內容簡介
WordPress有一個9年未解決的安全漏洞,它不能正確驗證傳入的評論。
攻擊者可以欺騙匿名和已登入的使用者在受害者網站上張貼評論,而使用他們自己的憑據。
請參閱此問題以獲取更多資訊:https://core.trac.wordpress.org/ticket/10931
這個小型 (不到 40 個有效碼行) 的模組在評論表單中添加了一個安全令牌,在接受任何評論之前對其進行驗證,因此使您的評論表單安全,就像它們已經在所有這些年中所應該做的安全一樣!
此外,它不提供使用者介面 - 只需安裝它,您就已經完成了設置!
此外掛會在評論表單中添加一個秘密的加密安全令牌。這是一個唯一的值,算法上無法猜測。
當評論提交時,如果未出現或計算上無效的秘密令牌,則會拒絕評論。
外掛標籤
開發者團隊
原文外掛簡介
WordPress has a 12-year-old unfixed security vulnerability that it does not properly validate incoming comments.
An attacker can trick both anonymous and logged-in users to post comments on a victim site without them realizing, while using their own credentials.
See this issue for more information: https://core.trac.wordpress.org/ticket/10931
This is a tiny (fewer than 40 effect lines of code) module that adds a secure token to the comment form and validate it before accepting any comment, thus making your comment forms secure as they should\’ve been for all these years!
It provides no UI – just install it, and you are all set!
This plugin adds a secret cryptographically-secure token to the comment form. This is a unique value and is computationally impractical to guess it.
Upon comment submission, the comment is rejected if the secret tokens are not present or computationally invalid.
