前言介紹
- 這款 WordPress 外掛「Facial Recognition Authentication」是 2025-02-12 上架。
- 目前尚無安裝啟用數,是個很新的外掛。如有要安裝使用,建議多測試確保功能沒問題!
- 上一次更新是 2025-03-09,距離現在已有 56 天。
- 外掛最低要求 WordPress 5.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
login security | facial recognition | wordpress security | two factor authentication |
內容簡介
**外掛總結:**
多年來,全球用戶因不安全的登錄頁面而面臨安全風險。WordPress 網站也不例外。我們的外掛通過將面部識別技術與傳統的用戶名和密碼結合,提供了一個創新的登錄安全解決方案。
**問與答:**
1. 什麼是我們的外掛主要解決的問題?
- 因不安全的登錄頁面導致的全球用戶面臨的安全風險。
2. 2FA 有哪些弱點?
- 魚叉式攻擊。
- 設備遺失或被竊。
- 基於短訊的 2FA 容易被 SIM 卡交換攻擊截取。
- 由於技術問題而導致用戶面臨訪問問題。
- 驗證應用程式可能存在安全漏洞。
3. 如何確保我們外掛的安全性?
- 通過臉部識別進行驗證,與安全的 Django 服務器通信,確保不會將敏感用戶數據存儲在 WordPress 數據庫中。
4. 我們外掛的主要功能有哪些?
- 使用簡單的網路攝像頭進行面部識別驗證。
- 在 WordPress 數據庫中不存儲用戶憑證。
- 通過加密的數據傳輸,外掛與服務器之間透過安全的 API 進行交互。
- 在 Django 服務器上使用 PBKDF2 密碼哈希增強安全性。
- 與 WordPress 登錄頁無縫集成,增加額外安全層級。
- 簡化用戶註冊過程,設置面部識別和憑證。
5. 我們外掛的選擇有何原因?
- 防範針對 WordPress 登錄頁的暴力攻擊。
- 消除對 WordPress 中弱密碼哈希機制的依賴。
- 通過不需昂貴硬件即可實現安全登錄,增強用戶體驗。
- 提供一個擴展至 WordPress 之外未來平台的可擴展解決方案。
原文外掛簡介
For years, users worldwide have faced security risks due to insecure login pages. WordPress sites are no exception to these challenges. Our plugin provides an innovative solution for login security by integrating facial recognition technology with traditional username and password methods.
Currently, users log in using either a username and password or a Two-Factor Authentication (2FA) method. While 2FA enhances security, it has its own vulnerabilities:
Phishing attacks: Hackers can deceive users into entering their 2FA codes on fake websites.
Lost or stolen devices: If the device used to receive 2FA codes (e.g., a mobile phone) is lost or stolen, unauthorized access becomes possible.
SMS-based 2FA: SMS codes can be intercepted through SIM swapping attacks.
Access issues: Users may face challenges accessing 2FA codes due to technical issues.
Software flaws: Authentication apps can have security vulnerabilities.
Our plugin addresses these issues by leveraging facial recognition for authentication. When a user attempts to log in, our plugin communicates with a secure Django server for authentication, ensuring no sensitive user data is stored in WordPress databases. The facial recognition system can distinguish between a live user and a static photo, making unauthorized access virtually impossible.
For a complete tutorial on installing and using the plugin, watch this video.
Key Features:
Facial recognition authentication using a simple webcam.
No storage of user credentials in WordPress databases.
Interaction between the plugin and server is conducted through secure APIs with encrypted data transmission.
Enhanced security with PBKDF2 password hashing (870,000 iterations with salt) on the Django server.
Seamless integration with WordPress login pages, adding an extra layer of security.
Simplified registration process for users to set up facial recognition and credentials.
New Manage Account section for users to change their password, update photo, or delete their account, secured with OTP and facial recognition.
Activation email sent during registration, with a 24-hour expiration period.
Each user can only register with a single email address.
Why Choose Our Plugin?
Protects against brute-force attacks targeting WordPress login pages.
Eliminates reliance on weak password hashing mechanisms in WordPress.
Enhances user experience by enabling secure logins without expensive hardware.
Provides a scalable solution for future platforms beyond WordPress.
Try Our Demo Before Installing!
Want to test our plugin in a safe environment before installing it on your own site? We’ve set up a demo WordPress site where you can experience the plugin in action.
Email us at [[email protected]] to request access – we’ll send you the demo site link, along with a username and password to log in and test the plugin.
Once you’re satisfied, you can install it on your own WordPress site with confidence!
External Services
This plugin connects to an external Django server to perform facial recognition authentication. The communication between the plugin and the server is secure, ensuring the safety of user data through encrypted transmission.
Third-Party Service Details
Service Name: Django Server for Facial Recognition Authentication
Purpose: To authenticate users using facial recognition.
Data Sent:
During login:
Username and password entered by the user.
Facial image captured by the webcam for authentication.
During registration:
Username and password chosen by the user.
Facial image captured by the webcam to set up facial recognition.
Storage & Security:
All data is transmitted securely using SSL encryption.
Facial data is stored on our Django server with AES-256 encryption.
No facial data is stored in WordPress databases.
Conditions: Data is sent only when users initiate login or registration.
User Control: We’re working on adding a feature to let users delete their facial data in future updates. For now, contact our support team at [[email protected]] for assistance with data management.
Terms of Service: https://api.newwaypmsco.com/terms-of-service/
Privacy Policy: https://api.newwaypmsco.com/privacy-policy/
External API Endpoints Used:
https://api.newwaypmsco.com/api/user/login/
https://api.newwaypmsco.com/api/user/register/
By using this plugin, users acknowledge and agree to the terms and conditions outlined above.
Resources
This plugin uses the open-source SweetAlert library for user alerts. Non-minified source code is available in:
– assets/js/bootstrap.js (non-minified version)
– assets/js/sweetalert.min.js (SweetAlert library)
Official SweetAlert Website: https://sweetalert.js.org/
SweetAlert CDN: https://cdnjs.com/libraries/sweetalert/2.1.2
GitHub Repository: https://github.com/t4t5/sweetalert
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Facial Recognition Authentication」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.1.0 | 1.1.1 | trunk |
延伸相關外掛(你可能也想知道)
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall 》Limit Login Attempts Reloaded 是一款WordPress外掛,可阻止暴力破解攻擊並透過限制常規登錄、XMLRPC、Woocommerce和自訂登錄頁面的登錄嘗試次數來優化您的...。
All-In-One Security (AIOS) – Security and Firewall 》vated to your website, All-in-One Security's WAF will detect and block hacking attempts, adding an extra layer of security to your WordPress site. ...。
Defender Security – Malware Scanner, Login Security & Firewall 》our WordPress website with Defender. This plugin offers comprehensive security features that protect against various vulnerabilities and hacks, inc...。
Wordfence Login Security 》WORDFENCE 登入安全性, Wordfence 登入安全性包含在完整的 Wordfence 插件中發現的功能子集:雙因素驗證、XML-RPC 保護和登入頁 CAPTCHA。, 你正在尋找全面的...。
BulletProof Security 》WordPress 安全防護:惡意軟體掃描器、防火牆、登入安全、資料庫備份、反垃圾郵件等功能,下列為安全性功能的重點,詳細說明請參見下方 FAQ 幫助節點內的 Bul...。
DoLogin Security 》透過一個點擊,您的 WordPress 登入頁面即會啟用智慧式防範 Brute Force 攻擊的保護機制!預設值為 6 次登入嘗試在 10 分鐘內之內限制。, 透過登入與驗證 coo...。
Limit Login Attempts 》ck IP addresses and user agents that are linked to suspicious activity or attacks on your website., DOS Protection – Protect your website from a De...。
MelaPress Login Security 》提高 WordPress 登入安全性,實現自定義安全 WordPress 登入策略, 透過將自己置於驅動器座位的策略,實現更好的 WordPress 登入安全性。這些登入安全策略具有...。
WordPress Brute Force Protection – Stop Brute Force Attacks 》er a certain number of failed login attempts. However, this can also lead to locking out genuine users who simply forgot their password or mistyped...。
Cartpauj Register Captcha 》Cartpauj Register Captcha 的功能非常簡單,但非常有效。它能透過 WordPress 的預設註冊表單防止垃圾郵件註冊。不需要任何配置或設置,只需要啟用插件,就能...。
Block wp-login 》 封鎖 wp-login.php 存取的外掛程式 , 此外掛程式執行以下功能:, , 尋找你的 WordPress 安裝位置中的 wp-login.php 並進行複製, 尋找 .htaccess 檔案並插入...。
Power Captcha reCAPTCHA 》以下是對於這篇文章的總結點:, , - 使用 Google reCAPTCHA 來保護你的 WordPress/WooCommerce 網站免受垃圾郵件、暴力攻擊和假帳號的侵害。, - Power Captch...。
Apocalypse Meow 》Apocalypse Meow 的主要重點是解決關於使用者帳號和登入相關的 WordPress 安全問題,包括以下事項:, , 暴力登入保護;, 可自訂的密碼強度需求;, XML-RPC 存...。
Kaya Login Captcha 》為什麼要使用「Kaya Login Captcha」?, 這個外掛在登入、註冊和忘記密碼表單上加入簡易驗證碼。, 安裝使用簡單,驗證碼設定可以完全自定義,你可以選擇要在...。
Virus Finder 》使用 wphospital.hu 外掛,尋找您網站中的病毒。此外掛會分析所有的檔案並顯示可疑及病毒檔案。, 隨後您可以手動審查並解決問題!。