前言介紹
- 這款 WordPress 外掛「NHR Secure – Login Security, Firewall, 2FA & Audit Log」是 2025-12-03 上架。
- 目前尚無安裝啟用數,是個很新的外掛。如有要安裝使用,建議多測試確保功能沒問題!
- 上一次更新是 2026-02-07,距離現在已有 19 天。
- 外掛最低要求 WordPress 6.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
nhrrob |
外掛標籤
2FA | security | Debug log | hide admin | login protection |
內容簡介
<!DOCTYPE html>
<html>
<body>
<h2>WordPress 網站輕鬆維持安全性</h2>
<ul>
<li>隱藏或保護管理區免受未經授權訪問。</li>
<li>限制登錄嘗試以防止暴力攻擊。</li>
</ul>
<h3>快速檢視功能:</h3>
<ul>
<li>⚡ 限制登錄嘗試:通過在多次失敗登錄嘗試後暫時封鎖 IP,阻止暴力攻擊。</li>
<li>🌟 輕量&簡約:通過最小代碼提供最大安全性。無需複雜的設置或配置。</li>
<li>💬 簡單&有效:安裝、啟用,立即為您的網站提供保護。</li>
</ul>
</body>
</html>
原文外掛簡介
Keep your WordPress site safe with minimal effort. NHR Secure helps you:
Hide or protect your admin area from unauthorized access.
Limit login attempts to prevent brute-force attacks.
Hide debug logs to prevent sensitive information disclosure.
Add 2FA to your WordPress site.
Scan core files, plugins, and themes for known vulnerabilities.
Monitor site health with one-click security recommendations.
Protect against SQL injection, XSS, and LFI attacks.
Block malicious IPs and entire countries.
Features at a glance:
🔒 Limit Login Attempts
Stop brute-force attacks by temporarily blocking IPs after repeated failed login attempts.
– Configurable attempt limit (1-20, default: 5)
– Blocks based on IP + Username combination
– Auto-unblock after 2 hours
🔐 Custom Login Page
Hide wp-login.php and use a custom login URL.
– Default custom URL: /hidden-access-52w
– Blocks direct access to wp-login.php and wp-admin for guests
🛡️ Protect Debug Log File
Blocks direct access to /wp-content/debug.log
– Returns 403 Forbidden for all users
⚙️ Modern Settings Page
Configure everything from a beautiful React-powered interface.
– Located under Tools → NHR Secure
– Dark Mode support for comfortable viewing
– Enable/disable each feature
🔐 Two-Factor Authentication (2FA)
Enable two-factor authentication for users.
– Support for Authenticator Apps and Email OTP
– Enforce 2FA for specific user roles (e.g., Administrators)
– Recovery Codes for emergency access
– QR code setup for Authenticator Apps
🛡️ Vulnerability Checker
Automatically scan your installed plugins, themes, and WordPress core against a known vulnerability database.
– Daily automatic scans
– Alerts for critical security issues
– Check file integrity
🖥️ User Session Management
Monitor and control active user sessions to prevent unauthorized access.
– View Active Sessions: See IP, location, device, and login time for all logged-in users.
– Remote Logout: Instantly log out suspicious sessions or all other devices.
– Idle Timeout: Automatically log out inactive users after a set period.
🧱 Hardening & Firewall
Essential security hardening to lock down your WordPress site.
– Disable XML-RPC: Prevent remote attacks and brute-force attempts.
– Disable File Editor: Stop file modifications from the dashboard.
– Hide WP Version: Obscure your WordPress version from attackers.
– Block User-Agents: Prevent bad bots and scrapers from accessing your site.
– Disable User Enumeration: Stop attackers from harvesting usernames via REST API.
📝 Activity Audit Log
Keep a record of important security events on your site.
– Tracks logins, failed attempts, file changes, and settings updates.
– View user, IP, and event details.
– Configurable log retention policy.
🏥 Security Health Check & One-Click Secure
Get an instant overview of your site’s security posture.
– Security Score: View your overall protection percentage and grade (A+ to F).
– Health Dashboard: See which security features are active and which need attention.
– One-Click Secure: Apply recommended security settings instantly.
– 11 Security Checks: Comprehensive analysis of your security status.
🛡️ Advanced Firewall (IPS)
Proactive intrusion prevention system that blocks malicious requests in real-time.
– SQL Injection Protection: Detect and block SQLi attacks automatically.
– XSS Prevention: Stop cross-site scripting attempts.
– LFI Protection: Prevent local file inclusion attacks.
– Pattern Matching: Advanced regex-based detection for common attack vectors.
– Automatic Blocking: Suspicious requests are blocked before they reach WordPress.
🌍 IP & Country Management
Control access to your site with granular IP and geographic filtering.
– IP Whitelist: Allow trusted IPs to bypass all security filters.
– IP Blacklist: Block malicious IPs permanently from your site.
– CIDR Support: Use CIDR notation for blocking entire IP ranges (e.g., 192.168.1.0/24).
– Country Blocking: Block access from 90+ countries using GeoIP lookup.
– Smart Caching: GeoIP lookups are cached for 24 hours for optimal performance.
– Private IP Detection: Automatically skip local/private IPs.
⚡ Lightweight & Minimal
Designed to deliver maximum security with minimal code. No bloat, no complexity.
– Compatible with most WordPress themes and plugins.
External Services
This plugin utilizes the WPVulnerability API to check for vulnerabilities.
– Service: WPVulnerability
– Data: Only plugin slugs and versions are sent. No personal data is collected.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「NHR Secure – Login Security, Firewall, 2FA & Audit Log」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0.2 | 1.0.3 | 1.0.4 | 1.0.5 | 1.0.6 | 1.1.0 | 1.2.0 | 1.3.0 | 1.3.1 | trunk |
延伸相關外掛(你可能也想知道)
Anti-Hacker – Security Plugin 》總結:Anti-Hacker 是一款 WordPress 安全性外掛,能夠強化網址保護功能,提供易用性和強大的功能,並能夠避免網路釣魚、洩漏個資等風險。, , 問題與答案:, ...。
ELU Hide Admin Menu 》ELU 隱藏管理選單外掛可協助您根據使用者角色在 WordPress 管理員區隱藏管理選單及管理工具列項目。只需勾選相對應的選項及使用者角色,然後儲存。您就能為客...。
Obfuscate Admin 》您希望防止使用者進入您的 WordPress 安裝程式的 wp-admin。, 混淆 WordPress 管理員連結以防止意外發現。對於非白名單主機的 /wp-admin 直接請求回傳 404 狀...。
MM Login Customization 》✤ 網站每天都會遭受駭客攻擊。在線世界中保持安全性越來越重要,現在保護您的網站及其所持有的數據至關重要。此外掛程式幫助網站管理員以特定方式保護...。