Cardano on WordPress

Plug-and-play Cardano utilities for WordPress — minting, payments, wallet connect, content signing, and more. Server-side signing. Pure PHP. Tiny bundles.

Why This Is Different

Most Cardano dApps ship 1.5 MB of WASM crypto to the browser. We don't.

Tiny Surface Area

6 KB gzipped frontend bundle. 18 KB PHP signer. Compare that to the typical 1.5 MB CSL WASM dependency most Cardano dApps require.

Server-Side Signing

Secrets never leave the server. All transaction construction and signing happens behind WordPress capability-gated endpoints with nonce verification.

Pure PHP Crypto

No Node.js. No Python. No compiled binaries. Ed25519 signing with triple-fallback: native sodium, FFI, or pure PHP BCMath. Runs anywhere WordPress runs.

How the Stack Works

A signer-first architecture where blockchains are pluggable settlement layers.

Browser UX

Minimal frontend. Wallet connection via CIP-30. No crypto in the browser unless explicitly chosen.

WP Endpoints

REST & AJAX endpoints with nonce verification, capability checks, and input validation.

PHP Signer

Deterministic Ed25519 signing. Keys encrypted at rest. Multi-sig ready. 18 KB total.

Settlement Layer

Cardano (today). The chain is a pluggable backend — the application logic stays the same.

Vibe Coding, But Safe

LLMs excel at generating features within stable constraints. This stack provides exactly the guardrails they need.

Large language models can safely scaffold UI flows, admin tools, and integration logic without accidentally violating core security assumptions. The architecture acts as a guardrail, making rapid AI-assisted development both productive and safe.

Paste these rules into any LLM session to extend our plugins safely.

LLM Prompt Rules
1. Never put API keys in JS; server calls only.
2. All sensitive actions go through WP REST/AJAX endpoints with:
   - capability checks
   - nonce verification
   - strict input validation
3. Signing logic stays server-side unless explicitly
   set to CIP-30 wallet signing.
4. Downloads served via controlled endpoint;
   compute and display SHA-256.
5. Keep frontend minimal; prefer server-rendered
   pages and small scripts.