內容簡介
WordPress的API和加密鑰匙管理外掛程式
Lockr是第一個為WordPress提供託管保密管理解決方案的服務,為所有網站提供價格實惠的解決方案來正確管理網站的機密資料,例如外掛程式使用的API和加密鑰匙。Lockr的離線金鑰管理解決方案可防止關鍵漏洞,提供最佳實踐安全措施,以滿足許多行業規定,並提供以深度防禦為基礎的方法來保護資料。Lockr還可以無縫地為您的自定義外掛程式提供AES-256加密,以保護您在網站上的靜態資料。最重要的是,即使它提供了企業級金鑰管理,您也可以免費試用2週!詳細了解請瀏覽http://www.lockr.io。
Lockr功能:
在WordPress中易於配置和設置
簡單的用戶界面,可覆蓋插件存儲的任何選項
安全且可靠的離線金鑰存儲
可與任何API和加密金鑰一起使用
內置AES-256加密功能,保護網站上的資料靜態存儲
99.9%的正常運行時間保證(企業客戶可用SLA)
定期備份
多個區域冗餘
使用Townsend Security的符合FIPS 140-2標準的金鑰管理器支援,您的金鑰符合業界標準的安全保障
Lockr是WordPress的第一個金鑰管理服務。
越來越多的外掛程式正在利用第三方API。為了安全地訪問這些API,需要使用令牌、密鑰或密碼。到目前為止,這些高度敏感的機密資料存儲在您的數據庫中。我們已經看到有必要保護敏感資料和通信,方法是從您的數據庫中移除這些API金鑰,將其加密,並安全地存儲在離線金庫中。這可以限制如果您的站點被入侵或開發人員有本地數據庫副本可能會發生的損害。Lockr使金鑰管理變得簡單。只需安裝WordPress的外掛程式,設置您的帳戶,並開始安全地存儲您的金鑰。Lockr為數以百萬計的站點使用的主要外掛程式提供修補程序,並使用WP-CLI一個指令確定您的外掛程式使用Lockr。
Lockr適用對象是誰?
Lockr可用於所有大小的WordPress網站。Lockr易於使用,適合新手站點業主,對於專業開發人員來說則足夠先進,Lockr能夠保護API和加密金鑰,進而保護網站交易和靜態數據。
針對網站構建者:填寫一個註冊表格,就完成了設置。要與其他插件配合使用,請查找具有Lockr可用性的插件,或者使用我們的補丁庫來更新您喜歡的插件以使用Lockr。
針對開發人員:Lockr提供了一個易於使用的框架,用於從自定義外掛程式中“獲取和設置”金鑰。此外,Lockr提供了一個簡單易用但堅固的AES-256加密功能,確保按照最佳實踐方法對您的數據加密和安全存儲。使用Lockr可以使開發人員安全,從代碼和數據庫中刪除敏感密碼和金鑰機密,遵循安全最佳實踐,以防站點被入侵。
Lockr是否安全?
Lockr可以保護任何API金鑰、密鑰和其他類型的憑證。啟用WordPress後,輸入的金鑰將被加密,然後發送到Lockr系統中,從代碼庫和數據庫中刪除。這種加密與基於主機提供程序的身份驗證結合使用,可以防止在您的網站外使用您的金鑰。Lockr還按照“每個環境”的方式來管理金鑰,這有助於消除從生產環境到開發環境共用金鑰的可能性。您將不再擔心從開發環境發送通知給您的生產用戶,或在開發環境中解密生產數據。
完整詳細說明請參閱http://www.lockr.io。
外掛標籤
開發者團隊
原文外掛簡介
API & ENCRYPTION KEY MANAGEMENT FOR WORDPRESS
Lockr is the first hosted secrets management solution for WordPress, providing an affordable solution for all sites to properly manage site secrets such as API and encryption keys used by their plugins. Lockr’s offsite key management solution protects against critical vulnerabilities, delivers best-practice security to help sites comply with many industry regulations, and provides a Defense in Depth approach to securing your data. Lockr also provides AES-256 encryption to your custom plugins in a seamless manner to protect data at rest in your site. And best of all, even though it delivers enterprise-grade key management, you can try it for 2 weeks free! Learn more at http://www.lockr.io.
Lockr Features:
Easy to configure and setup in WordPress
Simple UI to override any option stored by plugins
Safe and Secure offsite key storage
Works with any API and encryption key
Built-in AES-256 Encryption functions to secure data in your site
99.9% uptime guarantee (SLA Available for Enterprise Customers)
Regular Backups
Multiple Region Redundancy
Backed by Townsend Security’s FIPS 140-2 compliant key manager, your keys are secured to industry standards.
Lockr is the first key management service for WordPress.
More and more plugins are leveraging 3rd party APIs. To securely access these APIs, a token, secret key, or password is necessary. Until now, these highly sensitive secrets were stored right in your database. We’ve seen a major need to secure sensitive data and communications by removing these API keys from your database, encrypting them, and storing safely in an offsite key vault. This limits the damage that could be done if your site is compromised or a developer has a local copy of your database. Lockr makes key management easy. Just install the plugin for WordPress, configure your account and begin securely storing your keys. Lockr provides patches for the major plugins used by hundreds of thousands of sites and with WP-CLI a single command will make sure your plugins use Lockr.
Who is Lockr for?
Lockr is available for WordPress sites of all sizes. Easy to use for the novice site owner and advanced enough for the expert developer, Lockr secures web transactions and data at rest by protecting API and encryption keys.
For Site Builders: fill out a single registration form and you’re set. To use with other plugins, look for those that have Lockr available or use our patch library to update your favorite plugin to use Lockr.
For Developers: Lockr provides an easy to use framework to “get and set” keys from your custom plugin. Additionally, Lockr provides a simple to use yet strong AES-256 encryption function, ensuring your data is encrypted according to industry best-practices and securely stored. Using Lockr helps keep the developer safe, by removing the sensitive passwords and key secrets from the code and database, following security best practices should a site be compromised.
Is Lockr Safe?
Lockr can secure any API key, secret key, and other types of credentials. Once enabled in WordPress, keys entered are encrypted, then sent over to the Lockr system and removed from the code repository and database. This encryption teamed with hosting provider based authentication prevents your key from being used outside your website. Lockr also manages keys on a “per environment” basis which helps eliminate the potential of keys being shared from production to development environments. No longer will you have to worry about sending a notification from development to your production users, or having production data decrypted in development environments.
Leveraging proven enterprise-grade key management technology from Townsend Security, Lockr’s offsite key management delivers best-practice security to protect against critical vulnerabilities and help sites meet PCI DSS, HIPAA and other security requirements and regulations.
This plugin is designed, written and maintained by experts in security, to the end user it is easy to use and understand. Let Lockr handle the difficult part of securing your site, so you can focus on delivering the best experience possible to your users.