內容簡介
不僅僅是掃描惡意軟體。預防其感染你的網站。
使用安全流程來保護自己免受0-Day威脅,而非僅依賴簽名。
感染惡意軟體嗎?
BitFire惡意軟體掃描器業界的惡意軟體檢測率是最高的之一。
大多數惡意軟體掃描不到60秒。查看數據:
**比較WordFence的WordPress惡意軟體檢測率
完整的機器人保護
自動掃描工具占了所有WordPress網站的99.99%的黑客攻擊。
BitFire是唯一追踪您網站上每個機器人的WordPress安全外掛。
我們將每個機器人訪問與600個已知的正常機器人列表進行比較,僅在它們的IP地址有效時才允許它們進入。
這可以防止黑客偽裝像GoogleBot等正常機器人並繞過您的安全措施。
確認每個訪問您網站的機器人,手動批准或拒絕它。
集成人類驗證
BitFire集成一個免費的人類驗證系統,驗證您的訪問者是否是真正的人類。
使用集成的JavaScript,人類只有在回答JavaScript挑戰後才能訪問您的網站。
這與CloudFlair的人類驗證類似,但速度更快,通常不到100毫秒。
人類驗證對於阻止黑客攻擊很重要,因為許多自動化黑客工具會偽裝網頁瀏覽器。BitFire阻止所有這些黑客工具訪問您的網站。
運行時應用自我保護
BitFire是WordPress唯一的RASP防火牆。
*了解RASP的工作原理 from Checkpoint
BitFire直接集成於WordPress和您的Web伺服器,可在惡意軟體感染您的網站之前停止它。
RASP文件保護
當嘗試修改伺服器上的PHP文件時,File-Protection會運行。
BitFire攔截寫入操作,並驗證是有效的網站管理員在修改文件,而不是駭客。
這可以防止任何惡意軟體感染您的網站,即使防火牆也沒有檢測到它。
RASP數據庫保護
Database-Protection監控您WordPress數據庫的SQL查詢。
每次嘗試修改數據時,BitFire都會檢查正在更新的表。
如果查詢嘗試創建新用戶或更新權限為管理員級別,BitFire將阻止查詢,除非用戶已登錄為管理員。
這可以防止黑客試圖在您的伺服器上安裝後門帳戶。
RASP網絡保護
最後,BitFire RASP攔截所有Web伺服器到Internet的網絡請求。
BitFire阻止所有服務器端請求伪造攻擊,停止所有使用時間檢查攻擊(Time of Use、TOU)並防止您的伺服器與惡意軟體命令和控制伺服器對話。
與WordFence比較
WordFence是WordPress安全性方面最受歡迎的選擇。BitFire與市場領袖相比如何?WordFence VS BitFire
隱私/監視/數據收集
隱私。我們非常重視隱私。BitFire會檢查發送到Web伺服器的所有流量,並會慎重篩選掉任何可能含有敏感信息的內容,並替換為已塗黑的內容。config.ini文件包含“filtered_logging”部分中的常見敏感字段名稱列表。您可以通過在config文件中添加其他要過濾的字段來擴展此列表。
我們的收集方式和過濾非敏感的方式可以保護您的隱私。
外掛標籤
開發者團隊
② 後台搜尋「BitFire Security – Firewall, WAF, Bot/Spam Blocker, Login Security」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
Real-Time Security for WordPress
BitFire protects your website from bots, hackers, malware, and critical vulnerabilities – before they can cause damage.
This plugin brings advanced security technology used by large enterprises to your WordPress site, now available in a free version. Whether you manage a business website, blog, or WooCommerce store, BitFire gives you powerful protection and visibility into your traffic.
Smarter Protection with AI
Most security plugins wait for updates to detect new threats. BitFire takes a different approach: it uses artificial intelligence and real-time request analysis to stop zero-day attacks, bots, and malicious users before they get access to your site.
Our AI learns what normal traffic looks like for your site and blocks anything suspicious – without you needing to configure endless rules.
“Unlike traditional firewalls that allow everything by default and react to known threats, BitFire only allows verified traffic – stopping new and unknown attacks instantly.”
Key Features
🔐 Security Highlights (Free & Pro)
Stop Bots Automatically – Block fake users, spam bots, and scanners (no captchas needed).
Malware Scanner – Scan your site for infected or unknown files using a fast hash-based scanner.
Real-Time Traffic Monitor – See who’s visiting your site, including IP, city, browser, request rate, and referrer.
Login Protection – Block bots from abusing your login page, detect phishing attacks, and stop brute-force attempts.
Human / Bot Detection – BitFire can tell the difference between real users and fake browsers with 99.7% accuracy.
IP Reputation – Block over 300,000 known malicious IPs with real-time threat intelligence.
🚀 Built for Speed
BitFire logs traffic in under 2ms per request, thanks to a high-performance binary logging engine.
Unlike bulky WAFs that rely on large rule sets, BitFire looks at the intent behind every request – giving you faster speeds and fewer false positives.
🔍 Live Traffic Monitoring
Track every visitor request in real time
Remove blind spots and gain confidence in your site security
Filter traffic by IP, URL, response code, or user-agent
View bot fingerprints from over 3,000 known bots and 180 real browsers
See what was blocked and why
🛡 Runtime Protection (PRO)
BitFire includes WordPress’s first Runtime Application Self Protection (RASP) firewall.
This means BitFire watches what your plugins and code are doing in real time and blocks anything suspicious – including:
– Unauthorized file modifications (File RASP)
– Suspicious database queries (Database RASP)
– Unauthorized account creation or privilege escalation (Authentication RASP)
– Dangerous outbound network requests (Network RASP)
“It’s like a bodyguard inside your WordPress server – watching every move and stopping threats before they execute.”
What’s Included in the Free Version?
Traffic logger (current day only)
Real-time bot and malware detection
File scanner with fast hash matching
Block plugin and theme enumeration tools
Live IP and user-agent request viewer
Block hacking tools like WPScan, Nmap, Nikto, etc.
What’s in BitFire Pro?
Web Firewall rated A+ by cloudbric with real-time updates
Full Runtime Self Protection engine (File, Database, Account, and Network protection)
Advanced login protection and phishing detection
Malware scanner with 14 million+ clean file hashes
Automatic browser fingerprinting and allowlists
Auto-configured CSP and security headers (A+ rating)
Increased traffic logging and historical view to 30 days
** Independent WAF testing by Cloudbric https://labs.cloudbric.com/wafer **
BitFire [PRO] – 🇦 (94%)
MalCare [PRO] – 🇫 (34%)
WordFence [PRO] – 🇩 (41%)
iThemes Security – 🇫 (2%)
Ninja Firewall [PRO] – 🇩 (67%)
Site Ground Security – 🇫 (2%)
Shield Security [PRO] – 🇫 (2%)
Trusted by Enterprises, Now Available to You
BitFire is used by major organizations on our managed enterprise platform and developed by a veteran security architect with over 20 years of experience defending Fortune 500s and critical infrastructure.
This free release brings our best bot detection and traffic logging features to the WordPress community – at no cost.
Learn More
Visit https://bitfire.co for:
– Full product comparison
– Malware removal services
– Pro pricing
– Support
Privacy / Monitoring / Data Collection
Privacy. We take privacy very seriously. BitFire inspects all traffic going to the webserver and takes care to filter out any potentially sensitive information by replacing it with redacted. The config.ini file includes a list of common sensitive field names under the “filtered_logging” section. You can add additional fields to filter in the config file by adding a line “filtered_logging[field_name] = true” and replacing “field_name” with the name of the desired parameter to filter.
BitFire includes an error handler which monitors it’s operation. In the event an error is detected in the BitFire software; including during install, an alert can be sent to BitFire’s developer team. The development team monitors these errors in real time and includes fixes for any detected errors in each new release.
Malware scanner. BitFire sends tiny 64bit hashes (signatures, or fingerprints) of every file to our hash database. For instance, index.php may hash to the number: 812612388126487. The database is many gigabytes and centrally located on our servers. BitFire uses that information to determine if a file has been modified or is a known good file and sends the results back to your site. Client hashes are never stored off your server.
Log data and configuration data is stored locally on the filesystem in the wp-content/uploads/bitfire_RANDOM directory. This directory is unique and hidden from the Internet and protected by an .htaccess file. Web servers that are configured to allow directory listings will want to ensure that the file wp-content/uploads/index.php is present to prevent directory listings. The random directory name is 12 characters long and is generated on install. The directory is not accessible from the Internet and is protected by a .htaccess file.
