內容簡介
HTML bulleted list:
<ul>
<li>一個完整的安全外掛程式,實際上是免費的。沒有"專業"版本,沒有煩人的畫面,沒有捏造的威脅統計數據。</li>
<li>Login Protection</li>
<ol>
<li>在登入失敗後封鎖 IP</li>
<li>自訂登入網址(隱藏 wp-login.php)</li>
<li>對於登出的使用者隱藏 wp-admin</li>
<li>對付機器人的蜜罐欄位</li>
<li>隱藏登入錯誤(停止使用者名稱列舉)</li>
<li>對於從新 IP 登入的管理員發送電子郵件警報</li>
<li>在登入頁面上的國家/IP 限制</li>
</ol>
<li>IP Control</li>
<ol>
<li>白名單和黑名單</li>
<li>在重複鎖定後自動封鎖</li>
<li>支援 IPv4、IPv6、CIDR</li>
</ol>
<li>Geo Blocking</li>
<ol>
<li>封鎖國家</li>
<li>使用免費的 IP2Location LITE 資料庫</li>
<li>一鍵下載</li>
</ol>
<li>Hardening</li>
<ol>
<li>禁用 XML-RPC</li>
<li>禁用儀表板檔案編輯</li>
<li>禁用應用程式密碼</li>
<li>將 REST API 限制為已登入的使用者</li>
<li>刪除 WordPress 版本</li>
<li>封鎖使用者列舉(?author=1 和 REST API)</li>
<li>禁用 pingbacks/trackbacks</li>
</ol>
<li>Security Headers</li>
<ol>
<li>X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy, Content-Security-Policy, HSTS</li>
</ol>
<li>Two-Factor Authentication</li>
<ol>
<li>TOTP(Google Authenticator、Authy 等)</li>
<li>備份代碼</li>
<li>對管理員強制執行</li>
</ol>
<li>File Integrity Monitoring</li>
<ol>
<li>檢查 WordPress 核心檔案與官方校驗碼的一致性</li>
<li>每日掃描</li>
<li>在更改時發送電子郵件警報</li>
</ol>
<li>Malware Scanner</li>
<ol>
<li>掃描外掛程式、主題、上傳</li>
<li>基於模式的偵測</li>
<li>隔離可疑檔案</li>
<li>每週掃描</li>
</ol>
<li>Activity Log</li>
<ol>
<li>登入嘗試、鎖定、封鎖</li>
<li>IP、國家、使用者名稱、時間戳</li>
<li>可配置的保留</li>
<li>CSV 匯出</li>
</ol>
<li>Tools</li>
<ol>
<li>匯出/匯入設定</li>
<li>強制登出所有使用者</li>
<li>測試電子郵件</li>
<li>刪除 readme.html/license.txt</li>
</ol>
<li>Privacy</li>
<ol>
<li>無追蹤、無分析、無遙測</li>
</ol>
<li>External connections:</li>
<ol>
<li>WordPress.org API(核心檔案校驗碼)</li>
<li>IP2Location(僅在您點擊時下載)</li>
</ol>
總結:這個 WordPress 外掛是完整的安全外掛程式,實際上是免費提供的。它提供了多種安全功能,包括登入保護、IP 控制、地理封鎖、強化安全性、安全標頭、雙因素驗證、檔案完整性監控、惡意軟體掃描、活動記錄等功能,並且保護您的隱私。
問題與答案:
1. 這個 WordPress 外掛程式提供了哪些登入保護功能?
- 封鎖登入失敗後的 IP、自訂登入網址、隱藏 wp-admin、對付機器人的蜜罐欄位、隱藏登入錯誤、管理員新 IP 登入的電子郵件警報、在登入頁面上的國家/IP 限制。
2. 這個外掛程式如何進行 IP 控制?
- 提供白名單和黑名單功能,自動封鎖在重複鎖定後,並支援 IPv4、IPv6、CIDR。
3. Geo Blocking 功能可用於什麼?
- Geo Blocking 功能用於封鎖國家,使用免費的 IP2Location LITE 資料庫,並提供一鍵下載的功能。
外掛標籤
開發者團隊
原文外掛簡介
A complete security plugin that’s actually free. No “pro” version, no nag screens, no made-up threat statistics.
Login Protection
Blocks IPs after failed login attempts
Custom login URL (hides wp-login.php)
Hides wp-admin from logged-out users
Honeypot field for bots
Hides login errors (stops username enumeration)
Email alerts for admin logins from new IPs
Country/IP restrictions on login page
IP Control
Whitelist and blacklist
Auto-blacklist after repeated lockouts
IPv4, IPv6, CIDR supported
Geo Blocking
Block countries
Uses free IP2Location LITE database
One-click download
Hardening
Disable XML-RPC
Disable dashboard file editing
Disable application passwords
Restrict REST API to logged-in users
Remove WordPress version
Block user enumeration (?author=1 and REST API)
Disable pingbacks/trackbacks
Security Headers
X-Content-Type-Options, X-Frame-Options, X-XSS-Protection, Referrer-Policy, Permissions-Policy, Content-Security-Policy, HSTS
Two-Factor Authentication
TOTP (Google Authenticator, Authy, etc.)
Backup codes
Enforce for admins
File Integrity Monitoring
Checks WordPress core files against official checksums
Daily scans
Email alerts on changes
Malware Scanner
Scans plugins, themes, uploads
Pattern-based detection
Quarantine suspicious files
Weekly scans
Activity Log
Login attempts, lockouts, blocks
IP, country, username, timestamp
Configurable retention
CSV export
Tools
Export/import settings
Force logout all users
Test email
Delete readme.html/license.txt
Privacy
No tracking. No analytics. No telemetry.
External connections:
* WordPress.org API (core file checksums)
* IP2Location (database download, only when you click it)
External services
This plugin connects to the following external services under specific circumstances:
WordPress.org Checksums API
Service: api.wordpress.org/core/checksums/1.0/
Used for: Verifying WordPress core file integrity by comparing local files against official checksums
Data sent: WordPress version and locale
When: During daily scheduled file integrity scans and when manually triggered by the admin
Privacy policy: https://wordpress.org/about/privacy/
IP Detection Services
Services: api.ipify.org, ifconfig.me, icanhazip.com
Used for: Detecting the server’s public IP address for the “Whitelist My IP” tool
Data sent: Standard HTTP request (no personal data)
When: Only when an admin uses the “Whitelist My IP” feature in the Tools tab
Terms: https://www.ipify.org/ / https://ifconfig.me/ / https://icanhazip.com/
IP2Location
Service: download.ip2location.com
Used for: Downloading the free IP2Location LITE geolocation database for country-based blocking
Data sent: Standard HTTP request (optional: user’s download token if configured)
When: Only when an admin clicks “Download IP2Location Database” in the IP Control tab
Terms of service: https://www.ip2location.com/terms
Privacy policy: https://www.ip2location.com/privacy
