前言介紹
- 這款 WordPress 外掛「SeaSP Community Edition」是 2020-08-17 上架。
- 目前有 20 個安裝啟用數。
- 上一次更新是 2021-07-19,距離現在已有 1384 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
- 外掛最低要求 WordPress 5.1 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.0 以上。
- 有 3 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
csp | security | http-headers | content security policy |
內容簡介
SeaSP社群版是一個自動化的內容安全性政策管理器。SeaSP允許您為您的網站創建、配置、管理和部署內容安全政策。
WordPress SeaSP社群版外掛會記錄出現在您網站上的域名。對域名進行分類和過濾。添加一層WordPress安全性,以保護您的WordPress網站免受Magecart等跨站腳本攻擊。
SeaSP安裝一個嚴格的非阻塞CSP來收集違規數據並提供違規報告。違規數據流入WordPress數據庫,作為外掛程式選項模式中的PHP選項。違規可以根據指令(CSS、字體、圖像、JS等)按域名和類別進行批准。您還可以批准基本域和子域。SeaSP UI通過解釋每個指令的作用以及如何使用它們來創建CSP來幫助用戶。
在配置域名和指令設置之後切換CSP到阻止模式。一旦CSP進入阻止模式,該網站就受到任何無法識別的代碼的保護。SeaSP社群版可以幫助您保護網站安全。
僅適用於1.4版本的升級注意事項
安裝此版本時,您需要重建您的CSP
用法
安裝後,在您的網站上實施了一個嚴格的非阻塞報告CSP。訪問您網站的每個頁面以收集CSP違規行為。
訪問外掛的當前違規頁面以審查違反CSP的指令的域名。
仔細查看每個域名,檢查常見域名的拼寫錯誤,例如adobee.com而不是adobe.com,這是黑客將內容注入您的網站的常見方法。
如果您相信該域名屬於您的網站並且應該提供所述的文件類型,請單擊切換以批准該域名,以將其包括在CSP中。
如果您想允許該域名的子域名能夠提供該類型的內容,請單擊管理子域名按鈕以查看子域名。
完成此過程後,您仍可能看到關於內嵌腳本、內嵌樣式、BLOB或數據的CSP違規行為。
要在社群版中允許這些類型的內容,您必須導航到指令設置頁面,找到有問題的指令,然後切換適當的選項。
出於方便,每個選項都有一個工具提示,解釋它允許在您的CSP中使用的內容。
操作指南
關於操作指南的視頻可以在YouTube上找到這裡。
貢獻
歡迎使用請求。對於重大更改,請先打開一個問題,以討論您想要進行的更改。
此專案已在單個和多站點實例上測試了WordPress至5.8版本。
該專案可以在github上找到。
該專案由Blue Triangle贊助。
第三方庫
我們使用Bootstrap作為我們外掛的UI,以使介面潔淨簡單。
Bootstraps許可證可以在這裡找到
我們使用bootstrap toggle,因為簡單的勾選框可能會令人困惑,我們希望我們的CSP管理員UI感覺簡單。此代碼由Min Hur為紐約時報開發,根據MIT許可證進行了許可
許可證
原文外掛簡介
SeaSP Community Edition is an automated Content Security Policy Manager. SeaSP allows you to create, configure, manage, and deploy a Content Security Policy for your site.
The WordPress SeaSP Community Edition plugin catalogs the domains that appear on your site. Categorize and filter out unwanted domains. Add a layer of WordPress security site from Magecart and other cross-site scripting attacks to keep your WordPress site safe.
SeaSP installs a strict non-blocking CSP to collect violation data and provide a violation report. Violation data flows into the WordPress database as a PHP option within the plugin options schema. Violations can be approved by domains and categorized by directives (CSS, fonts, images, JS, etc.). You can also approve base domains and subdomains. The SeaSP UI helps users by explaining what each directive does, and how to use them to create a CSP.
After configuring the domain and directive settings switch the CSP to blocking mode. Once the CSP goes into blocking mode, the site’s protected from any unrecognized code. SeaSP Community Edition helps secure your site.
Upgrade Notice for 1.4 only
When you install this version you will need to rebuild your CSP
Usage
Once installed, a strict non-blocking report-only CSP is implemented on your site. Visit each page of your site to collect CSP violations.
Visit the Current Violations page of the plugin to review domains that have violated a directive in the CSP.
Review each of the domains carefully and check for misspellings of common domains like adobee.com instead of adobe.com as this is a common way hackers inject content into your site.
If you feel confident that the domain belongs on your site and it should be serving the file type stated, click the toggle to approve the domain to include it in the CSP.
If you want to allow subdomains of that domain to be able to serve that type of content, click the Manage subdomains button to view the subdomains.
After this process, you might still see CSP violations regarding inline scripts, inline styles, blobs, or data.
To allow these this type of content in the community version you must navigate to the Directive Settings page, find the offending directive, then toggle the appropriate option.
For convenience, each option has a tooltip explaining what it allows in your CSP.
Walk Through
A walk through video can be found on YouTube here.
Contributing
Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.
This project has been tested on WordPress up to version 5.8 on both single and multi-site instances.
The project can be found on github.
This project is sponsored by Blue Triangle.
Third Party Libraries
We use Bootstrap for the UI of our plugin to make the interface clean and simple.
Bootstraps license can be found here
We use bootstrap toggle because simple check boxes can be confusing and we wanted our CSP mangers UI to feel easy. This code was developed for The New York Times by Min Hur and is licensed under MIT
License
GNU
Opt In usage data collection
As of version 1.5 users will be able to opt-in for data collection to help us determine how many people are using our plugin and what features we should be working on in future version. This can be managed in the Usage Data Settings page. We collect and send the following data:
1. wordpress version
2. wordpress debug mode
3. wordpress multisite
4. the base url that the plugin is on ex; www.bluetriangle.com
This data is only accessible to the Blue Triangle organization and will be used to determine our user base and feature planning.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「SeaSP Community Edition」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0 | 1.1 | 1.2 | 1.3 | 1.4 | 1.5 | 1.8 | 2.0 | 1.4.1 | 1.4.2 | 1.5.1 | 1.5.2 | 1.8.1 | 1.8.2 | 1.8.3 | trunk |
延伸相關外掛(你可能也想知道)
Wordfence Security – Firewall, Malware Scan, and Login Security 》fective way to manage multiple WordPress sites with Wordfence installed from a single location., Monitor security status across all your sites from...。
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 》le Plugins include Complianz GDPR, Disable Updates Manager, and Really Simple CAPTCHA., , Really Simple SSL是一個外掛,自動配置你的網站最大程度上使...。
Jetpack – WP Security, Backup, Speed, & Growth 》search engines, and grow your traffic with Jetpack. It’s the ultimate toolkit for WordPress professionals and beginners alike., , Customize and des...。
Hostinger Tools 》- Hostinger Onboarding WordPress Plugin 简化和加快了WordPress网站的设置过程。, - 提供了简便和快速的方式来建立WordPress网站。。
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall 》Limit Login Attempts Reloaded 是一款WordPress外掛,可阻止暴力破解攻擊並透過限制常規登錄、XMLRPC、Woocommerce和自訂登錄頁面的登錄嘗試次數來優化您的...。
ManageWP Worker 》, Want to clone or migrate your WordPress website to a new host or domain? No problem! With ManageWP, you can easily clone or migrate your website ...。
Security Optimizer – The All-In-One Protection Plugin 》透過精心挑選且易於配置的功能,SiteGround Security 外掛提供了您所需的一切來保護您的網站並預防多種威脅,例如暴力破解攻擊、登錄錯誤、資料外洩等等。, ...。
Safe SVG 》Safe SVG 可以讓你安心地在 WordPress 中上傳 SVG 檔案!, 它能夠讓你允許上傳 SVG 檔案的同時,確保它們已經經過消毒以防止 SVG/XML 弱點影響你的網站。此外...。
Loginizer 》Loginizer 是一個 WordPress 外掛,可幫助您對抗暴力攻擊,當 IP 地址達到最大重試次數時,該外掛會阻止其登錄。您可以使用 Loginizer 將 IP 地址列入黑名單...。
All-In-One Security (AIOS) – Security and Firewall 》vated to your website, All-in-One Security's WAF will detect and block hacking attempts, adding an extra layer of security to your WordPress site. ...。
Solid Security – Password, Two Factor Authentication, and Brute Force Protection 》ing iThemes Security Plugin can benefit you:, 保護您的 WordPress 網站的最佳外掛程式, 平均每天有 30,000 個網站遭受駭客攻擊,在網路上每 39 秒就會有一...。
User Role Editor 》「User Role Editor」WordPress 外掛讓您輕鬆更改使用者角色和權限。, 只需打開您希望新增到所選角色的能力核取方塊,然後按「更新」按鈕以保存您的更改。完...。
Sucuri Security – Auditing, Malware Scanner and Security Hardening 》Sucuri Inc. 是全球公認的網站安全權威,專門為 WordPress 安全提供專業知識。, Sucuri Security WordPress 擴充套件對所有 WordPress 使用者免費提供。它是...。
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites 》這是一個針對「MainWP Dashboard」的子外掛程式,可將您的 WordPress 網站連接至 MainWP Dashboard。, MainWP是一個完整的 WordPress 管理解決方案,是自助...。
SiteGuard WP Plugin 》版本: 1.6.7, , 您可以在日文網頁和英文網頁上找到文件、常見問題和更詳細的資訊。 , 安裝SiteGuard WP Plugin後,WordPress安全性會得到提高。, 本外掛是一...。