[WordPress] 外掛分享: Gatewarden

首頁外掛目錄 › Gatewarden
WordPress 外掛 Gatewarden 的封面圖片
全新外掛
安裝啟用
尚無評分
2 天前
最後更新
問題解決
WordPress 6.5+ PHP 8.0+ v1.0.0 上架:2026-07-14

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.0.0) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「Gatewarden」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

Gatewarden provides a modular security and mail-delivery layer for WordPress and WooCommerce. The interface and source strings are written in English and are translation-ready through the gatewarden text domain.
All public protection, integration, privacy, event-logging, notification, SMTP, and uninstall-cleanup modules are disabled by default. Administrators enable only the features required by the site.
CAPTCHA providers

Google reCAPTCHA v2.
Google reCAPTCHA v3.
Cloudflare Turnstile.

WordPress protection

Login.
Registration.
Lost password.
Password reset.
Comments.

WooCommerce protection

My Account login and registration.
Lost-password and reset-password forms.
Checkout login.
Account creation during classic checkout.
Account creation during Checkout Block checkout.

Security, observability, and email features

Configurable failed-login limits by IP address, username, or IP address and username.
Progressive lockout durations with a configurable multiplier and maximum duration.
Optional neutral account messages for login, registration, and password-recovery flows.
One indexed audit stream with focused Authentication, CAPTCHA, Account activity, and Email views.
Searchable, filterable, sortable, paginated, clearable, and CSV-exportable activity logs.
WordPress-native list tables with Screen Options for visible columns and rows per page.
Human-readable event details instead of raw JSON in the administration interface and CSV exports.
A Gatewarden dashboard with login, lockout, CAPTCHA, email, provider, integration, and recent-event metrics.
A compact WordPress Dashboard widget for administrators.
Optional email alerts for selected lockouts, logins, registrations, password events, CAPTCHA service errors, and SMTP failures.
Configurable alert recipients, successful-login scope, minimum lockout duration, and duplicate-alert cooldown.
Optional approximate IP location from server headers or an explicit IPWHOIS.io lookup.
Optional standard SMTP delivery with sender, host, port, encryption, authentication, timeout, certificate verification, protected credentials, and a test tool.
Credential-redacted SMTP diagnostics that classify DNS, connection, timeout, TLS, authentication, relay, sender, recipient, and message-policy failures.
SMTP outcome logging that excludes message bodies, attachments, passwords, and complete recipient addresses.
Configurable log retention and optional data removal on uninstall.
Secret-key and SMTP-password controls that never render a stored secret in administration HTML.
Responsive CAPTCHA wrappers for WordPress and WooCommerce forms.

Gatewarden stores security events and lockout state in site-prefixed custom database tables created through the WordPress database API. Records can include IP addresses and submitted usernames. Configure event logging, alerting, and retention according to the site’s privacy and operational requirements.
To disable public Gatewarden protection during an emergency, add this to wp-config.php:
define( 'GATEWARDEN_DISABLE', true );

Administrators with the manage_options capability see a warning while the emergency bypass is active.
The default allowed CAPTCHA verification hostname is taken from home_url(). Additional explicit hostnames can be supplied through the gatewarden_allowed_hostnames filter.
External services
Gatewarden connects to an external service only after the relevant feature is explicitly configured and enabled by an administrator.
Google reCAPTCHA
When Google reCAPTCHA v2 or v3 is selected, Gatewarden loads Google’s reCAPTCHA JavaScript from www.google.com on protected forms and sends the generated response token and configured secret key to Google’s verification endpoint. Gatewarden does not include the visitor’s IP address in the server-side verification request. Google’s client-side service may process browser and device data under Google’s terms.

Service: https://www.google.com/recaptcha/about/
Privacy policy: https://policies.google.com/privacy
Terms: https://policies.google.com/terms

Cloudflare Turnstile
When Cloudflare Turnstile is selected, Gatewarden loads the Turnstile JavaScript from challenges.cloudflare.com on protected forms and sends the generated response token and configured secret key to Cloudflare’s verification endpoint. Gatewarden does not include the visitor’s IP address in the server-side verification request. Cloudflare’s client-side service may process browser and device data under Cloudflare’s policies.

Service: https://www.cloudflare.com/products/turnstile/
Privacy policy: https://www.cloudflare.com/privacypolicy/
Terms: https://www.cloudflare.com/website-terms/

Administrator-configured SMTP server
When SMTP is enabled, WordPress sends outgoing message content, recipient addresses, and sender details to the SMTP server configured by the administrator. The server may be operated by any provider selected by the site owner. Gatewarden stores the configured SMTP password in the WordPress options table, never renders the stored password in administration HTML, and supplies it only to the configured host during SMTP authentication. Review the selected provider’s privacy policy and terms before enabling SMTP.
IPWHOIS.io
Approximate location is disabled by default. When an administrator enables location in security notifications and explicitly selects IPWHOIS.io, Gatewarden sends the event IP address to ipwho.is and requests country, region, and city data. The result is cached on the WordPress site for 24 hours. Server-header location mode does not make this external request.

Service and documentation: https://ipwhois.io/documentation
Privacy policy: https://ipwhois.io/privacy
Terms: https://ipwhois.io/terms

延伸相關外掛

文章
Filter
Apply Filters
Mastodon