前言介紹
- 這款 WordPress 外掛「Peace Protocol」是 2025-08-11 上架。
- 目前尚無安裝啟用數,是個很新的外掛。如有要安裝使用,建議多測試確保功能沒問題!
- 上一次更新是 2025-08-27,距離現在已有 182 天。
- 外掛最低要求 WordPress 6.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
wilcosky |
外掛標籤
peace | security | federation | cryptographic | decentralized |
內容簡介
總結:Peace Protocol 外掛讓 WordPress 網站管理員可以驗證為他們的網站,並向運行相同協議和/或 indie auth 的其他 WordPress 網站發送加密簽名的「peace」消息。
1. 什麼是 Peace Protocol 外掛的主要功能?
- 允許 WordPress 網站管理員驗證其網站並發送加密簽名的「peace」消息給其他運行相同協議和/或 indie auth 的 WordPress 網站
- 提供 Peace Log Wall,可以使用 [peaceprotocol_log_wall] 短代碼顯示收到的 peace 消息
- 自動訂閱從連接的網站接收 peace feeds
- 生成、輪換和管理驗證 tokens
- 提供用於追蹤原因的用戶封禁系統
- 支援使用 IndieAuth 標準和 PKCE 的替代驗證
2. Peace Protocol 外掛的安全功能有哪些?
- 只允許 WordPress 網站管理員使用
- 網站級別驗證,管理員會以他們的網站身份進行驗證
- 不提供公開使用者註冊系統,僅在安全握手後創建聯合使用者
- 使用加密 tokens 進行驗證
- 提供有限權限的聯合使用者系統,他們只能對文章進行評論,無法訪問 WordPress 管理區域
- 安全存儲 tokens,設定授權碼在 5 分鐘後過期
原文外掛簡介
Peace Protocol enables WordPress site administrators to authenticate as their website and send cryptographically signed “peace” messages to other WordPress sites running the same protocol. This creates a decentralized network where admins can establish trust relationships, share peace, and enable cross-site interactions.
🔒 **Security-First Design**
Admin-Only Authentication
WordPress Administrators Only: This plugin is designed exclusively for WordPress site administrators
Site-Level Authentication: Admins authenticate as their website, not as individual users
No Public Registration: No public user registration system – only federated users created after secure handshakes
Cryptographic Tokens: Each site uses cryptographically secure tokens for authentication
Federated User System
Limited Permissions: Federated users can only comment on posts, no admin access
Automatic Cleanup: Federated users are removed when the plugin is uninstalled
Role-Based Security: Federated users have the federated_peer role with minimal capabilities
No Dashboard Access: Federated users cannot access WordPress admin areas
Token Security
Cryptographically Secure: Tokens are generated using WordPress’s secure password generator
Token Rotation: Support for multiple tokens with automatic rotation
Secure Storage: Tokens are stored securely in WordPress options
Expiring Authorization Codes: Authorization codes expire after 5 minutes
🌟 **Key Features**
Core Functionality
Send Peace: Send cryptographically signed peace messages to other WordPress sites
Peace Log Wall: Display received peace messages using the [peaceprotocol_log_wall] shortcode
Automatic Feed Subscription: Automatically subscribe to peace feeds from sites you connect with
Token Management: Generate, rotate, and manage authentication tokens
User Banning System: Ban problematic users with reason tracking
IndieAuth Support: Alternative authentication using the IndieAuth standard with PKCE
Federated Login System
Cross-Site Authentication: Users from remote sites can comment as their site identity
Seamless Integration: Works with existing WordPress comment systems
Secure Handshake: Only sites completing the cryptographic handshake can create federated logins
Automatic User Creation: Creates federated users automatically after successful handshake
Dual Authentication: Support for both Peace Protocol tokens and IndieAuth standard
Admin Interface
Token Management: Generate, view, and delete authentication tokens
Feed Management: View and manage subscribed peace feeds
Peace Log: View all received peace messages in the admin area
User Banning: Ban users with reason tracking and management
Settings Configuration: Configure button position and auto-insertion
Frontend Features
Peace Button: Floating peace hand button (✌️) that can be positioned anywhere
Auto-Insertion: Automatically insert the peace button on your site
Shortcode Support: Use [peaceprotocol_hand_button] to manually place the button
Responsive Design: Works on all devices and screen sizes
Dark Mode Support: Automatically adapts to user’s color scheme preference
Choice Modal: User-friendly modal to choose between Peace Protocol and IndieAuth authentication
Technical Features
REST API: Modern REST API endpoints for all functionality
AJAX Fallback: AJAX endpoints for sites with REST API disabled
CORS Support: Proper CORS headers for cross-site communication
Translation Ready: Full internationalization support with multiple languages
Custom Post Types: Uses custom post types for peace logs
IndieAuth Endpoints: Full IndieAuth specification compliance with authorization and token endpoints
PKCE Support: Proof Key for Code Exchange for enhanced security
🚀 **How It Works**
For WordPress Administrators
Install & Activate: Install the plugin and activate it on your WordPress site
Generate Tokens: Go to Settings > Peace Protocol and generate authentication tokens
Send Peace: Use the peace button to send cryptographically signed peace to other sites
Build Network: Connect with other WordPress sites and build a network of trust
Federated Login Process
Peace Protocol Authentication
User from Site A visits Site B and wants to comment
User clicks “Peace” button on Site B
User chooses “Login with Peace Protocol” from the choice modal
Site B redirects to Site A for authentication
Site A validates the user and generates an authorization code
User is redirected back to Site B with the authorization code
Site B automatically logs in the user as a federated user from Site A
User can comment on Site B as “siteacom”
IndieAuth Authentication
User from Site A visits Site B and wants to comment
User clicks “Peace” button on Site B
User chooses “Login with IndieAuth” from the choice modal
Site B discovers IndieAuth endpoints on Site A
Site B redirects to Site A’s IndieAuth authorization endpoint
Site A validates the user and generates an authorization code
User is redirected back to Site B with the authorization code
Site B exchanges the code for an access token using PKCE
Site B automatically logs in the user as a federated user from Site A
User can comment on Site B as “Logged in as siteacom”
Security Flow
Cryptographic Handshake: Sites exchange cryptographically signed tokens
Token Validation: Each peace message is validated using secure tokens
Federated User Creation: Only after successful handshake are federated users created
Limited Permissions: Federated users have minimal permissions and no admin access
Automatic Cleanup: All federated data is removed on plugin uninstall
🛡️ **Security Considerations**
What This Plugin Does NOT Do
❌ No Public User Registration: Only WordPress administrators can use this plugin (federated users are created automatically after secure handshakes)
❌ No Admin Access for Federated Users: Federated users cannot access WordPress admin
❌ No Database Access: Federated users cannot access sensitive site data
❌ No File System Access: Federated users cannot upload or modify files
❌ No Plugin/Theme Management: Federated users cannot install or modify plugins/themes
What This Plugin DOES Do
✅ Site-to-Site Authentication: WordPress admins authenticate as their website
✅ Cryptographic Verification: All peace messages are cryptographically signed
✅ Limited Federated Access: Federated users can only comment on posts
✅ Automatic Cleanup: All federated data is removed on uninstall
✅ Secure Token Management: Tokens are cryptographically secure and can be rotated
🌍 **Internationalization**
Peace Protocol is fully translation-ready and includes translations for:
– English (default)
– Spanish (es_ES)
– French (fr_FR)
– Japanese (ja)
– Chinese Simplified (zh_CN)
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Peace Protocol」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.2.4 | 1.2.5 | 1.2.6 | 1.2.7 | 1.2.8 | trunk |
延伸相關外掛(你可能也想知道)
暫無相關外掛推薦。