內容簡介
不僅僅是掃描惡意軟體。預防其感染你的網站。
使用安全流程來保護自己免受0-Day威脅,而非僅依賴簽名。
感染惡意軟體嗎?
BitFire惡意軟體掃描器業界的惡意軟體檢測率是最高的之一。
大多數惡意軟體掃描不到60秒。查看數據:
**比較WordFence的WordPress惡意軟體檢測率
完整的機器人保護
自動掃描工具占了所有WordPress網站的99.99%的黑客攻擊。
BitFire是唯一追踪您網站上每個機器人的WordPress安全外掛。
我們將每個機器人訪問與600個已知的正常機器人列表進行比較,僅在它們的IP地址有效時才允許它們進入。
這可以防止黑客偽裝像GoogleBot等正常機器人並繞過您的安全措施。
確認每個訪問您網站的機器人,手動批准或拒絕它。
集成人類驗證
BitFire集成一個免費的人類驗證系統,驗證您的訪問者是否是真正的人類。
使用集成的JavaScript,人類只有在回答JavaScript挑戰後才能訪問您的網站。
這與CloudFlair的人類驗證類似,但速度更快,通常不到100毫秒。
人類驗證對於阻止黑客攻擊很重要,因為許多自動化黑客工具會偽裝網頁瀏覽器。BitFire阻止所有這些黑客工具訪問您的網站。
運行時應用自我保護
BitFire是WordPress唯一的RASP防火牆。
*了解RASP的工作原理 from Checkpoint
BitFire直接集成於WordPress和您的Web伺服器,可在惡意軟體感染您的網站之前停止它。
RASP文件保護
當嘗試修改伺服器上的PHP文件時,File-Protection會運行。
BitFire攔截寫入操作,並驗證是有效的網站管理員在修改文件,而不是駭客。
這可以防止任何惡意軟體感染您的網站,即使防火牆也沒有檢測到它。
RASP數據庫保護
Database-Protection監控您WordPress數據庫的SQL查詢。
每次嘗試修改數據時,BitFire都會檢查正在更新的表。
如果查詢嘗試創建新用戶或更新權限為管理員級別,BitFire將阻止查詢,除非用戶已登錄為管理員。
這可以防止黑客試圖在您的伺服器上安裝後門帳戶。
RASP網絡保護
最後,BitFire RASP攔截所有Web伺服器到Internet的網絡請求。
BitFire阻止所有服務器端請求伪造攻擊,停止所有使用時間檢查攻擊(Time of Use、TOU)並防止您的伺服器與惡意軟體命令和控制伺服器對話。
與WordFence比較
WordFence是WordPress安全性方面最受歡迎的選擇。BitFire與市場領袖相比如何?WordFence VS BitFire
隱私/監視/數據收集
隱私。我們非常重視隱私。BitFire會檢查發送到Web伺服器的所有流量,並會慎重篩選掉任何可能含有敏感信息的內容,並替換為已塗黑的內容。config.ini文件包含“filtered_logging”部分中的常見敏感字段名稱列表。您可以通過在config文件中添加其他要過濾的字段來擴展此列表。
我們的收集方式和過濾非敏感的方式可以保護您的隱私。
外掛標籤
開發者團隊
② 後台搜尋「BitFire Security – Firewall, Malware Scanner, Bot Blocker, Login Protection」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
Your Site Deserves Real Protection
You built your WordPress site to grow your business, share your ideas, or connect with your community. You shouldn’t have to become a security expert to keep it safe.
BitFire stops hackers, bots, and malware automatically so you can focus on what matters: running your site. And when you have a question, talk to a real person on our US-based support team.
How BitFire Keeps You Safe
Most security plugins wait until something goes wrong and then try to clean up the mess. BitFire works the other way around: it stops threats before they ever reach your site.
Think of it like a lock on your front door versus a camera that records a break-in. BitFire is the lock.
Our AI-powered scanner watches your files and traffic in real time, catching new threats that other plugins miss because they are still waiting for someone to write a rule for it.
“Traditional firewalls allow everything by default and react to known threats. BitFire flips that: it verifies traffic first and only lets the good stuff through.”
Key Features
What BitFire Does For You (Free)
Stops Bots Automatically
Spam bots, scrapers, and scanners get blocked before they waste your server resources or fill your forms with junk. No CAPTCHAs, no puzzles for your visitors.
Scans for Malware
BitFire checks every file on your site against a database of over 20 million known-good files. If something does not belong, you will know about it.
Shows You Who is Visiting
See every request to your site in real time: where visitors are from, what browser they are using, and whether they are a real person or a bot. No more guessing.
Protects Your Login Page
Brute-force attacks, password stuffing, and login bots are stopped cold. Your admin area stays locked down.
Tells Real People from Fake Browsers
BitFire verifies visitors with >99.9% accuracy, 50 times faster than Cloudflare’s challenge pages. Real visitors never notice. Bots get stopped instantly.
Blocks Known Bad Actors
Over 300,000 known malicious IPs are blocked before they can even connect to your site.
What You Get with BitFire Pro
Everything in Free, plus the protections that stop even zero-day attacks on vulnerable plugins and themes:
Runtime Protection (RASP)
BitFire is the only WordPress security plugin with Runtime Application Self Protection. It watches what your plugins and themes are actually doing and stops anything suspicious:
A plugin tries to create a secret admin account? Blocked.
Malware tries to edit your PHP files? Blocked.
A hacked plugin tries to phone home to a malware server? Blocked.
Code tries to redirect your visitors to a scam site? Blocked.
BitFire has blocked 100% of critical WordPress zero-day vulnerabilities since 2022, with zero new rules required.
A+ Rated Web Application Firewall
Independent testing by Cloudbric rated BitFire’s WAF at 94% (A+). See how that compares:
BitFire [PRO]: 94% (A+)
Ninja Firewall [PRO]: 67% (D)
WordFence [PRO]: 41% (D)
MalCare [PRO]: 34% (F)
iThemes Security: 2% (F)
Shield Security [PRO]: 2% (F)
SiteGround Security: 2% (F)
View the full independent test results at Cloudbric Labs
AI-Powered Malware Analysis
When the scanner finds something suspicious, BitFire’s AI analyzes it in real time to determine if it is actually malicious or just unusual code. Pro users get results in about 2 minutes. Free users can submit files for batch analysis.
Automatic Security Headers
BitFire learns which domains your site uses (Google Fonts, your CDN, analytics, etc.) and automatically sets up Content Security Policy headers that earn an A+ rating. This protects your visitors from cross-site scripting and redirect attacks without you having to configure a thing.
30 Days of Traffic History
Look back through a full month of traffic data to investigate issues, spot patterns, or just understand how your site is being used.
Real Human Support
This is what makes BitFire different from the big-name security plugins: when you need help, you talk to a real person.
Our US-based support team is available 12 hours a day. No ticket queues that take days. No chatbots. No copy-paste answers. Just experienced people who will make sure your site is secure.
Whether you need help with setup, have a question about a block, or want someone to look at a suspicious file, we are here.
Pricing
Free
$0 forever. Bot blocking, malware scanning, login protection, and real-time traffic monitoring. Everything you need to stop the vast majority of automated attacks.
Pro – Single Site
$60/year. Full RASP protection, A+ rated WAF, AI malware analysis, 30-day logs, and priority human support.
Pro – Multi-Site Volume Pricing
Managing multiple sites? The more you protect, the less you pay:
2-4 sites: $50/site per year
5-9 sites: $45/site per year
10-24 sites: $35/site per year
25-49 sites: $25/site per year
50+ sites: $20/site per year
Volume pricing is perfect for freelancers, agencies, and anyone managing WordPress sites for clients. Contact us for volume licensing.
How BitFire Compares
BitFire vs WordFence
WordFence is a solid product with a large team writing custom rules for known vulnerabilities. But there are two things you should know:
Free WordFence delays protection by 30 days. When a new vulnerability is found, paying WordFence customers get the fix immediately. Free users wait a full month. If your site is vulnerable, it will almost certainly be attacked before the free patch arrives.
WordFence relies on knowing about attacks in advance. With over 10,000 known WordPress vulnerabilities and fewer than 200 signatures, they simply cannot cover everything. BitFire’s RASP does not need to know about an attack in advance. It watches what code is actually doing and stops anything malicious, even brand-new attacks nobody has seen before.
If you do use WordFence, we strongly recommend only using the paid version.
Read the detailed BitFire vs WordFence comparison
Why Do Other Plugins Focus So Much on Cleaning Up Malware?
Good question. Notice how much other security plugins charge for malware removal and how much of their marketing is about finding infections?
A security plugin that does its job well should not need to clean malware off your site very often. If a plugin spends most of its energy on cleanup, that tells you something about how well it prevents attacks in the first place.
BitFire focuses on keeping malware off your site so you do not need to pay someone to remove it.
Privacy / Monitoring / Data Collection
We take your privacy seriously. Here is exactly what BitFire does with data:
Traffic inspection. BitFire inspects web traffic to your site to identify threats. Sensitive data like passwords and credit card numbers is automatically replaced with redacted in logs. You can add additional fields to filter in the settings.
Error reporting. If BitFire encounters a software error, it can send a report to our development team so we can fix it in the next release. No visitor data is included in these reports.
Malware hash checking. BitFire sends tiny numeric fingerprints (64-bit hashes) of your files to our hash server to check them against our database of known-good files. For example, a file might hash to the number 812612388126487. We never see your actual file contents, and your hashes are never stored on our servers.
Local data storage. All log data and configuration files are stored locally on your server in a hidden, randomly-named directory under wp-content/uploads/. This directory is protected by an .htaccess file and is not accessible from the web.
