內容簡介
SecuPlug 是 WordPress 最簡單、最快速的安全外掛。它可以禁用你所選擇的特定 XML-RPC 服務,
隱藏登入頁面 URL 並將 HTTP 流量重定向到 HTTPS。
功能:
XMLRPC
WordPress 駭客攻擊(以及垃圾評論)主要是在 XML-RPC 請求上進行的。
Secuplug 幫助你管理一些關鍵的 XML-RPC 服務。它禁用了你所選擇的特定 XML-RPC 服務。
因此,它可以使你的網站對 XML-RPC 攻擊(例如垃圾評論)進行保護,而不必禁用所有 XML-RPC 服務。
XML-RPC 全面保護(禁用所有 xml-rpc)
拒絕所有遠端請求。最常用於阻止所有遠端攻擊。
XML-RPC 登入保護
拒絕遠端登入請求。最常用於防止暴力登入嘗試。
XML-RPC PINGBACK 保護
拒絕遠端 pingback 請求。最常用於防止 DDoS 攻擊。
自我 pingback 保護
拒絕遠端自我 pingback 請求。最常用於防止 DDoS 攻擊。
SSL
如果你有 SSL 憑證,你可以啟用 SSL。但首先必須從任何 SSL 經銷商購買 SSL 憑證。
同樣地,你可以使用 Cloudflare 免費的 SSL 服務。Secuplug 強制將你的網站選定區域的 URL 重定向為 HTTPS/SSL。
此外,它透過隱藏地址和確保你的登入頁面的 SSL,增強了你的登入頁面的安全性。
啟用 HTTPS/SSL
SSL 自動加密你的關鍵信息數據。
強制 HTTPS 登入
將登入頁面協議由 HTTP 重定向為 HTTPS。
強制 HTTPS 管理頁面
將管理頁面協議由 HTTP 重定向為 HTTPS。
強制 HTTPS 前台頁面
將前台頁面協議由 HTTP 重定向為 HTTPS。
登入
更改登入錯誤
禁用預設的登入錯誤,給攻擊者留下較少的提示。
更改管理員ID
如果你的管理員ID是 1,攻擊者不難預測你的管理員ID,進而對你的網站發起簡單的 SQL 漏洞攻擊。
新的自訂登入 URL 名稱
你可以變更你的登入頁面URL名稱而不會遇到 SSL 問題。
防火牆
過濾惡意請求
有助於保護你的網站免受 XSS、CSRF、代碼注入等攻擊。
禁用 Rest API
隱藏你的敏感信息。例如,管理員用戶ID、用戶列表和它們的ID。
有關詳細信息,請訪問我們的網站SecuPlug網站。
外掛標籤
開發者團隊
② 後台搜尋「SecureFusion – Security and Firewall by Fyndsoft」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
Are you tired of bloated security plugins that slow down your website and clutter your database?
SecureFusion is designed for WordPress site administrators, developers, and agency owners who demand lightweight, robust, and performance-optimized protection. It acts as an active shield against brute-force attacks, remote XML-RPC exploits, and malicious injections, while keeping your loading speeds lightning fast.
SecureFusion helps you enforce strict Content Security Policies (CSP), hide standard administrative entry points, block automated traffic clusters, track successful/failed logins, block spam comment IPs directly, and monitor unauthorized access patterns via a clean, modern dashboard.
Features
1. Login Protection & Interactive Monitoring
Failed Login Attempts Log: Visually tracks unauthorized login attempts, displaying timestamps, IP addresses, and lockouts.
IP Range Clustering (/24 Subnets): Groups attacking IPs into standard /24 subnets. Admins can view individual subnet IPs and copy the CIDR lists to a firewall or Cloudflare blacklist.
Custom Login URL: Obfuscates wp-login.php and wp-admin access by changing it to a secret URL, stopping automated bots instantly.
Brute-Force Lockout: Restricts login attempts and locks out offending IPs.
Modify Login Errors: Alters generic authentication errors so hackers cannot verify whether they got the username or password correct.
2. Firewall & Active Guard
Filter Bad Requests: Screens URL requests to block XSS, CSRF, and code injection attempts before they reach your theme or database.
REST API Control: Restricts public endpoint scraping, preventing attackers from harvesting user lists or plugin info.
Content Security Policy (CSP): Easily configure and inject headers to control script, style, and media execution sources in the client browser.
3. XML-RPC Shield
DDoS Amplification Defense: Fully disable XML-RPC, or selectively disable pingbacks, preventing your server from participating in DDoS botnets.
XML-RPC Login Protection: Specifically blocks remote credentials verification through XML-RPC.
4. Enforced SSL / HTTPS
Secure Protocol Redirection: Forces HTTP to HTTPS redirection across admin screens, login pages, or the entire site to guarantee secure data transmission.
5. Comments IP Blocking & Bulk Shield
Individual Commenter IP Blocking: Block or unblock comment author IP addresses directly from the WordPress Comments list page.
Bulk Spam IP Blocking: Instantly block all IP addresses associated with spam comments currently in the Spam directory.
Smart CIDR Range Calculation: Option to block entire /24 IPv4 subnets or /64 IPv6 ranges of spam comments automatically based on IP distribution to stop persistent spam networks.
6. IP Spoofing Prevention & Successful Login Tracking
Successful Login Logging: Tracks successful logins to audit administrator and user access alongside failed login attempts.
IP Spoofing Prevention: Performs strict public vs. private IP checks on client headers (like HTTP_X_FORWARDED_FOR) to prevent attackers from spoofing their IP addresses when behind load balancers or proxies.
For complete information, please visit our website the SecureFusion website.
Credits
This plugin bundles and/or utilizes the following third-party libraries:
Chart.js (v4.5.1)
License: MIT
License URI: https://github.com/chartjs/Chart.js/blob/master/LICENSE.md
Source: https://www.chartjs.org
persist-admin-notices-dismissal
License: GPLv3
Source: https://github.com/collizo4sky/persist-admin-notices-dismissal
wasp
License: GPLv3
Source: https://github.com/uuur86/wasp
