內容簡介
因為缺乏興趣(包括我自己和根據下載次數),此外接不能更新至 WP 3.0
WordPress 的驗證 cookie 包括內建的到期日(根據是否勾選「記住我」選項,可為2或14天)。即使您刪除了客戶端 cookie(手動登出或僅關閉瀏覽器,如果在登入時未勾選「記住我」),cookie 中存儲的數據仍然有效,直到到期日到達。
如果有人設法「竊取」了您的 cookie,這可能會成為問題。他們在未來的某個時候仍能夠訪問您的網站。
此外接將在您手動登出時立即使您的驗證 cookie 失效。當然,這也意味著您必須手動點擊「登出」,以使此外掛正常運作(您不能僅關閉瀏覽器以刪除在會話結束時到期的任何 cookie)。這將無法防止會話劫持,但應該可以限制攻擊者可以訪問您的網站的時間。
外掛標籤
開發者團隊
② 後台搜尋「Invalidate Logged Out Cookies」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
Due to lack of interest (both my own and based on the number of downloads) this plugin will not be updated for WP 3.0
WordPress’ auth cookies include a built-in expiration date (either 2 or 14 days depending on if the ‘Remember Me’ option is checked). Even if you remove the client-side cookie (by manually logging out or just closing your browser if ‘Remember Me’ wasn’t checked when logging in) the data that was stored within the cookie is still valid until the expiration date is reached.
This could be an issue if someone managed to “steal” your cookie(s). They would still be able to access your website for some time into the future.
This plugin will immediately invalidate your auth cookies when you manually log out. This, of course, also means that you have to manually click ‘Log out’ for this plugin to work properly (you can’t just close your browser to remove any cookies that expire at the end of the session). This won’t prevent session hijacking, but should limit the amount of time that an attacker can access your website.
