內容簡介
總結:
DreamCore Monitor 是一個功能強大的 WordPress 監控外掛,可為您的網站提供全面的安全性、性能和完整性洞見。
問題與答案:
1. DreamCore Monitor 是什麼類型的 WordPress 外掛?
- DreamCore Monitor 是一個功能強大的 WordPress 監控外掛,可以提供全面的網站安全、性能和完整性洞見。
2. 這個外掛連接到哪些外部服務?
- 這個外掛連接到 ip-api.com 進行 IP 地理位置定位,連接到 api.wordpress.org 獲取 WordPress 核心信息,以及到 api.github.com 進行增強型插件分析。
3. 這個外掛可以追蹤哪些內容的狀態?
- DreamCore Monitor 可以追蹤成功與失敗的登入嘗試、WordPress 核心版本狀態、插件、主題和檔案的整合度檢查等。
4. 安全功能有哪些特點?
- 這個外掛具備 API 金鑰驗證、REST API 端點的安全驗證、輸入的消毒和驗證、檔案完整性監控以及登入嘗試的追踪。
5. 該外掛的使用案例有哪些?
- 使用案例包括網站安全監控、後續管理、檔案完整性驗證、連接外部監控系統透過 REST API 和 WooCommerce 商店監控等。
外掛標籤
開發者團隊
原文外掛簡介
DreamCore Monitor is a powerful WordPress monitoring plugin that provides comprehensive insights into your website’s security, performance, and integrity.
External Services: This plugin connects to external services including ip-api.com for IP geolocation, api.wordpress.org for WordPress core information, and api.github.com for enhanced plugin analysis. See the “External Services” section below for complete details about data transmission and privacy.
Key Features
Login Monitoring – Track successful and failed login attempts with detailed information including IP addresses, user agents, and geographic data
WordPress Core Status – Monitor WordPress version and check for available updates
Plugin Monitoring – Track active plugins, their versions, and available updates with intermediate version information
Theme Monitoring – Monitor active theme status and available updates
File Integrity Checking – Verify WordPress core files against official checksums to detect unauthorized modifications
WooCommerce Integration – Monitor recent orders when WooCommerce is active
REST API Support – External access to monitoring data via secure API endpoints
Sync Functionality – Incremental data synchronization with external monitoring systems
Security Features
API key verification with external monitoring systems
Secure authentication for REST API endpoints
Input sanitization and validation
File integrity monitoring with checksum verification
Login attempt tracking with geographic information
Nonce protection for form submissions
REST API Endpoints
When an API key is configured, the following endpoints are available:
/wp-site-monitor/v1/site-info – General site information
/wp-site-monitor/v1/logins – Login attempt logs
/wp-site-monitor/v1/logins/sync – Incremental login data sync
/wp-site-monitor/v1/core-version – WordPress core version status
/wp-site-monitor/v1/plugins – Active plugins information
/wp-site-monitor/v1/themes – Theme information
/wp-site-monitor/v1/integrity – File integrity check results
/wp-site-monitor/v1/orders – WooCommerce orders (if WooCommerce is active)
Use Cases
Website Security Monitoring – Track login attempts and detect suspicious activity
Maintenance Management – Monitor WordPress core, plugin, and theme updates across multiple sites
File Integrity Verification – Detect unauthorized changes to WordPress core files
External Monitoring Integration – Connect with external monitoring systems via REST API
WooCommerce Store Monitoring – Keep track of recent orders and store activity
Requirements
WordPress 5.0 or higher
PHP 7.4 or higher
Optional: WooCommerce plugin for order monitoring features
External Services
This plugin connects to the following external services to provide its functionality:
IP Geolocation Service (ip-api.com)
Purpose: Obtain geographical location information for login monitoring and security analysis
Data sent: User’s IP address only
When: Each time a user logs in to your WordPress site (if geolocation is enabled)
Frequency: Once per login attempt
Data retention: This plugin does not store data from this service permanently
Privacy Policy: http://ip-api.com/docs/legal
Terms of Service: http://ip-api.com/docs/legal
User Control: Site administrators can disable geolocation in plugin settings
WordPress Core API (api.wordpress.org)
Purpose: Check for available WordPress core updates, plugin information, and core file checksums
Data sent: Current WordPress version, site URL (as User-Agent header), plugin slugs, and locale information
When: During scheduled update checks and plugin analysis (typically daily)
Frequency: Multiple times per day during normal plugin operation
Data retention: This plugin does not store data from this service permanently
Privacy Policy: https://wordpress.org/about/privacy/
Terms of Service: https://wordpress.org/about/gpl/
User Control: This is essential for plugin functionality and cannot be disabled
GitHub API (api.github.com)
Purpose: Analyze plugin update information from GitHub repositories for enhanced update type detection
Data sent: Repository information and release data requests
When: During plugin update analysis (when available)
Frequency: During plugin update checks (typically daily)
Data retention: This plugin caches repository information temporarily (24 hours)
Privacy Policy: https://docs.github.com/en/site-policy/privacy-policies/github-privacy-statement
Terms of Service: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service
User Control: This is part of the enhanced plugin analysis feature
Data Handling and Privacy
Local Storage: All monitoring data is stored locally in your WordPress database
No Personal Data: The plugin does not collect personal user information beyond what’s necessary for monitoring
Data Retention: Login logs are automatically deleted based on your configured retention period (default: 90 days)
External Transmission: Data is only sent to external services as described above
User Rights: Site administrators can clear all plugin data at any time
GDPR Compliance
This plugin respects user privacy and GDPR guidelines:
* IP address geolocation is optional and can be disabled
* Login monitoring data is stored locally and automatically purged
* No personal data is transmitted to external services beyond IP addresses for geolocation
* Users can request deletion of their monitoring data through the site administrator
Disabling External Services
Geolocation: Can be disabled in plugin settings (Settings > Geolocation)
WordPress API: Cannot be disabled as it’s essential for core functionality
GitHub API: Used automatically when available, no separate disable option
Privacy Policy
Data Collection
DreamCore Monitor collects and stores the following information locally in your WordPress database:
Login Attempts: Usernames, IP addresses, user agents, timestamps, and login success/failure status
System Information: WordPress version, plugin/theme information, file checksums
WooCommerce Data: Order information if WooCommerce is active (order IDs, customer names, amounts, status)
External Services
This plugin connects to external services as detailed in the “External Services” section above:
* IP geolocation via ip-api.com (optional)
* WordPress core information via api.wordpress.org (required)
* GitHub repository analysis via api.github.com (automatic)
Data Retention
Login logs are automatically deleted based on your configured retention period (default: 90 days)
System monitoring data is refreshed during each check
External service data is not stored permanently
User Rights
Site administrators can clear all plugin data at any time
Geolocation can be disabled in plugin settings
Users can request deletion of their login attempt data through the site administrator
GDPR Compliance
This plugin respects user privacy and follows GDPR guidelines. No personal data is transmitted to external services except IP addresses for optional geolocation purposes..
