[WordPress] 外掛分享： HT Security

內容簡介

HT Security 是一款完整的 WordPress 安全套件，提供多層保護來確保網站安全。透過與國家漏洞資料庫 (NVD) 的整合，該外掛能夠檢測已知的 CVE 漏洞，並提供即時的安全警報與防護措施。

【主要功能】
• 安全標頭設定：HSTS、X-Frame-Options、Content-Security-Policy 等
• 登入警報：成功與失敗登入嘗試的電子郵件通知
• 核心完整性檢查：驗證 WordPress 核心檔案的官方校驗和
• CVE 漏洞檢測：檢查 WordPress 核心與活動外掛的漏洞
• 使用者枚舉保護：透過 REST API 阻擋使用者枚舉
• 維護模式：支援授權 IP 白名單的維護模式

外掛標籤

開發者團隊

原文外掛簡介

HT Security is a complete security suite for WordPress, offering multiple layers of protection for your website.
Important – External Service:
This plugin queries the National Vulnerability Database (NVD) API to check for known CVE vulnerabilities. Requests are made to:
* API URL: https://services.nvd.nist.gov/rest/json/cves/2.0
* Terms of Use: https://nvd.nist.gov/general/legal-disclaimer
* Privacy Policy: https://www.nist.gov/privacy-policy
* Frequency: Automatic check every 12 hours or manual on-demand
* Data sent: Name and version of WordPress/installed plugins (no personal data is sent)
The NVD API query is essential for the plugin’s CVE vulnerability detection functionality.
Key Features

Security Headers – HSTS, X-Frame-Options, Content-Security-Policy, and more
Login Alerts – Email notifications for successful and failed login attempts with rate limiting
Core Integrity Check – Verify WordPress core files against official checksums with 24h cache
CVE Vulnerability Detection – Check WordPress Core and active plugins against NVD database
User Enumeration Protection – Block user enumeration via REST API and author parameters
Maintenance Mode – Maintenance mode with authorized IP whitelist (IPv4, IPv6, CIDR support)
File Permissions Audit – Audit and automatic correction of critical file permissions
Plugin Security Indicators – Visual badges on plugins page showing vulnerability status

CVE Detection Features

Integration with NVD (National Vulnerability Database) API 2.0
Check WordPress Core and active plugins for known vulnerabilities
Intelligent batch processing with rate limiting
8 layers of anti-false-positive validation
Vulnerability badges on plugins page (enable/disable option)
Dismissible alerts per user
Email notification when vulnerabilities are detected
Automatic check every 12 hours
NVD API Key support (increased rate limit)

Security Improvements in v1.5.0

IP Spoofing Fix – Properly detects real IP behind Cloudflare, proxies, and load balancers
Capability Check Fix – Authorization verified before processing
Rate Limiting by IP – More granular rate limiting for login alerts
Input Validation – Maximum length validation for feedback form

Supported Languages

English (US) – 100%
English (UK) – 100%
Português do Brasil – 100%
Português de Portugal – 100%
Español – 100%

License
This plugin is licensed under the GNU General Public License v2.0 or later. For more information, visit https://www.gnu.org/licenses/gpl-2.0.html.

延伸相關外掛

Headers Security Advanced & HSTS WPHeaders Security Advanced & HSTS WP 是一款免費的 Word...WP Hide & Security EnhancerWP Hide & Security Enhancer 外掛能有效隱藏您的 WordPr...Unique Headers特點 Unique Headers Plugin 從文章/頁面編輯畫面中新增一個...Redirect使用此外掛，您可以在下拉選單或手動輸入網址的方式下，輕鬆...Host Header Injection Fix 啟動自訂 WP 電子郵件通知的標題 同時也是針對 WP < 5....Genesis Simple Headers這款外掛讓您可以使用 WordPress 的外觀 -> 標題功能，透...Add Custom Header Images此外掛可移除佈景主題的預設頁首圖片，從『頁首』頁面載入自...J7 Beaver Header Footer Templates 相容於 Beaver Builder 主題 你可以透過 Beaver Builder 外...Last-Modified and If-Modified-Since Headers此外掛可將「最後修改日期」標頭添加到每篇文章中，並在客戶...HTTP/1.1 403 Forbidden header on a failed login此外掛在登入失敗時發送「HTTP/1.1 403 Forbidden」標頭，而...Security HardenerSecurity Hardener 依據 WordPress 官方進階管理文件中的安全...WordPress Head Cleaner從您的 WordPress 標頭中刪除不需要的標籤。 header.php 模板..."SEO-HEADERS-Easy" Protocol HTTP 1.1英文 此外掛可發送 Last Modified、Cache Control 和 304 Not...Secure HTTP HeadersSecure HTTP Headers 可自動分析網站並套用最佳安全 HTTP 標...LowerMedia Sticky.js MenusSticky Headers, Menus, Widgets, Anything! 這個 WordPress ...