內容簡介
總結:OnGuardX的OnGuard外掛是一個訓練於3300萬個連接嘗試的法國詐騙檢測和預防系統,全部托管在歐洲基礎設施上。它將通過電子郵件挑戰可疑的登錄,發送密碼擱置提醒並通過新連接電子郵件警告用戶。此外,這個外掛還提供了內容的多語言支持和連接到SaaS服務API來獲取天氣信息的外部服務。
問題和答案:
1. OnGuard外掛的主要功能是什麼?
- 答:OnGuard外掛主要是一個訓練於3300萬個連接嘗試的法國詐騙檢測和預防系統,用於挑戰可疑的登錄,發送密碼擱置提醒並通過新連接電子郵件警告用戶。
2. 安全,預見性和適應性是OnGuard的哪些附加價值?
- 答:OnGuard的附加價值包括:1.61%的連接可能是帳戶劫持並已被預防;5.52%的用戶使用已在其他網站上被駭客入侵的密碼并得到保護;用戶可以自定義安全設置以保護用戶而不會干擾;在挑戰中,31%的用戶將無法解決挑戰;在大規模攻擊事件中,攻擊者即使擁有正確的密碼也無法登錄;快速集成到架構中,高效率:只需添加外掛並創建客戶端即可。
3. 除了中文(簡體,繁體),OnGuard還支持哪些語言?
- 答:OnGuard還支持以下語言:法語,英語,西班牙語,德語,意大利語,葡萄牙語,荷蘭語,俄語,日語,韓語,阿拉伯語,土耳其語,波蘭語,瑞典語,丹麥語,芬蘭語,捷克語,匈牙利語,希臘語,羅馬尼亞語,印尼語,越南語和泰語。
4. 什麼樣的情況下會將數據發送到OnGuard的服務?
- 答:如果安裝了OnGuard外掛但未設置客戶端憑據到設置頁面上,您無法獲得外掛的好處。在這種情況下,當登錄時,我們將發送您網站的域到我們的服務中,這僅為跟踪目的,只是用來識別您的網站。
外掛標籤
開發者團隊
② 後台搜尋「OnGuard | Advanced French login fraud detection system based on billions of data points.」→ 直接安裝(推薦)
原文外掛簡介
OnGuard by OnGuardX is a French fraud detection and prevention system trained on 33 million connection attempts, all hosted on a European infrastructure. It will challenge suspicious logins by email, send password compromise and warn users with new connection emails.
Getting Started video that explain in details how OnGuard will enhance your login security
OnGuard Plugin needs you to create an account on OnGuard and copy your client credentials on the WordPress OnGuard plugin page. The account creation flow will be your guide for configure your client depending on your needs.
OnGuard added value:
Security: 1.61%* of connections are probably account hijackings and have been prevented.
Anticipation: 5.52%* of users have a password that has already been hacked on other sites and are protected.
Customizable: Customize your security settings to protect users without being intrusive.
Effective: 31%* of challenged users will not solve the challenge.
Survivability: In the event of a massive attack, attackers will fail to log in despite having the right password.
Simple: Quick integration with your architecture, fast efficiency: just add plugin and create a client and that’s all.
*Analysis based on 33M connection attempts by kaggle.com.
Languages compatible
French
English
Spanish
German
Italian
Portuguese
Dutch
Russian
Chinese (Simplified)
Chinese (Traditional)
Japanese
Korean
Arabic
Turkish
Polish
Swedish
Danish
Finnish
Czech
Hungarian
Greek
Romanian
Indonesian
Vietnamese
Thai
External services
This plugin connects to our SaaS service API to obtain weather information.
We list here all the cases when data are sent to our service.
When you did not subscribe to our product
If you have installed this plugin but you didn’t setup your client credentials to the setting page, you can’t take the benefits of the plugin. In this case, during login, we will send the domain of your website to our service. It’s simply for tracking purposes, to let’s us identify misuse of our plugin and help them to use it correctly.
On login success
To be able to challenge or let pass a login that succeed, we need some data.
WordPress user identifier: to be able remember user actions. Purpose is like not challenge again a user on next login on the same device for example.
IP address: to know the condition of the connection, distance between previous logins, is a public IP, the reputation of IP…
email: this information is not stored. It’s only used to analyse email host domain and, of course, be able to send email to the user to challenge him.
Password hash: this information is not stored. And the fact that the password is hashed means that the user’s account cannot be stolen from us. It’s only to verify how many time this password has been associated to hack accounts and send an email to the user to warn him that he has an insecure password.
User Agent: this information is not stored. It’s identify some characteristics of the browser to help us to evaluate the reputation of the user.
Fingerprint cookie: it’s simply a cookie that we store on browser. The purpose is mainly for travelers or VPN users: if a user succeeds a login challenge on a device we know his fingerprint, then if he travels and makes a new connection thousands of miles away, we still let him pass because the fingerprint is trusted.
Browser language: this information is not stored. Simply to know the most appropriated language to send email to the user 🙂
On challenge success
The main feature of this plugin is the ability to challenge suspicious users. To not challenge them again on a trusted device/ip we need to store that he succeeds the challenge.
Login token: after login, a token to identify the challenge is generated by us. This token is sent back after challenge success. We use it to know who’s succeed this challenge
OTP code: the 6 digit code that the user fills on challenge.
On password renewal
As long we warn users during login that the password is not safe, we don’t want to go into an infinite loop: we warn him, he resets the passwords with another leaked password, we warn him again on next login…
So when a user resets his password, we will check on the fly his password hash, then display that his password is associated with many hacked accounts.
Legal information
This service is provided by “ONGUARDX INC”:
Terms of use.
Privacy policy.
