Skip to main content
NEW Didit KYC Identity Verification is live, verify signers with government ID & biometrics for eIDAS Advanced signatures Learn more
Security Feature

Document Security

SHA-256 hashing, encrypted storage, tamper detection, and self-hosted data sovereignty. Your documents are protected at every layer.

Security Features

Bank-grade security for your sensitive documents, all on your own server.

SHA-256 Document Hashing

Every signed document gets a unique cryptographic fingerprint. Any modification, even a single byte, is instantly detectable.

Tamper-Proof PDFs

Signed documents are sealed with digital signatures. PDF readers display a warning if the document is modified after signing.

Encrypted at Rest

Documents stored on your server are encrypted. Even direct database access doesn't expose document contents.

Encrypted in Transit

All data transfer uses TLS 1.2+ encryption. Signing sessions, file uploads, and API calls are always encrypted.

Self-Hosted Data Sovereignty

Your documents never leave your server. No third-party cloud storage, no data sharing, no external dependencies.

IP Access Logging

Every access to a document is logged with IP address, user agent, and timestamp for forensic analysis.

Role-Based Access Control

WordPress role-based permissions control who can create, view, edit, and delete documents.

Secure Delete

When documents are deleted, all associated files, signatures, and audit trail data are permanently removed.

How It Works

1

Upload & Encrypt

When you upload a PDF, it's encrypted at rest on your server. The original file is stored securely and never leaves your infrastructure.

2

Sign & Hash

After signing, WPsigner generates a SHA-256 hash of the complete document. This hash is stored in the audit trail and embedded in the PDF's digital signature.

3

Verify & Detect

Any future attempt to modify the document changes its hash, triggering an "Invalid Signature" warning in PDF readers. Tampering is immediately visible.

Frequently Asked Questions

How does SHA-256 hashing protect documents?

SHA-256 generates a 256-bit hash (a unique 'fingerprint') of the document's binary content. After signing, this hash is stored in the audit trail and embedded in the digital signature. If anyone changes even a single character in the document, the hash changes completely, proving tampering occurred.

Where are my documents stored?

Exclusively on your WordPress server. WPsigner does not send, copy, or sync your documents to any external service. If you configure cloud storage backups (Google Drive, S3, etc.), those are optional and under your control.

Is WPsigner GDPR compliant?

Yes. Because WPsigner is self-hosted, you maintain full control over personal data. You decide where data is stored, how long it's retained, and who has access. This makes GDPR compliance straightforward, you are both the data controller and processor.

Can I audit who accessed a document?

Yes. WPsigner logs every access event: document views, downloads, signature actions, and admin operations. Each log entry includes timestamp, user identity, IP address, and user agent. This data is available in the document's audit trail and can be exported.

Enterprise-Grade Document Security

All security features are included in every WPsigner plan.

View Pricing