外掛標籤
開發者團隊
② 後台搜尋「JR Security Hardening and Login Protection」→ 直接安裝(推薦)
原文外掛簡介
JR Security Hardening and Login Protection secures your WordPress installation at the application level with one-click hardening modules. Designed to be secure by default and Cloudflare compatible.
Included modules:
Disable XML-RPC — Full block (filter + hard block) to prevent brute force attacks and pingback DDoS.
Hide WordPress version — Removes version from generator meta and CSS/JS assets.
Disable file editor — Prevents theme and plugin editing from the admin panel (DISALLOW_FILE_EDIT).
Disable emojis — Removes WordPress emoji scripts and styles, improving performance.
Block user enumeration (?author= and /author/) — Dual-layer protection against username discovery.
Block REST enumeration (wp-json users) — Prevents enumeration via the WordPress REST API.
Block sensitive paths/files — Blocks access to readme.html, license.txt, .env, .git, composer.json, etc. (only what passes through WordPress).
Security headers — X-Content-Type-Options, Referrer-Policy, Permissions-Policy, X-Frame-Options, HSTS (HTTPS only) and removal of technology-revealing headers.
Login protection — Rate limiting by IP and by user+IP with configurable temporary lockout.
IP whitelist — Excludes trusted IPs from rate limiting to avoid accidental lockouts.
Email notification — Receive an email when an IP is locked out due to too many failed login attempts.
Activity log — Security event logging in a dedicated database table with configurable retention and automatic cleanup via cron.
Ready-to-use server rules — Code for Apache (.htaccess) and Nginx to block static files that WordPress cannot reach.
Smart IP detection:
Native support for Cloudflare (CF-Connecting-IP).
Option to trust X-Forwarded-For / X-Real-IP behind trusted proxies.
Fallback to REMOTE_ADDR.
Clean uninstall:
When the plugin is deleted, all options, the events table and transients are removed. No data is left behind in your database.
