前言介紹
- 這款 WordPress 外掛「Ruigehond embed」是 2024-10-17 上架。
- 目前尚無安裝啟用數,是個很新的外掛。如有要安裝使用,建議多測試確保功能沒問題!
- 上一次更新是 2025-04-30,距離現在已有 4 天。
- 外掛最低要求 WordPress 5.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.4 以上。
- 尚未有人給過這款外掛評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
x-frame-options embed embedding iframe sameorigin |
內容簡介
總結:這個 WordPress 外掛可以嵌入網站中選定的 URL 到其他地方,同時提供安全性設定,保護網站免受攻擊,並允許第三方網站嵌入特定的網址。
1. 這個 WordPress 外掛的功能是什麼?
- 可以嵌入網站中選定的 URL 到其他地方,還提供安全性設定。
2. 如何確保安全性?
- 默認情況下禁止其他嵌入,可設定 X-Frame-Options 標頭及選擇性啟用 Content Security Policy 標頭。
- 允許第三方網站嵌入特定網址,防止易受攻擊的網站。
3. 如何快速設定?
- 激活外掛,進入設置 -> Ruigehond embed,添加參考信息和 URL,保存設置。
- 在嵌入欄位添加 Slug,指定該網址應該服務的內容,同時在文本區域添加允許嵌入的 URL。
4. 如何進行嵌入?
- 在衛星網站上安裝外掛並使用簡單的短代碼生成嵌入內容的 iframe。
- 除非嵌入者在白名單上,否則也可使用常規 iframe 進行嵌入。
- 外掛和短代碼將自動調整 iframe 的高度以適應內容。
5. 如何管理安全性設定?
- 可以在外掛中開啟 Content Security Policy(CSP)標頭,是最現代的解決這些問題的方式。
- 請確認其他外掛是否會干擾,檢查 CSP 標頭是否符合實際需要。
- 外掛將在無 CSP 標頭時添加,但如已存在,必須包含 frame-ancestors 指令以使外掛正常運作。
原文外掛簡介
Plugin to embed selected urls from your site elsewhere.
Security
Other embedding will be prohibited by default, with an X-Frame-Options header and, optionally, a Content Security Policy header.
This will secure your WordPress website from a number of fairly easy attacks.
To make this plugin especially useful you can now allow (third party) websites to embed specific urls from your site.
Easily reuse forms or other content from your main site on satellite sites you own, without opening up any of them to attack.
Quick setup
Activate the plugin and go to Settings -> Ruigehond embed.
Add a reference (e.g. general-contact-form) in the title field and save the settings.
Add a slug it should serve (e.g. /contact-clean/) in the embed field.
Add urls that may embed this, aka referrers, (e.g. https://my-satellite.site) in the textarea.
Embedding
Install the plugin on your satellite site. This has the added benefit of locking down that site as well.
Use the simple shortcode on that site to generate an iframe with the embedded content:
[ruigehond-embed src=”https://my-main.site/ruigehond_embed/general-contact-form”]
Watch the form magically and safely be embedded. Other sites will continue to not be able to embed your content.
You can also embed using a regular iframe in html, as long as the referrer is whitelisted.
However, by using the plugin and shortcode, the height of the iframe will automatically be adjusted to fit the content.
Use htaccess
This plugin adds lines (clearly marked) at the beginning of your htaccess file.
They need not be at the beginning, but they need to be before the WordPress lines, or any other lines that corrupt the THE_REQUEST var.
This plugin needs mod_headers, mod_rewrite and mod_setenvif to be activated, but they probably already are.
Without htaccess
When the htaccess is not processed, the plugin itself works directly with the request in the php processor.
The CSP header is not supported in that case.
Also, other plugins (especially caching plugins) may already have decided on a different route and this plugin might not work.
Content Security Policy
You can switch on the Content Security Policy (or CSP) header in this plugin, which is the most modern way to tackle these issues.
However, other plugins may interfere, so be sure to check whether the CSP header is to your liking in practice.
This plugin will add a CSP header if none is present yet.
But if one is present, the frame-ancestors directive must be present in it for this plugin to work.
It will only set the frame-ancestors directive, none of the others (to not break your site).
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Ruigehond embed」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
延伸相關外掛(你可能也想知道)
暫無相關外掛推薦。