內容簡介
**外掛總結:**
多年來,全球用戶因不安全的登錄頁面而面臨安全風險。WordPress 網站也不例外。我們的外掛通過將面部識別技術與傳統的用戶名和密碼結合,提供了一個創新的登錄安全解決方案。
**問與答:**
1. 什麼是我們的外掛主要解決的問題?
- 因不安全的登錄頁面導致的全球用戶面臨的安全風險。
2. 2FA 有哪些弱點?
- 魚叉式攻擊。
- 設備遺失或被竊。
- 基於短訊的 2FA 容易被 SIM 卡交換攻擊截取。
- 由於技術問題而導致用戶面臨訪問問題。
- 驗證應用程式可能存在安全漏洞。
3. 如何確保我們外掛的安全性?
- 通過臉部識別進行驗證,與安全的 Django 服務器通信,確保不會將敏感用戶數據存儲在 WordPress 數據庫中。
4. 我們外掛的主要功能有哪些?
- 使用簡單的網路攝像頭進行面部識別驗證。
- 在 WordPress 數據庫中不存儲用戶憑證。
- 通過加密的數據傳輸,外掛與服務器之間透過安全的 API 進行交互。
- 在 Django 服務器上使用 PBKDF2 密碼哈希增強安全性。
- 與 WordPress 登錄頁無縫集成,增加額外安全層級。
- 簡化用戶註冊過程,設置面部識別和憑證。
5. 我們外掛的選擇有何原因?
- 防範針對 WordPress 登錄頁的暴力攻擊。
- 消除對 WordPress 中弱密碼哈希機制的依賴。
- 通過不需昂貴硬件即可實現安全登錄,增強用戶體驗。
- 提供一個擴展至 WordPress 之外未來平台的可擴展解決方案。
外掛標籤
開發者團隊
② 後台搜尋「Facial Recognition Authentication」→ 直接安裝(推薦)
原文外掛簡介
For years, users worldwide have faced security risks due to insecure login pages. WordPress sites are no exception to these challenges. Our plugin provides an innovative solution for login security by integrating facial recognition technology with traditional username and password methods.
Currently, users log in using either a username and password or a Two-Factor Authentication (2FA) method. While 2FA enhances security, it has its own vulnerabilities:
Phishing attacks: Hackers can deceive users into entering their 2FA codes on fake websites.
Lost or stolen devices: If the device used to receive 2FA codes (e.g., a mobile phone) is lost or stolen, unauthorized access becomes possible.
SMS-based 2FA: SMS codes can be intercepted through SIM swapping attacks.
Access issues: Users may face challenges accessing 2FA codes due to technical issues.
Software flaws: Authentication apps can have security vulnerabilities.
Our plugin addresses these issues by leveraging facial recognition for authentication. When a user attempts to log in, our plugin communicates with a secure Django server for authentication, ensuring no sensitive user data is stored in WordPress databases. The facial recognition system can distinguish between a live user and a static photo, making unauthorized access virtually impossible.
For a complete tutorial on installing and using the plugin, watch this video.
Key Features:
Facial recognition authentication using a simple webcam.
No storage of user credentials in WordPress databases.
Interaction between the plugin and server is conducted through secure APIs with encrypted data transmission.
Enhanced security with PBKDF2 password hashing (870,000 iterations with salt) on the Django server.
Seamless integration with WordPress login pages, adding an extra layer of security.
Simplified registration process for users to set up facial recognition and credentials.
New Manage Account section for users to change their password, update photo, or delete their account, secured with OTP and facial recognition.
Activation email sent during registration, with a 24-hour expiration period.
Each user can only register with a single email address.
Why Choose Our Plugin?
Protects against brute-force attacks targeting WordPress login pages.
Eliminates reliance on weak password hashing mechanisms in WordPress.
Enhances user experience by enabling secure logins without expensive hardware.
Provides a scalable solution for future platforms beyond WordPress.
Try Our Demo Before Installing!
Want to test our plugin in a safe environment before installing it on your own site? We’ve set up a demo WordPress site where you can experience the plugin in action.
Email us at [[email protected]] to request access – we’ll send you the demo site link, along with a username and password to log in and test the plugin.
Once you’re satisfied, you can install it on your own WordPress site with confidence!
External Services
This plugin connects to an external Django server to perform facial recognition authentication. The communication between the plugin and the server is secure, ensuring the safety of user data through encrypted transmission.
Third-Party Service Details
Service Name: Django Server for Facial Recognition Authentication
Purpose: To authenticate users using facial recognition.
Data Sent:
During login:
Username and password entered by the user.
Facial image captured by the webcam for authentication.
During registration:
Username and password chosen by the user.
Facial image captured by the webcam to set up facial recognition.
Storage & Security:
All data is transmitted securely using SSL encryption.
Facial data is stored on our Django server with AES-256 encryption.
No facial data is stored in WordPress databases.
Conditions: Data is sent only when users initiate login or registration.
User Control: We’re working on adding a feature to let users delete their facial data in future updates. For now, contact our support team at [[email protected]] for assistance with data management.
Terms of Service: https://api.newwaypmsco.com/terms-of-service/
Privacy Policy: https://api.newwaypmsco.com/privacy-policy/
External API Endpoints Used:
https://api.newwaypmsco.com/api/user/login/
https://api.newwaypmsco.com/api/user/register/
By using this plugin, users acknowledge and agree to the terms and conditions outlined above.
Resources
This plugin uses the open-source SweetAlert library for user alerts. Non-minified source code is available in:
– assets/js/bootstrap.js (non-minified version)
– assets/js/sweetalert.min.js (SweetAlert library)
Official SweetAlert Website: https://sweetalert.js.org/
SweetAlert CDN: https://cdnjs.com/libraries/sweetalert/2.1.2
GitHub Repository: https://github.com/t4t5/sweetalert
