前言介紹
- 這款 WordPress 外掛「LoginShield for WordPress」是 2021-04-13 上架。
- 目前有 10 個安裝啟用數。
- 上一次更新是 2022-02-07,距離現在已有 1480 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
- 外掛最低要求 WordPress 4.4 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.2 以上。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
2FA | login | 2 Factor | phishing | authentication |
內容簡介
LoginShield 是一個身分驗證系統,具有一個點登入、數位簽章、強大的多重驗證和防釣魚保護等功能。這是一個免密碼登入方案,只需輕輕一點就能登入!
WordPress 的 LoginShield 可以取代登入頁面,使用以下安全程序:
輸入使用者名稱
如果使用者存在且啟用了 LoginShield,則使用 LoginShield;否則,請輸入密碼
LoginShield 應用程式可在 Android 和 iOS 上使用。請在此處下載應用程式。
好處
消除釣魚攻擊和密碼攻擊
使用一鍵式免密碼驗證方式安全快速地登入網站
無需記住密碼
不必定期更換密碼以提高賬戶安全性
功能
自助啟用
在安裝和設置 LoginShield 插件後,使用者可以在自己的個人檔案設置頁面輕鬆啟用 LoginShield。
一鍵式登入
您和使用者只需輕輕一點即可登入 WordPress 網站。
欲了解更多詳情,請閱讀一鍵式登入。
數位簽章
賬戶遭受黑客攻擊的最常見方式是密碼不安全或密碼外洩。這就是為什麼許多網站要求使用者設置帶有特殊字符的密碼,並定期更換密碼。但是這對用戶來說很煩人,並不能保證他們實際上會選擇一個安全的密碼。
LoginShield 使用數位簽章而非密碼進行驗證。這使得 LoginShield 成為一個不需要密碼的身份驗證系統。
數位簽章提供比密碼更強大的帳戶保護,並且不需要使用者想出或記住任何密碼。LoginShield 會自動為每個網站生成並使用單獨的憑證,因此您可以使用同一個 LoginShield 應用程式登錄多個網站。
LoginShield 使用強大的現代加密演算法和參數,確保您的帳戶獲得最佳保護。
強大的多重驗證
LoginShield 應用程式本身可以受到密碼(不會離開行動裝置)或指紋的保護。這比許多網站使用的標準雙重身份驗證更好。
欲了解更多詳情,請閱讀身份驗證要素。
防釣魚保護
LoginShield 是唯一提供防釣魚保護的身份驗證解決方案。
許多數據泄漏都是從釣魚電子郵件開始的,該郵件欺騙用戶登錄冒充真實網站的攻擊者的網站。任何使用密碼登錄的網站都容易受到攻擊。
使用標準雙因素身份驗證代碼的網站也容易受到攻擊 - 無論是通過短信發送代碼還是使用 OTP 應用程序顯示代碼,輸入該代碼後,釣魚攻擊者也會得到該代碼。
使用具有推送通知的驗證器應用程式的網站也容易受到攻擊,因為它們在您點擊應用程式中的“登入”按鈕時不會確認您是否在正確的網站上。
只有 LoginShield 能夠檢測到使用者未訪問可信網站,並將使用者定向到正確的網站。
原文外掛簡介
LoginShield is an authentication system that features one-tap login, digital signatures, strong multi-factor authentication, and phishing protection. This is a passwordless login solution. Login with one tap instead of a password!
LoginShield for WordPress replaces the login page with the following secure sequence:
Prompt for username
If user exists and has LoginShield enabled, use LoginShield; otherwise, prompt for password
The LoginShield app is available for Android and iOS. Get the app.
Benefits
Eliminate password and phishing attacks on user accounts
Quick and secure way to log in with one-tap, passwordless login
Don’t need to remember a password
Don’t need to rotate passwords for safety
Features
Self-service activation
After you install and set up the LoginShield plugin, users can easily activate LoginShield for themselves in their profile settings page.
One-tap login
You and your users can log in to your WordPress site with just one tap.
For more information, read about one-tap login.
Digital signatures
Some of the most common ways that accounts are hacked are weak passwords and stolen passwords. This is why so many sites require users to come up with passwords that have special characters, and to change their passwords periodically (in case a current password was reused somewhere and cracked). But this is annoying to users and doesn’t guarantee they will actually pick a secure password.
LoginShield uses digital signatures for authentication instead of passwords. This makes LoginShield a passwordless authentication system.
Digital signatures are far stronger protection for an account than passwords, and they don’t require the user to come up with anything or remember anything. LoginShield automatically generates and uses a separate credential for each website, so you can use the same LoginShield app to login to multiple sites.
LoginShield uses strong, modern cryptographic algorithms and parameters to ensure your accounts get the best protection available.
Strong multi-factor authentication
The LoginShield app itself can be protected by a password (which never leaves the mobile device) or a fingerprint. This is far better protection than the standard two-factor authentication that many sites use.
For more information, read about authentication factors.
Phishing protection
LoginShield is the ONLY authentication solution to offer phishing protection.
Many data breaches start with a phishing email, tricking the user to log in to the attacker’s website that is impersonating the real website. Any website that uses passwords to log in is vulnerable to this.
Websites that use standard two-factor authentication codes are also vulnerable — whether they send the code via SMS or use an OTP app to display it, the fact that you enter that code into the website after the password prompt means a phishing attacker will also get the code.
Websites that use an authenticator app with push notifications are ALSO vulnerable to this, because they don’t confirm that you’re at the correct website when you tap the “login” button in the app.
Only LoginShield is able to detect that the user is not at a trusted website and route the user to the correct website, completely circumventing a credential-theft phishing attack.
For more information, read about phishing protection.
Pricing
For current pricing and free trial details, visit our website.
Managing your LoginShield subscription
You can visit https://loginshield.com to manage your LoginShield subscription.
Privacy
The plugin shares the following information with LoginShield. For more information, see our Privacy Policy.
Site Name, Site Icon, and Site URL
When you activate and set up the plugin, it sends the site name, icon, and URL to LoginShield. This information is later displayed in the LoginShield app during login. If you deactivate or uninstall the plugin, and want to delete this information, you can visit https://loginshield.com to delete your LoginShield account where this information is stored.
User Name and Email
When a user activates LoginShield in their profile settings, their name and email address are sent to LoginShield to register the user.
This information is later used by LoginShield for service-related communication with the user, such as our phishing protection feature. We DO NOT sell or share this information with anyone else, except as required by law. If the user deactivates LoginShield, and wants to delete this information, the user can visit https://loginshield.com to delete their LoginShield account.
Client ID
When you activate the plugin, the plugin registers itself with LoginShield and receives a unique client ID. This client ID is then associated with the site name, icon, and URL, and is used to identify the WordPress site to LoginShield in all further backend communication, and is required so that users will be able to continue to log in even when you change the site name.
Realm-Scoped User ID
When a user activates LoginShield in their profile settings, a unique user id is generated and sent to LoginShield to register the user. This user id is NOT the same as the user’s WordPress user id, and is required so that a LoginShield user will be able to continue to log in even when they change their email address. If the user deactivates LoginShield, and wants to delete this information, the user can visit https://loginshield.com to delete their LoginShield account.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「LoginShield for WordPress」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
trunk | 1.0.12 | 1.0.13 | v1.0.8 | v1.0.9 | v1.0.10 | v1.0.11 | v1.0.14 | v1.0.15 | v1.0.16 |
延伸相關外掛(你可能也想知道)
Wordfence Security – Firewall, Malware Scan, and Login Security 》fective way to manage multiple WordPress sites with Wordfence installed from a single location., Monitor security status across all your sites from...。
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 》le Plugins include Complianz GDPR, Disable Updates Manager, and Really Simple CAPTCHA., , Really Simple SSL是一個外掛,自動配置你的網站最大程度上使...。
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall 》Limit Login Attempts Reloaded 是一款WordPress外掛,可阻止暴力破解攻擊並透過限制常規登錄、XMLRPC、Woocommerce和自訂登錄頁面的登錄嘗試次數來優化您的...。
Two Factor 》在「使用者」→「您的個人檔案」下的「雙因素認證選項」部分,啟用和設定一個或多個雙因素認證提供者:, , 電子郵件代碼, 時間同步一次性密碼(TOTP), FIDO通...。
WP 2FA – Two-factor authentication for WordPress 》這是一款免費且易於使用的 WordPress 二階段驗證外掛。, 在 WordPress 網站登錄頁面和使用者上加入額外的安全層。啟用兩階段驗證(2FA),它是保護使用者免於...。
Wordfence Login Security 》WORDFENCE 登入安全性, Wordfence 登入安全性包含在完整的 Wordfence 插件中發現的功能子集:雙因素驗證、XML-RPC 保護和登入頁 CAPTCHA。, 你正在尋找全面的...。
WP Hide & Security Enhancer 》WP-Hide 推出了最簡單的方法,完全隱藏 WordPress 核心文件、登錄頁面、佈景主題和外掛程式的路徑,使其不會顯示在前端,這是 Site Security 的一個巨大改進...。
Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 》你一定會喜歡的功能, , 獨家AntiBot Detection Engine - 強大的替代 Google reCAPTCHA 和 CloudFlare Turnstile。, 自動防止機器人和 IP - 基於評分的安全智...。
Two Factor Authentication 》>WordPress 二次驗證, 此外掛使用雙重認證(TFA / 2FA)來增強 WordPress 的登入安全性。啟用此功能的使用者需輸入一次性密碼才能登入。本掛件由UpdraftPlus ...。
Login With Ajax – Fast Logins, 2FA, Redirects 》Login With Ajax 是針對需要用戶登錄或註冊的網站,希望避免使用常規的WordPress登錄頁面或在常規登錄頁面添加 AJAX 特效的外掛。此外掛能夠在側邊欄上添加帶...。
Two Factor (2FA) Authentication via Email 》WordPress是全球最受歡迎的內容管理系統(CMS),超過40%的網站正在運行它。因此,WordPress已成為黑客利用漏洞入侵網站的目標。增強WordPress網站安全性的...。
miniOrange 2-factor Authentication (2FA with SMS, Email, Google Authenticator) 》Google Authenticator – 雙重因素(2FA / OTP) –, 使用 TOTP 登入 2FA 方式,如 Duo/Microsoft/Google Authenticator,來保護您的 WordPress 網站登入頁面。, ...。
WP 2-step verification 》WordPress 2步驟驗證(Wp2sv)為您的 WordPress 帳戶增加了額外的安全層。, 除了您的用戶名和密碼,當您登入時,您還需要輸入由 Android/iPhone/Blackberry ...。
OTP Login & Register Woocommerce 》現場示範, 允許使用者通過在您的行動裝置上收到的一次性密碼(OTP)登錄/註冊。, 特色與選項:, , 向註冊表單添加電話號碼欄位, 無需記住電子郵件/密碼,使用 OT...。
WebAuthn Provider for Two Factor 》此外掛為 Two Factor 外掛新增 WebAuthn 支援。, 由於 U2F API 已被停用並將在 2022 年 2 月被移除,此外掛可使之前註冊的 U2F 安全金鑰仍能自動支援,使用者...。