前言介紹
- 這款 WordPress 外掛「Identityplus」是 2016-11-07 上架。
- 目前有 10 個安裝啟用數。
- 上一次更新是 2023-01-03,距離現在已有 852 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
- 外掛最低要求 WordPress 3.9 以上版本才可以安裝。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
shfarr |
外掛標籤
spam | 2factor | comments | security | authentication |
內容簡介
Identityplus 是一個基於 PKI (公開金鑰基礎架構) 的全新安全解決方案,稱之為信任網路。它提供一體化的二(偶爾三)因素身份驗證和 TLS 級別身份認證,讓您的網站比以往更加安全。此外,它還讓網站所有者通過允許他們對證書和所有者進行反饋,共同捍衛犯罪行為。使用 Identityplus,當一個垃圾郵件被舉報時,我們不僅可以防止同樣垃圾郵件在其他地方發布,還可以有效地防止垃圾郵件發送者在任何其他地方派送任何其他種類的垃圾郵件。繼續閱讀以瞭解這種強大技術的簡要介紹。
登錄前的登錄
為什麼 Identityplus 比任何二因素身份驗證都要好……
當您處理應用程式級登錄時,無論是一個因素、兩個因素還是任何因素,您都需要一個登錄頁面。由於這個頁面必須在看到訪問者之前加載,因此 WordPress 對重複登錄嘗試提供保護。這可以在一定程度上阻止機器人,但如果您有應用程式漏洞,黑客可以用它來繞過登錄,無論您是否忘記更新 WordPress 或出現 PHP 的零日漏洞等完全無法控制的情況,您的博客都難以倖免。Identityplus 使用 TLS 級別身份認證,這意味著當訪問設備未提供正確的 PKI 憑證時,登錄頁面將永遠不會加載。訪問者只需被引導離開敏感頁面,因此無法進行任何攻擊,無論是暴力破解、憑證盜取或零日攻擊等。沒有登錄頁面,沒有問題…
VPN 進入您的管理面板
僅從您的計算機訪問管理面板...
在瀏覽器中擁有 PKI 身份識別是一件強大的事情。由於服務器期望該身份存在,因此它不僅基於用戶限制訪問,也基於計算機限制訪問。因此,您的管理面板實際上無法從世界上任何其他計算機訪問。要訪問您的管理面板,黑客必須窃取您的計算機並從中訪問。
從未有過的 SSO
更簡單、更快、更安全。無需任何操作即可進行登錄……
一旦您開始使用 Identityplus,您會發現幾乎不需要執行任何操作,您只會注意到您已經登錄。不要害怕,您已經登錄是因為您的計算機已被認證,並在您能夠執行任何操作之前進行識別。但是由於您還使用密碼或指紋登錄了所使用的設備 (筆記本電腦/手機),因此您實際上正在執行二因素身份驗證,而且甚至不會注意到它。但是,當您的證書閒置時,偶爾會注意到需要輸入您的 Identityplus PIN。這實際上是三因素身份驗證,一體化解決方案。
信任網路
獎勵好行為和封鎖垃圾郵件,而不僅僅是一個垃圾郵件...
當設備擁有無法造假的身份時,令人驚奇的事情發生了:如果您將訪問評論區的訪問限制為僅允許擁有 Identityplus 證書的設備,那麼每當您批准一個評論時,您都會發送信任令牌給該證書所有者,告訴 Identityplus 您信任所有者。現在其他博客也可以信任他,他正在穩步建立一個與任何惡意機器人不同的個人檔案。相反,當您將評論標記為垃圾郵件時,您告訴 Identityplus 這是一個惡意實體,我們封鎖該證書,確保該設備無法再用於發布垃圾郵件。現在,我們不再只是阻止垃圾郵件本身,而是封鎖發送垃圾郵件的實體。
原文外掛簡介
Identityplus is a novel security solution based on PKI (Public Key Infrastructure) called a network of trust. It features an all-in-one 2 (ocasionally 3) factor authentication and TLS level authentication making your site more secure than ever. Additionally it enables site owners to collaborate in defending against criminality by allowing them to send feedback on certificates and their oweners. With Identityplus, when a spam is reported, we are not only preventing the same spam being posted anywhere else, we are effectively preventing the spammer sending any other kind of spam, anywhere else. Keep on reading for a brief intro into this powerful technology.
Log In, Before A Login Page
Why Identityplus Is Better Than Any 2 Factor Authentication …
Whenever you deal with application level login, whether it’s one factor, two factor or any factor for that matter, you need a login page. This page must load before it gets the chance to see who is visiting, which is why Worpress has a protection against repeated login attempts. This can stop bots, to a certain degree, but if you happen to have an application vulnerability that can be used by a hacker to bypass login, whether you forgot to updated your WordPress or something totally out of your control like zero day vulnerability in PHP, your blog is toast, regardless of how many factors of authentications you have.
Identityplus uses TLS level authentication, which means the visiting device is authenticated before the login page loads. If the proper PKI credentials are not presented by the device, the page will never, ever load. The visitor is simply directed away from the sensitive page and hence is unable to perform any kind of attack, be that brute force, credential theft or zero day for that matter. No login page, no problem …
A VPN Into Your Admin Panel
Make Your Admin Panel Accessible Only From Your Computers …
Having a PKI indenity in your browser is a powreful thing. Because the server expects that identity to be there, it does not only limit access by the user, it also limits access based on computer. As such, your admin panel becomes literally inaccessible from any other computer in the world. To access your admin panel, a hacker must steal your computer and access it from there.
SSO Like Never Before
Simpler, Faster, More Secure. Sign In Without Having To Do Anyting …
Once you start using Identityplus, you will see you are hardly asked to do anything, you’ll just notice you are logged in. Don’t get scared, you are logged in because your computer is certified and it’s being identified before you would have the chance to do anything. But since you also logged in with your password or your fingerprint into the device you are using (laptop / mobile phone), you are actually performing 2 factor authentication without even noticing it. You will occasionally notice however, as your certificate becomes idle, that you are being asked for your Identityplus PIN. That’s actually the third factor authentication, all in one solution
A Network Of Trust
Reward Good Deeds And Block The Spammer, Not The Only Spam …
When devices wear an impossible to forge identity, something amazing happens: if you restrict access to your comment section to devices with Identityplus certificates, whever you approve a comment, you are sending tokens of trust to the owner of that certificate telling Identityplus that you trust the owner. Now other blogs can trust him too, and he is steadily building a profile that defferentiates him from any malicius bot. Conversely, when you mark a comment as spam, you’ll be telling Identityplus that this is a malicious entity, and we block the certificate making sure the device can’t be used to post spam again. Now we are no longer only stopping spam, we are collectively working on stopping the spammer.
Enjoy 10 Connected Users For Free
Free Certificates, Free API Up To 10 Connected Users, Unlimited Validations For Free …
A connected user is a user that can be signed in automatically via Identityplus into a service using Identityplus. If that service is your personal blog, you probably don’t have more than 10 users who regularly sign into the administrative section of your WordPress installation. If that’s the case, you will never have to pay for Identityplus. Visitors that comment with Identityplus accounts that are not connected to local accounts do not count. For this reason the plugin will only connect administrator accouns by default. If you need log more than 10 users into your back-end, you’ll need a business account, the cost of which scales with the number of your active users. Check our the pricing section for details.
2.4.3
Tested with WordPress 6.1.1
2.4.2
Minor bug fixes and tested with WordPress 6.0
2.4.1
Minor bug fixes
2.4
Tested with WordPress 5.7
2.3
Minor update and tested with WordPress 5.5
2.2
Tested with WordPress 5.3.2
2.1
We’ve replaced the necessity to validate the domain with an uploaded file with an automatic callback to achieve even less friction when you install the plug in.
2.0
This is a major update. We recommend deactivating the “Enforce Identity + Device Certificate” flag for safety during certificate update.
Added automatic & one click API certificate renewal. This grately improves user experience for maitaining the Identity Plus plugin and prevents accidental certificate expiration, which may cause service outage.
Integrated the new service installation proces via automated wizard. It is no longer needed for the user to log into identity plus account and issue certificate before installation. Using the mobile application, or registered device, you can now onboard the service, issue the certificate and activate identity plus in one short flow.
We’ve also moved the certificate storage from file to the database for enhanced security.
1.6.4
Minor bug fix
1.6.3
Moved the legacy certificate validation endpoint from https://get.identity.plus to https://signon.identity.plus. The get endpoint will now exclussively handle the certificate issuing and installation process.
If you encounter problems while using legacy redirect and you land on get. subdomain, simply click the “back to single sign on” link to return to original flow. Please update your plugin to avoid this behavior. Sorry for the inconvenience.
1.6.2
Minor bug fix
1.6.1
Minor bug fix
1.6
Migrated to v1.1 Identityplus API. Identityplus plugin now allows individual wordpress users to connect their accounts on-demand. This new version also lifted the 10 accounts limit for non-corporate certificates, meaning that not-for-profit sites (public benefit or personal sites that produce no revenue) can connect any number of accounts at no cost.
1.5
Verified compatibility with WordPress 4.9.8.
Corrected minor bugs.
1.4 beta
Verified compatibility with WordPress 4.9.1.
Corrected minor bugs.
1.2 beta
Corrected WordPress coding practice issues and fixing
1.1 beta
We’ve restricted automatic login for pages that are filtered so that bots would not be bothered by the presence of the plugin.
1.0 beta
Version 1.0 beta is the first version of the Identityplus plugin, and it contains the minimum set of functionality and configuration options. Nevertheless, it will give your site an incredible security boost and at the same time it will improve user experience. Please take a moment to familiarize yourself with the core concepts so that you can take maximum advantage of this powerful security technology.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Identityplus」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
延伸相關外掛(你可能也想知道)
Akismet Anti-spam: Spam Protection 》Akismet會檢查您的評論和聯繫表單提交,將它們與全球垃圾郵件數據庫進行比對,以防止站點發佈惡意內容。您可以在部落格的“評論”管理畫面中檢查評論垃圾郵件的...。
Antispam Bee 》用 Antispam Bee 保障你的 WordPress 博客或網站免受評論垃圾郵件的困擾。這個外掛可以有效地阻止垃圾評論和引用,不需要驗證碼,也不會將個人信息發送給第三...。
Spam protection, Anti-Spam, FireWall by CleanTalk 》Forms spam filter, Plugin extends spam protection for Gravity Forms. It filters spam submissions for each form created with Gravity Forms., MemberP...。
Disable Comments 》Disable Comments Plugin 是一個供管理員完全關閉網站評論功能的工具。我們的外掛程式可以全域性地關閉所有文章、頁面和附件的評論功能,移除所有相關的功能...。
Comments – wpDiscuz 》wpDiscuz是一個具有自訂評論表單和欄位的AJAX即時評論系統,旨在加強WordPress原生評論功能。速度超快且具有數十種功能,是Disqus和Jetpack Comments的最佳替...。
Disqus Comment System 》Disqus 是網路上最受歡迎的評論系統,被數百萬的出版商信任,以增加讀者參與度、成長觀眾及流量、以及賺取內容。Disqus 協助各種尺寸的出版商直接與其觀眾互...。
Cookies for Comments 》這個外掛將會在你的部落格 HTML 的原始碼中新增一個樣式表或圖片。當瀏覽器讀取該樣式表或圖片時,會放置一個 Cookie。如果有使用者在這之後留下評論,該 Coo...。
Throws SPAM Away 》這個外掛的開發旨在打擊海外的評論垃圾郵件,目前以下的篩選器被用來判定垃圾郵件。, ・日語篩選(是否包含日語), 只有留言中包含日語字符才能被發布,沒...。
Subscribe to Comments 》Subscribe to Comments是一個強大的 WordPress 外掛,讓留言者可以訂閱文章回覆的電子郵件通知。此外掛還包括一個完整的訂閱管理工具,使留言者可以取消訂閱...。
Disable Comments 》此外掛完全禁用網站前端和後端的評論功能:, * 隱藏現有評論, * 在前端關閉評論, * 禁用評論、引用通告和Ping的支援, * 重新導向任何試圖訪問評論頁面的使用...。
WordPress Native PHP Sessions 》 , WordPress 核心不使用 PHP sessions,但有時您的使用案例、外掛或佈景主題可能需要使用它們。, 此外掛實現了 PHP 的原生 session handlers,後台由 WordPr...。
Subscribe To Comments Reloaded 》Subscribe to Comments Reloaded 是一個功能強大的外掛,讓留言者可以訂閱後續評論的電子郵件通知。此外掛還包括一個完整的訂閱管理器,讓留言者可以取消訂閱...。
Post-Plugin Library 》Post-Plugin Library 是一個共享代碼庫,並沒有獨立的功能,必須安裝它才能為 Similar Posts、Recent Posts、Random Posts、Popular Posts 和 Recent Comment...。
One Click Close Comments 》使用者可以從文章管理頁面(‘編輯文章’)及頁面管理頁面(‘編輯頁面’)中,對於他們有足夠權限進行更改的文章關閉或開啟評論(基本上是管...。
No Page Comment 》直到最近,WordPress 提供兩種選擇:你可以默認禁用所有頁面和文章的評論和引用追蹤,或者你可以啟用它們。在WordPress 4.3 版本中,這種情況終於改變,所以...。