前言介紹
- 這款 WordPress 外掛「ForceField」是 2021-02-28 上架。
- 目前有 10 個安裝啟用數。
- 上一次更新是 2024-07-11,距離現在已有 297 天。
- 外掛最低要求 WordPress 4.0.0 以上版本才可以安裝。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
majick |
外掛標籤
xml-rpc | api access | bot protect | admin protect | login protect |
內容簡介
ForceField 外掛增加了多層安全性,限制訪問常見的黑客攻擊途徑。通過更加明確且智能的請求篩選方式,允許執行許可的操作繼續進行,但擋住了不被允許或未經明確授權的操作。
ForceField 不是「防火牆」,也不是全面安全插件的替代品,而是旨在補充和增強現有安全措施的功能,添加了一些在其他地方難以找到的獨特和創新的保護功能,包括:
將登錄 / 註冊行為進行令牌化處理和記錄
保護白名單管理員和用戶角色
限制 WordPress API 訪問和端點
跟踪機器人行為並阻止重複違規者
定期檢查已知的漏洞
令牌保護
可以輕鬆減少暴力破解密碼攻擊、SPAM 評論、假用戶註冊和 Sploggers!將動態 Javascript Token 字段添加到所有常見的用戶操作表單:登錄、註冊(選擇性支持BuddyPress註冊)、網誌註冊(僅適用於多網站模式)、忘記密碼和評論。您可以調整設置以應用於任何一個或全部,根據需要進一步精細控制。
由於大多數機器人沒有能力或時間識別並處理 Javascript 字段,它們通過這些操作的嘗試會被立即阻止,重複違規者會被禁止 IP,這可實現無縫且隱藏的保護(無需煩人的 ReCaptcha 字段)。
登錄角色保護
對於註冊其自己的管理員帳戶或升級其用戶特權的駭客,它是最後的防線!自動阻止、通過電子郵件通知、撤銷角色和/或降級為訂閱者任何登錄的「管理員」帳戶,如果未在驗證的管理員用戶名單中,則自動執行。再見了源源不斷的特權攻擊!
API 保護
添加了多種限制訪問 XML RPC 和 REST API 功能的方法。即使可以禁用這些功能,但還提供了其他幾種選項,可以嚴格限制機器人和其他未授權訪問,同時仍然能夠按照預期使用這些功能!本插件的目的之一是為每個人提供這些選項,而無需編寫它們:多重請求減速、禁用 XML RPC 登錄、僅已登錄的訪問、限制訪問指定的用戶角色和要求安全連接。
行為保護
ForceField 還會在自定義表格中記錄對缺少 referer 標頭、缺少或有問題的令牌和其他惡意行為的訪問。對於任何特定操作的違規限制超出規定次數後,會導致該 IP 被禁止。透過冷卻時間減少違規發生率,舊紀錄過期並稍後刪除(可調整的間隔)。此過程可在保持對新攻擊的保護的同時,使數據庫免於被過時的紀錄膨脹。此外,該外掛還提供了一個表單,讓被封鎖了 IP 的用戶可以手動解除封鎖,以防止自己被鎖定在網站外!
漏洞檢查
根據所設置的頻率檢查您安裝的核心、插件和主題是否存在已知漏洞。發現新漏洞時,會發送電子郵件警報並在管理員通知中提供信息,提前通知您需要採取行動的更新。(注意:此功能已完成,但目前正在重新進行更全面的測試,即將在插件的未來版本中包含。如果您想要自行測試它,可以從
原文外掛簡介
Adds several layers of security to restrict access to common hacking attack vectors. By filtering requests in a more specific and intelligent way, ForceField allows permitted actions to continue unaltered, but blocks actions that are disallowed or not explicitly unauthorized.
ForceField is not a “firewall” – nor a replacement for a comprehensive security plugin, but rather is intended to complement and enhance your existing security measures, by adding some unique and innovative protection features not easily found elsewhere. These include:
tokenizing and recording login/registration behaviour
protecting whitelisted administrator and user roles
restricting WordPress API access and endpoints
tracking bot behavior and blocking repeat transgressors
periodically checking for known vulnerabilities
Tokenized Protection
Easily reduce Brute Force Password attacks, SPAM Comments, Fake User Registrations and Sploggers! Adds a dynamic Javascript Token field to all common user action forms: Login, Registration (and optionally BuddyPress Registration), Blog Signup (Multisite only), Lost Password and Commenting. You can adjust the settings to apply to any or all of these, giving you more fine-grained control as needed.
Since the majority of bots do not have the capacity or time to recognize and process javascript fields, their attempts at access via these actions are instantly blocked – with repeat offender getting IP banned from further attempts. This gives seamless and invisible protection (without needing an annoying ReCaptcha field.)
Login Role Protection
A last line of defense against hackers who have managed to “somehow” create their own administrator account or escalate their user priveleges! Automatically block, notify by email, revoke role and/or demote to subscriber any “administrator” account that logs in who is not in an explicitly allowed list of verified administrator usernames. Goodbye escalated privelege attack!
API Protection
Adds several ways to restrict access to XML RPC and REST API features. While these can be disabled, there are several other options provided to severely limit bot and other unauthorized access while still being able to use these features as intended! Part of the aim of this plugin is to make these options available for everyone without needing to code them: Multiple request slowdown, disable XML RPC logins, logged in access only, restrict access to specified user roles, and require secure connection.
Behavioural Protection
ForceField also records access to user actions missing referer headers, missing or bad tokens, and other bad behaviours in a custom table. Reaching transgression limits for any specific action results in an IP ban. Transgression occurrences are reduced via cooldown over time, with old records expired and later deleted (with intervals adjustable.) This process keeps protection high for fresh attacks while keeping the database free of old record bloat. Also gives the option to output a form to banned IPs so users can unblock themselves manually in case of false positives (and so you don’t lock yourself out of your site!)
Vulnerability Check
Checks your installed core, plugins and themes for known vulnerabilities, according to the frequency you set for each. Then sends email alerts and provides an Admin Notice for any new vulnerabilities when they found, giving you a heads up on updates that require action. (Note: This feature is complete but currently being retested more extensively before being included in the plugin in an upcoming version. If you wish to test it out yourself beforehand, you can download the plugin from Github repository.)
ForceField Home
Support Forum
ForceField Home
Like this plugin? Check out more of our free plugins here:
WordQuest
Looking for an awesome theme? Check out my child theme framework:
BioShip Child Theme Framework
Support
For support or if you have an idea to improve this plugin:
ForceField Support Quests
Contribute
Help support improvements and log priority feature requests by a gift of appreciation:
Contribute to ForceField
Development
To aid directly in development, please fork on Github and do a pull request:
ForceField on Github
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「ForceField」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.0.7 | 1.0.8 | trunk |
延伸相關外掛(你可能也想知道)
暫無相關外掛推薦。