內容簡介
此外掛可檢測您的其他外掛或佈景主題是否存在安全漏洞,方法是通過查閱 WPScan 漏洞數據庫中的相關詳細信息。
系統會每日執行一次掃描,當偵測到有漏洞存在的外掛或佈景主題時,會向管理員發送電子郵件通知。
請注意:自版本 2.0.0 起,需要在 WPScan 漏洞數據庫網站上註冊以獲得 API 權杖。任何安全掃描執行之前都需要此權杖。一旦獲得權杖,您可以將其添加到插件安全掃描器設置頁面中。
您還可以設置通知的 webhook,該 webhook 每天都會觸發,即使沒有發現漏洞。Webhook 是一個 POST 請求,在載荷中包含漏洞詳細內容的 JSON 對象。
您可以在「設置\一般」標籤下啟用 webhook - 請參閱插件安全掃描器設置。
此外掛還新增了名為「插件安全掃描器」的管理工具選項,點擊此選項可進行掃描。如果掃描發現任何問題,它會顯示您存在漏洞的外掛或佈景主題列表,以及問題的描述。
此外掛使用的 WPScan 漏洞數據庫 API 適用於非商業用途,但任何商業使用都需要從 WPScan 購買商業許可證。如果您僅用 API 針對自己的網站進行掃描,則無需商業許可證。但如果您是托管公司,並在所有客戶網站上系統性地安裝此插件,則需要購買商業許可證。如果您大量使用 API,那麼您可能需要購買商業許可證。如需查詢商業許可證,請聯繫 [email protected]。
圖標由Alessio Atzeni製作,來自www.flaticon.com,許可證為CC BY 3.0。
外掛標籤
開發者團隊
📦 歷史版本下載
原文外掛簡介
This plugin determines whether any of your plugins or themes have security vulnerabilities. It does this by looking up details in the WPScan Vulnerability Database.
It will run a scan once a day, and e-mail the administrator if any vulnerable plugins or themes are found.
Please note: As from version 2.0.0, you will need to register on the WPScan Vulnerability Database site in order to get an API token. This token is required before any security scans can be performed. Once you have your token, it can be added to the Plugin Security Scanner settings page.
You can also register a webhook for notifications. The webhook will trigger daily, even if no vulnerabilities found. The webhook is a post request, with JSON payload containing the vulnerabilities.
You can enable the webhook under Settings\General tab – see the Plugin Security Scanner settings.
It also adds a new menu option to the admin tools menu called “Plugin Security Scanner”. Clicking this runs a scan. If the scan finds any problems, it shows you a list of plugins or themes that have vulnerabilities, along with a description of the issue.
The WPScan Vulnerability Database API, which this plugin uses, is free for non-commercial use. However, any commercial usage will require that you purchase a commercial license from WPScan. If you are using the API for your own site then you will not need a commercial license. However, if you are a hosting company and install the plugin systematically across all of your clients sites, then you will need to purchase a commercial license. If you are making heavy use of the API, it is likely that you will need to purchase a commercial license. To enquire about a commercial license, please contact [email protected]
Icons made by Alessio Atzeni from www.flaticon.com is licensed by CC BY 3.0
