[WordPress] 外掛分享： Media File Limiter

內容簡介

**總結：** Media File Limiter 是一個輕量且高效的外掛程式，旨在增強您的 WordPress 上傳安全性。它限制最大上傳文件大小（以MB為單位），並阻止特定危險的文件擴展名（例如 .exe、.php、.html、.js），從而防止惡意或過大的文件被上傳到您的媒體庫中。此外，它能夠在上傳過程的最早階段通過 wp_handle_upload_prefilter 鉤子操作，確保在 WordPress 處理之前就阻止危險文件。

- Media File Limiter 是用來幫助強化 WordPress 上傳安全性的輕量且高效的外掛程式。
- 可以限制最大上傳文件大小（以MB為單位），並且阻止特定危險文件擴展名的上傳，以避免惡意或過大文件進入您的媒體庫。
- 這款外掛程式與傳統文件驗證不同，它在上傳過程的最早階段通過 wp_handle_upload_prefilter 鉤子操作，確保危險文件在 WordPress 處理之前被阻止。
- 主要特點：
- 設定自訂的最大上傳文件大小（以MB為單位）。
- 定義禁止的文件擴展名（以逗號分隔）。
- 顯示當前 PHP/WordPress 上傳限制作為參考。
- 早期階段的安全執行 — 在文件到達媒體處理之前。
- 完全可翻譯並具有國際化支持（使用 media-file-limiter 文本域）。
- 兼容多站點環境。

外掛標籤

開發者團隊

原文外掛簡介

Media File Limiter is a lightweight and efficient plugin designed to strengthen your WordPress upload security.
It limits the maximum upload file size (in MB) and blocks specific dangerous file extensions (e.g., .exe, .php, .html, .js), preventing malicious or oversized files from being uploaded to your media library.
Unlike traditional file validation, this plugin operates at the earliest possible stage of the upload process via the wp_handle_upload_prefilter hook, ensuring that dangerous files are blocked before WordPress processes them.
Key Features
Set a custom maximum upload size (in MB).
Define forbidden file extensions (comma-separated).
Displays current PHP/WordPress upload limits for reference.
Early-stage security enforcement — before files reach media processing.
Fully translatable and internationalized (media-file-limiter text domain).
Compatible with multisite environments.
Why This Plugin?
WordPress allows large files and executable extensions under certain misconfigurations, which can lead to:
Server performance degradation.
Potential remote code execution (RCE) risks.
Media library clutter and upload errors.
Media File Limiter addresses these issues with a simple, configurable interface under the WordPress “Settings → Media Limit” page.
License
This plugin is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or any later version.
This plugin is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Additional Notes
The plugin follows WordPress Coding Standards (WPCS).
All options use the Settings API (register_setting / add_settings_field).
Security first: early execution priority (wp_handle_upload_prefilter, priority 1).
Uninstall hook (register_uninstall_hook) ensures full cleanup.

延伸相關外掛

Wordfence Security – Firewall, Malware Scan, and Login SecurityWordfence Security 是最受歡迎的 WordPress 安全防護外掛，...Hostinger ToolsHostinger Tools 是一款多合一網站管理外掛，協助 WordPress ...Really Simple Security – Simple and Performant Security (formerly Really Simple SSL)le Plugins include Complianz GDPR, Disable Updates Manage...Jetpack – WP Security, Backup, Speed, & GrowthJetpack 是一款多合一 WordPress 外掛，整合網站安全防護、自...Limit Login Attempts Reloaded – Login Security, 2FA, Brute Force Protection & FirewallLimit Login Attempts Reloaded 是一款強大的安全外掛，旨在...ManageWP WorkerManageWP Worker 是一款專為管理多個 WordPress 網站而設計的...Security Optimizer – The All-In-One Protection PluginSecurity Optimizer 是一款全方位的 WordPress 安全外掛，能...Safe SVGSafe SVG 可以讓你安心地在 WordPress 中上傳 SVG 檔案！ 它...LoginizerLoginizer 是一款 WordPress 安全防護外掛，主要用於阻擋暴力...All-In-One Security (AIOS) – Security and FirewallAll-In-One Security (AIOS) 是一款功能全面的 WordPress 安...User Role Editor「User Role Editor」WordPress 外掛讓您輕鬆更改使用者角色...MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple SitesMainWP Child 外掛可將你的 WordPress 網站安全連線至自架的 ...Solid Security – Password, Two Factor Authentication, and Brute Force ProtectionSolid Security 是一款專為 WordPress 網站設計的安全外掛，...Sucuri Security – Auditing, Malware Scanner and Security HardeningSucuri Security 外掛旨在保護您的 WordPress 網站，提供全面...SiteGuard WP Plugin版本: 1.6.7 您可以在日文網頁和英文網頁上找到文件、常見問...