[WordPress] 外掛分享: Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan

WordPress 外掛 Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan 的封面圖片。

前言介紹

外掛協作開發者

sminozzi |

外掛標籤

disable | Block Tor | antimalware | malware scanner | wordpress security tools |

內容簡介

ocklists it, and keep it safe with Anti Hacker Plugin – a comprehensive security tool that protects your WordPress site from a range of threats including hackers, malware, bot attacks, and brute force attacks. Features include a firewall that blocks malicious requests, queries, user agents and URLs, protection against unauthorized access and brute force attacks, disabling of the Json WordPress Rest API and WordPress xmlrpc (xml-rpc)/Pingback, email alerts for new plugin installations and Anti Hacker plugin deactivation, and much more. The plugin also includes a malware scanner that inspects every file on your website for traces of malware, exploits, trojans, worms and viruses, as well as JavaScript code obfuscation, exploits, malicious iframes, malicious code injection and more. Anti Hacker Plugin is multilingual ready and includes Italian and Portuguese language files. The premium version includes additional features such as visits and bot attempts limits and limiting only 404 requests.

原文外掛簡介

ANTI HACKER PLUGIN
★★★★★

No matter how small or big your server is, hackers may attempt to use it to send spam, steal traffic, and attack other computers. According to Security magazine, there is a hacker attack every 39 seconds.
In fact, some studies suggest that the majority of attacks against websites begin to occur within the first 24 hours of a site going online.
.
Improve system security, protect login (Login Security), firewall, scan for malware, block user enumeration and TOR, disable Json WordPress Rest API, xmlrpc (xml-rpc) & Pingback and more a lot of security tools. Translation ready. Files included: Dutch, English, French, Italian, Portuguese, Spanish, and German.
.
Italian: Migliora la sicurezza del sistema, proteggi l’accesso (sicurezza dell’accesso), firewall, cerca malware, blocca l’enumerazione degli utenti e TOR, disabilita l’API Rest di Json WordPress, xmlrpc (xml-rpc) e Pingback e molti altri strumenti di sicurezza. Multilingua pronto. Inclusi anche file in lingua italiana e portoghese.
.
Português: Melhora a segurança do sistema, proteje o login (Segurança de login), firewall, verifica se há malware, bloqueia a enumeração do usuário e TOR, desativa Json WordPress Rest API, xmlrpc (xml-rpc) e Pingback e mais muitas ferramentas de segurança. Pronto para vários idiomas. Incluídos também arquivos em italiano e português.

No DNS API (entryPoint) or Cloud Traffic Redirection. No Slow Down Your Site! No Google penalties for slow sites.

Features and Tools Included

Prevent unauthorized access to your account by protect your login page also against bots and brute force.
Firewall to Block Malicious Requests, Queries, User Agents and URLS. 100% Plug-n-play, no configuration required.
View Table of the Blocked Visits and add IP to Whitelist from table and logs failed login attempts.
Option to disable Json WordPress Rest API (also new WordPress 4.7 Rest API).
You can also disable the WordPress xmlrpc (xml-rpc) (or disable only Pingback) API with just one click.
You can turn on login alerts with just one click. Also login fails alert.
Send alert email when any new plugin is installed. (First thing hackers do when gain access to your site)
Send email alert when AntiHacker plugin in deactivated.
WordPress Debug enabled warning.
Disable file editing within the WordPress dashboard.
Replace insecure login error message.
Hide WordPress version number.
Disable Application Passwords: Block external applications to request permission to connect to a site and generate a password (WordPress 5.6 new feature)
Limit Visits, Limit Bots Attempts (Premium Version)
limit only 404 requests (Premium Version)
File Integrity Checker (verify the integrity of your WordPress core files).
Check Google Safe Browsing Blacklist
Check and alert for deactivated Plugins and themes
Check and alert for extra files and dangerous files on root folder.
Multilingual ready.
Disable WordPress native sitemap (for user’s) creation.
Disable xmlrpc
Disable Pingback
Protect Against Cyber Attack
hardening wordpress

Malware Scanner

Security Malware scanner (one click scan) for 797 malwares also in free version (unlimited files).
7 speed options to scan and the scan run on your local computer to not overload your server.
Scans every folder and inspects every file on a website (deep scanner) for traces of malware, exploits, trojans, worms, viruses, backdoors as well as JavaScript code obfuscation, exploits, malicious iframes, malicious code injection, malicious code obfuscation, auto-generated malicious content, redirects, hidden eval code and more.
Scan all Pages, Posts and Comments against malwares.
Alert for plugins and themes without updates for long time or with old versions.
Scan your site now before Google blacklists it or your web host takes it down.

Block

User enumeration. (is one of the most popular attacks to identify the valid user names)
Comments in media page.
Bad Queries.* Block All Feeds (Optional).
Creation of new Administrators from plugins and themes with vulnerabilities.
False Google and Bing (MSN) bots (Premium Version)
Search for Theme’s vulnerabilities (Premium Version)
Search for Plugin’s vulnerabilities (Premium Version)
Tor (The Onion Router) Traffic – Optional – (Premium Version) Tor anonymity provides value to online attackers.
HTTP Tools (you can manage the strings)
Blank User Agent

Useful Links
Premium Version with more features
(Our Premium version won’t empty your pocket.)
StartUp Guide
Online Documentation
FAQ Page
Plugin Site
Plugin Blog with a lot of tips
Compatible with Stop Bad Bots Plugin
Share 🙂
Why disable the WordPress xmlrpc
This plugin disables XMLRPC API in WordPress 3.5+ or above, which is enabled by default.
XMLRPC on WordPress is actually an API or “application program interface“.
It gives developers who make mobile apps, desktop apps and other services the ability to talk to your WordPress site.
Most users don’t need WordPress XMLRPC functionality, and it’s one of the most common causes for exploits.
If you want to access and publish to your blog remotely, then you need XMLRPC enabled.
Why should we disable pingbacks?
Pingback allows you to notify other bloggers that you have linked to their article on your website.
A WordPress website with Pingback enabled can be used in DDOS attacks against other websites.
An attacker can exploit pingback functionality through simple command and an XMLRPC request.
Why disable Json WordPress Rest API
(disable WordPress Rest API)
Block User enumeration to improve security.
The REST API (new WordPress 4.7) allows for anonymous access and this means that anyone can list all
the users of a website. This will enable botnets to try and Bruteforce attack a website with the user’s credentials.
Brute Force Login Protection
A brute-force attack is an attempt to discover a password by systematically trying every
possible combination of letters, numbers, and symbols until you discover the one correct combination
that works.
Our plugin will protect your site against Brute Force Attack, by restrict access to login page to
whitelisted IP addresses.
Otherwise, your login page will request your wordpress user email.
It is not necessary Limit Login Attempts. Read below about Rate Limiting.
Rate Limiting
Rate Limiting is a substitute to Limit Login Attempts.
Bots and Hackers can make a lot of visits in a short time period.
We can just limit a number of visits.
Simple Login Lockdown
Rate Limiting is a substitute to Simple Login Lockdown. Read above.
Rename wp-login.php
Rate Limiting is a substitute to Rename wp-login.php. Read above.
External service
If the settings of Anti Hacker is Block all traffic from Tor? = “Yes”, we can test visitors Ip
from the TOR PROJECT database. We download daily Tor Database and we didn’t send any information to them.
This is a free service. TorProject is a not-for-profit organization.
Tor Documentation:
https://www.torproject.org/
External service 2
Our plugin will check your status on Google regarding Google Safe Browsing.
Google Safe Browsing is a service provided by Google to help protect users from malicious websites on the internet.
To simplify your inquiry, avoiding the need to create a Google account to obtain an API,
we will perform this query for you.
We will send your domain address and Google will inform us whether it considers your site safe or not.
Obviously, if it does not consider it safe, it will not send visitors to your site.
Instead, it will inform those who intend to visit your site that it is dangerous.
Hence the importance of always monitoring this. We will add that on your plugin dashboard.
This collected data (domain name) will only be used to query Google and will not be stored.
For more information about this, visit Google.
For more details about our site, visit us.
This plugin is a service. If you choose the premium version, only in this case, when applying your purchase code, it will be sent to our server, which will return whether it is valid or not.
This plugin is a service. If you choose the premium version, your site will receive weekly updates for its bot, IP, and referrer tables.
Only in this case, when applying your purchase code, it will be sent to our server, which will return whether it is valid or not.
External service 3
The Anti Hacker plugin will retrieve tips and news from our site BillMinozzi.com. This information will be displayed in the plugin dashboard, in the right-hand column under the title “Tips and News.” No data is sent to our server. Learn about the terms of use for our plugins and themes at this link:
https://siterightaway.net/terms-of-use-of-our-plugins-and-themes/
External service 4
When using our chat, only some information about issues, such as your language and data from the Diagnose tab, may be sent to our server. We do not share, publish, or disclose any information with third parties.
Look the file changelog.txt for details
We can keep the size of the standard WordPress readme.txt file reasonable

各版本下載點

(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。

1.0 | 1.1 | 1.2 | 1.3 | 1.4 | 1.5 | 1.6 | 1.7 | 1.8 | 1.9 | 2.0 | 3.1 | 3.2 | 3.3 | 2.01 | 2.02 | 2.03 | 2.04 | 2.05 | 2.06 | 2.07 | 2.08 | 2.10 | 2.12 | 2.13 | 2.14 | 2.15 | 2.16 | 2.17 | 2.18 | 2.19 | 2.21 | 2.22 | 2.23 | 2.24 | 2.25 | 2.26 | 2.27 | 2.28 | 2.29 | 2.30 | 2.31 | 2.32 | 2.33 | 2.34 | 2.35 | 2.36 | 2.37 | 2.38 | 2.39 | 2.40 | 2.41 | 2.42 | 2.43 | 2.44 | 2.45 | 2.46 | 2.47 | 2.48 | 2.49 | 2.50 | 2.51 | 2.52 | 2.53 | 2.54 | 2.55 | 2.56 | 2.57 | 2.58 | 2.59 | 2.60 | 2.61 | 2.62 | 2.63 | 2.64 | 2.65 | 2.66 | 2.67 | 2.68 | 2.69 | 2.70 | 2.71 | 2.72 | 2.73 | 2.74 | 2.75 | 2.76 | 2.77 | 2.78 | 2.79 | 2.80 | 2.81 | 2.82 | 3.10 | 3.11 | 3.12 | 3.13 | 3.14 | 3.15 | 3.16 | 3.17 | 3.18 | 3.19 | 3.20 | 3.21 | 3.22 | 3.23 | 3.24 | 3.25 | 3.26 | 3.27 | 3.28 | 3.29 | 3.30 | 3.31 | 3.32 | 3.33 | 3.34 | 3.35 | 3.36 | 3.37 | 3.38 | 3.39 | 3.40 | 3.41 | 3.42 | 4.00 | 4.01 | 4.02 | 4.03 | 4.04 | 4.05 | 4.06 | 4.07 | 4.08 | 4.09 | 4.10 | 4.11 | 4.12 | 4.13 | 4.14 | 4.15 | 4.16 | 4.17 | 4.18 | 4.19 | 4.20 | 4.21 | 4.22 | 4.23 | 4.24 | 4.25 | 4.26 | 4.27 | 4.28 | 4.29 | 4.30 | 4.31 | 4.32 | 4.34 | 4.35 | 4.36 | 4.37 | 4.38 | 4.39 | 4.40 | 4.41 | 4.42 | 4.43 | 4.44 | 4.45 | 4.46 | 4.47 | 4.48 | 4.49 | 4.50 | 4.51 | 4.52 | 4.53 | 5.01 | 5.03 | 5.04 | 5.05 | 5.06 | 5.07 | 5.08 | 5.09 | 5.10 | 5.11 | 5.12 | 5.13 | 5.14 | 5.15 | 5.16 | 5.17 | 5.18 | 5.19 | 5.20 | 5.21 | 5.22 | 5.24 | 5.25 | 5.26 | 5.27 | 5.28 | 5.29 | 5.30 | 5.31 | 5.33 | 5.34 | 5.35 | 5.36 | 5.37 | 5.38 | 5.39 | 5.40 | 5.41 | 5.42 | 5.43 | 5.44 | 5.45 | 5.46 | 5.47 | 5.48 | 5.49 | 5.50 | 5.51 | 5.52 | 5.53 | 5.54 | trunk |

延伸相關外掛(你可能也想知道)

  • Security Optimizer – The All-In-One Protection Plugin 》透過精心挑選且易於配置的功能,SiteGround Security 外掛提供了您所需的一切來保護您的網站並預防多種威脅,例如暴力破解攻擊、登錄錯誤、資料外洩等等。, ...。
  • MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall 》at Is MalCare Security Services?, MalCare Security Services 是一款 WordPress 網站的安全外掛程式。★★★★★, 這款 WordPress 安全外掛程式可以確保您的網站...。
  • Defender Security – Malware Scanner, Login Security & Firewall 》our WordPress website with Defender. This plugin offers comprehensive security features that protect against various vulnerabilities and hacks, inc...。
  • Titan Anti-spam & Security 》ime for new hacking patterns and malicious IP addresses, to block attacks., [PRO] We provide 24/7 technical support., [PRO] Protect your website fr...。
  • BulletProof Security 》WordPress 安全防護:惡意軟體掃描器、防火牆、登入安全、資料庫備份、反垃圾郵件等功能,下列為安全性功能的重點,詳細說明請參見下方 FAQ 幫助節點內的 Bul...。
  • Malcure Malware Scanner — #1 Toolset for WordPress Malware Removal 》最佳的 WordPress 感染清理外掛。掃描整個 WordPress 檔案和資料庫,查找惡意重新導向、病毒、惡意軟體、感染、安全威脅、特洛伊木馬、後門、dolohen、程式碼...。
  • Malware Scanner 》MALWARE SCANNER |WORDPRESS ANTI-MALWARE PROTECTION, Malware Scanner 外掛提供防 malware 保護效能,能夠偵測 WordPress 網站中的網路 malware、漏洞和其...。
  • RSFirewall! 》RSFirewall! WordPress外掛是保障您網站安全的最佳解決方案,幫助您預防有心者想竊取或損害您的網站。該外掛由一支專業的網站安全團隊支持,隨時掌握最新已知...。
  • Virusdie – One-click website security 》使用 Virusdie WordPress 外掛,輕鬆實現一鍵式網站安全防護, 歡迎使用最受期待的網站安全外掛 — Virusdie WordPress 外掛!, 簡單管理網站安全措施,例如:...。
  • WordPress Security – Firewall, Malware Scanner, Secure Login and Backup 》WORDPRESS 最受歡迎的防火牆和安全掃描器, Wp security pro 包含專門為 WordPress 創建的恶意軟件掃描器和終端防火牆。為了保障您的網站安全,我們的威脅防禦...。
  • BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security 》不僅僅是掃描惡意軟體。預防其感染你的網站。, 使用安全流程來保護自己免受0-Day威脅,而非僅依賴簽名。, 感染惡意軟體嗎?, BitFire惡意軟體掃描器業界的惡...。
  • IP Threat Blocker 》現在已經免費擁有基本威脅阻擋器!, Musubu 的 WordPress IP 威脅阻擋外掛整合了 Musubu API 的滿貫能量,以動態篩查進入您的網站之 IP 位址的網頁安全威脅等...。
  • attachmentAV – Antivirus for WordPress

    外掛總結:

    ,

    這個外掛可以保護您的部落格免受病毒、蠕蟲和特洛伊木馬等惡意軟體的侵害。

    , ,

    問題與答案...。

  • SecurityWP – Advanced Security & Firewall 》SecurityWP 是一款強大的 WordPress 安全性外掛程式,可保護你的網站免於駭客、攻擊和其他威脅。它可以防範 SQLi 攻擊(SQL Injection)、XSS 弱點、惡意檔案...。
  • Antivirus Solution 》WP Antivirus Site Protection是一款安全性外掛,可預防/檢測和刪除惡意病毒和可疑代碼。, 它可以檢測:後門、rootkit、木馬、蠕蟲、詐騙工具、廣告軟件、間...。

文章
Filter
Apply Filters
Close
Mastodon