[WordPress] 外掛分享: Ghostables Defender Lite

首頁外掛目錄 › Ghostables Defender Lite
WordPress 外掛 Ghostables Defender Lite 的封面圖片
全新外掛
安裝啟用
尚無評分
23 天前
最後更新
問題解決
WordPress 6.0+ PHP 7.4+ v0.1.6 上架:2026-06-22

外掛標籤

開發者團隊

⬇ 下載最新版 (v0.1.6) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「Ghostables Defender Lite」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

Ghostables Defender Lite is a free, fully functional security plugin for WordPress. Nothing in it is locked, limited, or gated behind a licence — every feature below works out of the box:

Continuous vulnerability scanning against installed plugins, themes, and WordPress core
Cryptographic file integrity baseline with daily drift detection
WordPress hardening checklist with one-click safe fixes
Per-user TOTP two-factor authentication (Google Authenticator, Authy, 1Password)
Tamper-evident audit log — events are linked together so any deletion is detectable, with a free, user-configurable retention period
Operator gate — a PIN above WordPress admin so a compromised super-admin cannot silently disable the plugin

Built by Ghostables Ltd. Opinionated about defaults. Honest about what each setting actually does.
Is anything locked or limited?
No. Defender Lite is free and complete — no nag screens, no crippled features, no trial period, no usage quota. The audit-log retention period is a setting you control (default 90 days; set it to keep everything forever). Every feature listed above is the real thing.
Is there a more advanced version?
Yes — Ghostables Defender is a separate, more advanced plugin distributed from ghostables.io. It is not part of this plugin and is not required to use Defender Lite. It adds capabilities such as a behavioural firewall, malware quarantine, Cloudflare edge sync, webhook alerts, encrypted backups, and more. The “More Security” page inside Defender Lite lists what it adds, purely for information.
Coexistence with the separate plugin
If you install the separate Ghostables Defender plugin, Defender Lite steps aside automatically so the two don’t run side by side. Your settings (Operator PIN, hardening fixes, baseline, audit chain) are preserved across the handover. Defender Lite remains free and fully functional whether or not you ever install it.
External services
This plugin connects to one external service: the public WordPress Vulnerability Database operated by the WPVulnerability project at https://www.wpvulnerability.net/.

What is sent: an HTTP GET request to https://www.wpvulnerability.net/plugin/{slug}/, https://www.wpvulnerability.net/theme/{slug}/, or https://www.wpvulnerability.net/core/{wp-version}/ — one URL per installed component being checked. The request body is empty. The only request headers are Accept: application/json and a User-Agent of the form GhostablesDefenderLite/. No site URL, no admin email, no IP-derived identifier — only the slug of the component being queried and the User-Agent itself.
What is received: a JSON record listing publicly disclosed vulnerabilities affecting that single component, with affected version ranges and severity scores. The plugin compares this against the locally-installed version and stores any open findings in the plugin’s own database table.
When it is sent: at most once per installed component per 24 hours. Each per-slug response is cached locally in a WordPress transient, so the twice-daily scan cron only triggers fresh HTTP requests when the cache has expired.
Service provider: The WPVulnerability Project (operated by ROBOTSTXT and contributors). Service licence (EUPL v1.2, GPL-compatible): https://www.wpvulnerability.com/license/. Privacy policy: https://www.wpvulnerability.com/privacy/.

No other outbound network traffic originates from this plugin. The two-factor QR code is rendered locally in the operator’s browser using a vendored MIT-licensed JavaScript library — the TOTP secret is never transmitted to any third party.

延伸相關外掛

文章
Filter
Apply Filters
Mastodon