supports secure and fast post-quantum file sharing between users.
What you must know: This plugin aims to be a high-security tool that guarantees absolute data sovereignty by design. To achieve this, the plugin utilizes state-of-the-art post-quantum cryptography. It is engineered so that even if the service provider’s servers are compromised, attackers only find useless, encrypted data because nobody else possesses the users’ private decryption keys. This architecture offers the highest level of security, assuming the integrity of the core cryptographic code. The deployment must remain free from modifications that compromise private keys or exploit payload structures via unauthorized public key injection and user impersonation.
Features
- Implements ML-KEM 1024 for post-quantum key encapsulation.
- Supports ML-DSA 87 signatures for sender verification.
- Encrypts files locally in the browser before upload (Zero-Knowledge).
- Utilizes AES-GCM-256 for symmetric file encryption.
- Leverages SHA-512 for cryptographic integrity verification.
- Supports sharing files with one or more recipients.
- Displays the user’s daily upload quota and the remaining time until it resets.
- Recipients decrypt files locally using their own private keys.
- Guest mode for local-only encryption and decryption.
- Designed around NIST post-quantum cryptography standards.
Admin Options
- Maximum attachment file sizes configuration.
- Daily user storage upload quota limits.
- User role permissions access level controls.
- Dynamic encrypted file retention storage periods.
- Maximum unique recipients allowed per file.
- The Vault Module Maintenance feature provides easy options to execute targeted administrative cleanup routines on the server or for testing purposes.
Manage all configuration panels by navigating to: WP Admin -> Settings -> w3mypq.
Help and Documentation
Installation
- Upload the plugin folder to the
/wp-content/plugins/directory, or install it through the WordPress Plugins screen. - Activate the plugin through the Plugins menu in WordPress.
- Add the shortcode
[w3mypq_short]to a page or post. - Open the page and use the interface to generate keys, encrypt files, and share them with recipients.
Customization
To preserve customizations during updates:
- Copy the
w3mypq-customfolder from the plugin directory into/wp-content/plugins/. - Edit:
w3mypq.cssw3mypq_body.html- The plugin automatically loads these files when present.
- If the custom files are not found, the default plugin files are used.
FAQ
-
Client-Side Limitations & Server Capacity
-
The size of the files that can be encrypted depends entirely on the processor power and RAM of the device running the browser. Remember, all file encryption and decryption happen directly client-side within the browser. Furthermore, while you can easily encrypt files to create a 500MB or even 1GB payload, you must also account for connection speeds and the server’s capacity to handle uploading or downloading such large amounts of data.
-
What does this plugin do?
-
The plugin allows users to encrypt files locally in their browser before sharing or storing them.
It supports post-quantum key encapsulation using ML-KEM and digital signatures using ML-DSA. Encrypted files can be shared with recipients who decrypt them locally using their own private keys.
-
Does the server store my private keys?
-
No.
Private keys are generated locally in the user’s browser and should be stored securely by the user.
The server only stores information necessary for sharing encrypted content, such as public keys and encrypted files.
-
What are ML-KEM and ML-DSA?
-
ML-KEM and ML-DSA are NIST-standardized post-quantum cryptographic algorithms.
ML-KEM is used for secure key exchange and ML-DSA is used for digital signatures and sender verification.
-
What is guest mode?
-
Guest mode allows visitors to perform encryption and decryption locally without creating an account.
Files do not need to be uploaded to the server when using guest mode.
-
Yes.
Registered users can encrypt files for one or more recipients. Recipients receive access information and can decrypt files locally using their corresponding private keys.
-
How is the Noble library used?
-
The plugin includes a compiled version of the Noble post-quantum cryptography library.
The plugin’s
/nobledirectory contains additional information about the library and its build process.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“w3mypq” is open source software. The following people have contributed to this plugin.
Contributors
Translate “w3mypq” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
2.3.0
Release Date – 07 Jun, 2026
* Fix: Fix the new added 2.2.0 Vault Module Maintenance Tools, Administrator buttons to execute targeted storage vault and transient purges (preserving user keys) or full resets.
* Add: Dynamic Quota & Countdown Info Panel directly onto the front-end vault interface, utilizing a high-efficiency client-side background ticker that updates every minute to display remaining storage capacity (MB/KB) and a precise live hours/minutes countdown until the rolling 24-hour limit resets.
* Fix: Core uninstall execution mapping loops to automate immediate, complete cleanup of all user meta data records, file tokens, background transient timeout parameters, upload folders, upon plugin removal.
* Fix: Reinforced server-side User Quota Gatekeeper on the REST API endpoint, embedding an absolute hard-stop guard that validates complete file dimensions on Chunk 0 and terminates unauthorized transmission frames instantly.
* Fix: Patched fractional mathematical chunk leaks on the REST API gateway, enforcing a strict zero-tolerance hard stop block when daily bandwidth thresholds are maxed out.
* Fix: Discarded legacy un-sanitized profile meta save routines to ensure wrong key inputs trigger an immediate native red warning alert banner.
* Fix: Post-Quantum key check. Fully automates Public key extraction directly from pasted text, stripping out headers, whitespaces, and PEM boundaries.
2.2.0
Release Date – 06 Jun, 2026
* Add: Vault Module Maintenance Tools -into the Admin panel settings page to execute targeted administrative cleanup routines on the server vault storage footprint or for testing purpose.
* Fix: Uninstall immediate complete transients cleanup.
* Add: A real-time, visual display placed right on the dashboard to keep registered users informed of their remaining daily secure upload capacity and the exact hour/minute countdown until their 24-hour quota limit resets. It auto update each minute if the page is not reloaded.
* Fix: user’s quota check.
* Minor fixes
2.1.0
Release Date – 04 Jun, 2026
* Add: ‘Rolling Daily User Quota’ option to prevent disk space exhaustion via fast WordPress transients.
* Fix: Resolved an issue where the ‘link expired’ button would repeatedly reload the same page.
* Fix: Minor bug fixes and performance improvements.
2.0.0
Release Date – 02 Jun, 2026
- Note: this immediate major update to 2.0 version require to change custom HTML/CSS files is used.
- Add: High-capacity file uploads processed seamlessly via an isolated binary slicing chunk loop.
- Add: Dedicated administrative settings page managing maximum attachment sizes, user role permissions access gating, and dynamic file retention limits.
- Fix: Send out email only when required.
- Fix/Add: Migration of temporary tracking tokens to the high-performance WordPress Transients API instead of regular options.
1.0.0
Release Date – 02 Jun, 2026
- Initial public release.
- ML-KEM support.
- ML-DSA support.
- Browser-based file encryption.
- Multi-recipient sharing support.
- Guest mode support.
- Current version is subject to PHP upload limits imposed by the hosting environment.
- Large-file upload optimization is planned for future releases.