外掛標籤
開發者團隊
原文外掛簡介
Server-side, non-blocking request logging with a local queue, batched delivery,
exponential-backoff retries, a circuit breaker, query-parameter redaction, and
path filtering. Admin actions use the WordPress REST API.
Configuration
Settings -> nBlick Signal Agent. Set the API key (or define NBLICK_SIGNAL_API_KEY
in wp-config.php), enable logging, and use the Status tab to send a test event.
External services
This plugin connects to the nBlick Signal API, a third-party service, to provide
bot detection and traffic analysis. This connection is essential to the plugin’s
purpose: request data collected on your site is transmitted to nBlick for
analysis, and the plugin does nothing useful without it.
What is sent, and when:
The plugin sends batches of request metadata to the nBlick Signal ingest
endpoint (default: https://api.trynblick.com/signals/wordpress) on a recurring
background schedule (via WP-Cron) whenever logging is enabled and queued data
exists, and once when you click “Send Test Event”.
Each request record may contain: the visitor’s IP address, the request method,
host, path, HTTP status code, user agent, referer, response size, request
duration, a timestamp, query-string parameters (with sensitive keys such as
passwords and tokens redacted), a per-site identifier (UUID), and a schema
version number.
Only public front-end traffic is sent. WordPress admin, login, REST API, AJAX,
cron, WP-CLI, and any paths you exclude are never collected or transmitted.
Authentication uses an API key you provide, sent in the X-NBlick-Signal-Key
request header.
The IP address is transmitted in full because it is required for the service’s
bot-detection and reverse-DNS analysis.
This service is provided by nBlick. By using the plugin you are sending the data
described above to nBlick. Please review their terms and privacy policy:
Terms of service: https://trynblick.com/terms-of-service
Privacy policy: https://trynblick.com/privacy-policy
Privacy
The plugin is server-side only. It sets no cookies and performs no client-side
or browser tracking.
Sensitive query parameters (configurable; by default password, pass, token,
auth, authorization, apikey, api_key, secret, card, cc, ssn and similar) are
redacted to “[REDACTED]” before storage and transmission.
Captured data is queued in a local database table and removed after it is sent
successfully, or purged after the configured retention period (default 7 days).
When the Sodium PHP extension is available, the API key is encrypted at rest
using your site’s authentication salts; defining NBLICK_SIGNAL_API_KEY in
wp-config.php avoids database storage entirely.
Because the plugin transmits visitor IP addresses to a third party, you may
need to disclose this in your own site’s privacy policy depending on your
jurisdiction (e.g. GDPR/CCPA).
