With the latest version 2.7.0 of the Bitcoin and Altcoin Wallets free WordPress plugin comes the addition of a Cold Storage section in the admin panel.

What is Cold Storage (and why should I care)?

When users hold cryptocurrencies on your site, these funds are stored on your back-end wallets. The plugin uses these wallets to communicate with the blockchains.

If a malicious hacker were to somehow gain access to your WordPress, they could steal your users’ money. This is why you must:

1. keep your site secure, and
2. plan for the possibility that your site can be breached. No system is 100% safe.

One very popular security measure is to keep part of the funds in cold storage. This is an offline wallet, to which your site’s code does not have access to.

The concept is not much unlike that of fractional reserve banking: You do not keep all of the deposited funds on the live wallet. Instead you keep a fraction of those funds online, and the rest you keep on another wallet. Preferably a wallet that is not even connected to the internet. Paper wallets and hardware wallets are good for this, but you could also use a computer that you keep offline at all times.

This release features an admin page that makes it easy to split funds into a live and cold wallet: For every currency you have installed, the page will tell you

1. how many coins you have in your online wallet,
2. how much is the total of all your users’ balances, and
3. how much you need to deposit or withdraw to reach your target level.

How can I use Cold Storage to secure my site?

You can now target to keep a fixed percentage of the total balances online at all times. Send the rest of the coins to cold storage and keep them safe. At a later time you can deposit them again into your site as needed.

The admin page will let you deposit and withdraw funds to and from an external cold storage wallet. These transactions are not recorded in your transactions table. They do not affect any user balances. They only affect the online wallet balance. In the event of a security breach, all of the offline coins are safe and your risk is minimized.

You will want to keep online more money than you expect your users to withdraw all at once. If there are not enough funds online, user-requested withdrawals will fail.

On the other hand, you could decide that all withdrawals require confirmation by an admin. Then you can keep all of the funds in cold storage and only put them back online before you manually approve user withdrawals.

Any administrator with the manage_wallets capability has access to that page. Keep in mind that you need to wait for transactions to confirm before they affect your balance. If you are using the CoinPayments adapter, withdrawals might take a few minutes to execute.

Hardware wallets

Consider getting a hardware wallet to use for cold storage. A Trezor or Ledger Wallet will do nicely.