前言介紹
- 這款 WordPress 外掛「LoginShield for WordPress」是 2021-04-13 上架。
- 目前有 10 個安裝啟用數。
- 上一次更新是 2022-02-07,距離現在已有 1182 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
- 外掛最低要求 WordPress 4.4 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.2 以上。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
2FA | login | 2 Factor | phishing | authentication |
內容簡介
LoginShield 是一個身分驗證系統,具有一個點登入、數位簽章、強大的多重驗證和防釣魚保護等功能。這是一個免密碼登入方案,只需輕輕一點就能登入!
WordPress 的 LoginShield 可以取代登入頁面,使用以下安全程序:
輸入使用者名稱
如果使用者存在且啟用了 LoginShield,則使用 LoginShield;否則,請輸入密碼
LoginShield 應用程式可在 Android 和 iOS 上使用。請在此處下載應用程式。
好處
消除釣魚攻擊和密碼攻擊
使用一鍵式免密碼驗證方式安全快速地登入網站
無需記住密碼
不必定期更換密碼以提高賬戶安全性
功能
自助啟用
在安裝和設置 LoginShield 插件後,使用者可以在自己的個人檔案設置頁面輕鬆啟用 LoginShield。
一鍵式登入
您和使用者只需輕輕一點即可登入 WordPress 網站。
欲了解更多詳情,請閱讀一鍵式登入。
數位簽章
賬戶遭受黑客攻擊的最常見方式是密碼不安全或密碼外洩。這就是為什麼許多網站要求使用者設置帶有特殊字符的密碼,並定期更換密碼。但是這對用戶來說很煩人,並不能保證他們實際上會選擇一個安全的密碼。
LoginShield 使用數位簽章而非密碼進行驗證。這使得 LoginShield 成為一個不需要密碼的身份驗證系統。
數位簽章提供比密碼更強大的帳戶保護,並且不需要使用者想出或記住任何密碼。LoginShield 會自動為每個網站生成並使用單獨的憑證,因此您可以使用同一個 LoginShield 應用程式登錄多個網站。
LoginShield 使用強大的現代加密演算法和參數,確保您的帳戶獲得最佳保護。
強大的多重驗證
LoginShield 應用程式本身可以受到密碼(不會離開行動裝置)或指紋的保護。這比許多網站使用的標準雙重身份驗證更好。
欲了解更多詳情,請閱讀身份驗證要素。
防釣魚保護
LoginShield 是唯一提供防釣魚保護的身份驗證解決方案。
許多數據泄漏都是從釣魚電子郵件開始的,該郵件欺騙用戶登錄冒充真實網站的攻擊者的網站。任何使用密碼登錄的網站都容易受到攻擊。
使用標準雙因素身份驗證代碼的網站也容易受到攻擊 - 無論是通過短信發送代碼還是使用 OTP 應用程序顯示代碼,輸入該代碼後,釣魚攻擊者也會得到該代碼。
使用具有推送通知的驗證器應用程式的網站也容易受到攻擊,因為它們在您點擊應用程式中的“登入”按鈕時不會確認您是否在正確的網站上。
只有 LoginShield 能夠檢測到使用者未訪問可信網站,並將使用者定向到正確的網站。
原文外掛簡介
LoginShield is an authentication system that features one-tap login, digital signatures, strong multi-factor authentication, and phishing protection. This is a passwordless login solution. Login with one tap instead of a password!
LoginShield for WordPress replaces the login page with the following secure sequence:
Prompt for username
If user exists and has LoginShield enabled, use LoginShield; otherwise, prompt for password
The LoginShield app is available for Android and iOS. Get the app.
Benefits
Eliminate password and phishing attacks on user accounts
Quick and secure way to log in with one-tap, passwordless login
Don’t need to remember a password
Don’t need to rotate passwords for safety
Features
Self-service activation
After you install and set up the LoginShield plugin, users can easily activate LoginShield for themselves in their profile settings page.
One-tap login
You and your users can log in to your WordPress site with just one tap.
For more information, read about one-tap login.
Digital signatures
Some of the most common ways that accounts are hacked are weak passwords and stolen passwords. This is why so many sites require users to come up with passwords that have special characters, and to change their passwords periodically (in case a current password was reused somewhere and cracked). But this is annoying to users and doesn’t guarantee they will actually pick a secure password.
LoginShield uses digital signatures for authentication instead of passwords. This makes LoginShield a passwordless authentication system.
Digital signatures are far stronger protection for an account than passwords, and they don’t require the user to come up with anything or remember anything. LoginShield automatically generates and uses a separate credential for each website, so you can use the same LoginShield app to login to multiple sites.
LoginShield uses strong, modern cryptographic algorithms and parameters to ensure your accounts get the best protection available.
Strong multi-factor authentication
The LoginShield app itself can be protected by a password (which never leaves the mobile device) or a fingerprint. This is far better protection than the standard two-factor authentication that many sites use.
For more information, read about authentication factors.
Phishing protection
LoginShield is the ONLY authentication solution to offer phishing protection.
Many data breaches start with a phishing email, tricking the user to log in to the attacker’s website that is impersonating the real website. Any website that uses passwords to log in is vulnerable to this.
Websites that use standard two-factor authentication codes are also vulnerable — whether they send the code via SMS or use an OTP app to display it, the fact that you enter that code into the website after the password prompt means a phishing attacker will also get the code.
Websites that use an authenticator app with push notifications are ALSO vulnerable to this, because they don’t confirm that you’re at the correct website when you tap the “login” button in the app.
Only LoginShield is able to detect that the user is not at a trusted website and route the user to the correct website, completely circumventing a credential-theft phishing attack.
For more information, read about phishing protection.
Pricing
For current pricing and free trial details, visit our website.
Managing your LoginShield subscription
You can visit https://loginshield.com to manage your LoginShield subscription.
Privacy
The plugin shares the following information with LoginShield. For more information, see our Privacy Policy.
Site Name, Site Icon, and Site URL
When you activate and set up the plugin, it sends the site name, icon, and URL to LoginShield. This information is later displayed in the LoginShield app during login. If you deactivate or uninstall the plugin, and want to delete this information, you can visit https://loginshield.com to delete your LoginShield account where this information is stored.
User Name and Email
When a user activates LoginShield in their profile settings, their name and email address are sent to LoginShield to register the user.
This information is later used by LoginShield for service-related communication with the user, such as our phishing protection feature. We DO NOT sell or share this information with anyone else, except as required by law. If the user deactivates LoginShield, and wants to delete this information, the user can visit https://loginshield.com to delete their LoginShield account.
Client ID
When you activate the plugin, the plugin registers itself with LoginShield and receives a unique client ID. This client ID is then associated with the site name, icon, and URL, and is used to identify the WordPress site to LoginShield in all further backend communication, and is required so that users will be able to continue to log in even when you change the site name.
Realm-Scoped User ID
When a user activates LoginShield in their profile settings, a unique user id is generated and sent to LoginShield to register the user. This user id is NOT the same as the user’s WordPress user id, and is required so that a LoginShield user will be able to continue to log in even when they change their email address. If the user deactivates LoginShield, and wants to delete this information, the user can visit https://loginshield.com to delete their LoginShield account.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「LoginShield for WordPress」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
trunk | 1.0.12 | 1.0.13 | v1.0.8 | v1.0.9 | v1.0.10 | v1.0.11 | v1.0.14 | v1.0.15 | v1.0.16 |
延伸相關外掛(你可能也想知道)
Fortytwo – Two-Factor Authentication 》什麼是雙重認證?, 認證 - 驗證您的身份的過程 - 歸納為三個簡單的元素之一:, , 用户知道的事情(PIN,密码), 用户擁有的東西(手機,設備), 用户的身份(...。
CryptoPhoto 》本外掛可為您和所有使用者啟動易於自助式雙因素(或多因素)身分驗證登入。, CryptoPhoto 是世界上最易於使用、最快速、最安全的雙因素(並可選擇多因素)身...。
Authentiq 》Authentiq 外掛可讓使用者使用手機簡單驗證登入您的 WordPress 網站,安全地分享身份識別資料,並可以從遠端登出。, 這個外掛針對有興趣進一步超越使用者名稱...。
Teddy ID Lite 》TeddyID Lite 可以讓您的使用者在不輸入密碼的情況下更安全地登入。, 使用者只需輸入一次密碼,TeddyID 將建議加密並保存密碼。下次使用者嘗試登入時,使用者...。
Teddy ID 》Teddy ID 是一個安全的身份驗證服務,允許您的用戶通過在用戶的手機上點擊一個按鈕而不需要輸入密碼來登錄您的網站,同時保證像現代網上銀行一樣的安全性。每...。