前言介紹
- 這款 WordPress 外掛「Security Optimizer – The All-In-One Protection Plugin」是 2021-05-30 上架。
- 目前有 1000000 個安裝啟用數。
- 上一次更新是 2025-04-15,距離現在已有 17 天。
- 外掛最低要求 WordPress 4.7 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.0 以上。
- 有 143 人給過評分。
- 論壇上目前有 5 個提問,問題解答率 80% ,不低,算是個很有心解決問題的開發者團隊了!
外掛協作開發者
sstoqnov | hristo-sg | siteground | ignatggeorgiev | stoyangeorgiev | elenachavdarova |
外掛標籤
login | firewall | security | malware scanner | web application firewall |
內容簡介
透過精心挑選且易於配置的功能,SiteGround Security 外掛提供了您所需的一切來保護您的網站並預防多種威脅,例如暴力破解攻擊、登錄錯誤、資料外洩等等。
登錄設定
在這裡,您可以使用我們開發的工具來保護您的登錄頁面免受未獲授權的訪客、機器人和其他惡意行為的影響。
自訂登錄網址
更改預設登錄網址以防止攻擊並擁有易於記憶的登錄網址。如果您的網站啟用了預設註冊網址,您還可以更改它。
重要!
您可以使用以下程式碼片段恢復為預設登錄類型。
add_action( 'init', 'remove_custom_login_url' );
function remove_custom_login_url() {
update_option( 'sg_security_login_type', 'default' );
}
登錄存取
登錄存取允許您將登錄頁面的訪問權限限制為特定IP或IP範圍,以防止惡意登錄嘗試或暴力破解攻擊。
重要!
如果您自己被鎖在管理面板外,您可以將以下選項添加到主題的 function.php 中,重新載入網站,然後在取得訪問權限後刪除它。請注意,這也會刪除允許訪問登錄頁面的所有IP地址,需要重新配置:
add_action( 'init', 'remove_login_access_data' );
function remove_login_access_data() {
update_option( 'sg_login_access', array() );
}
雙重認證
針對管理員用戶的雙重認證,將強制所有管理員在登錄時提供從 Google 身分驗證應用程式產生的令牌。
重要!
您也可以強制其他角色使用雙因素身份驗證。啟用後,您可以添加您的篩選器如下:
add_filter( 'sg_security_2fa_roles', 'add_user_roles_to_2fa' );
function add_user_roles_to_2fa( $roles ) {
$roles[] = 'your_role';
return $roles;
}
您可以透過 wp-config.php 檔案中定義的 SGS_ENCRYPTION_KEY_FILE_PATH 常數,更改 2FA 加密金鑰檔案的位置。請務必使用檔案的完整路徑。例如:
// 自訂 SG Security 加密金鑰檔案的位置。
define ( 'SGS_ENCRYPTION_KEY_FILE_PATH', '/home/fullpathtofile/sgs_encrypt_key.php');
停用常見使用者名稱
使用常見的使用者名稱,例如「admin」,會造成安全威脅,通常會導致未獲授權的訪問。啟用此選項後,我們會停用常見的使用者名稱,如果您已經有一個或多個使用弱使用者名稱的使用者,我們會要求您提供新的使用者名稱。
限制登錄嘗試次數
使用「限制登錄嘗試次數」功能,您可以指定使用者可以嘗試使用錯誤的憑證登錄的次數。如果使用者達到特定限制,來源 IP 地址將被封鎖一小時,如果他們繼續失敗的嘗試,他們將在24小時後受到限制。
重要!
如果您自己被鎖在管理面板外,您可以將以下選項添加到主題的 function.php 中,重新載入網站,然後在取得訪問權限後刪除它。請注意,這將刪除所有IP地址的限制,以防止未成功的登錄嘗試:
add_action( 'init', 'remove_unsuccessfull_attempts_block' );
function remove_unsuccessfull_attempts_block() {
update_option( 'sg_security_unsuccessful_login', array() );
原文外掛簡介
Bulletproof your website security in a few clicks against a range of security breaches, including brute-force attacks, malware threats and bots, with our free WordPress security plugin – Security Optimizer.
Proactively monitor your site’s security to detect any suspicious activity and take immediate actions to protect your site and prevent further damage with these essential features:
Enable 2FA (Two-Factor Authentication) for an extra layer of website security
Set Limit Login Attempts to deter malicious login attempts and brute-force attacks
Change your default login URL to Custom Login URL to avoid attacks
Activate Advanced XSS Protection to fortify your website against malicious attacks
Lock and Protect System Folders to ensure no unauthorized or malicious scripts can be executed in your system folders
Disable Themes & Plugins Editor to safeguard your website from unauthorized access via the WordPress editor
Hide WordPress Version effortlessly, keeping it hidden from prying eyes
Use Activity Log to monitor your site and quickly prevent malicious actions
Post-Hack Actions to take immediate actions and prevent further damages
Developed by the website security experts at SiteGround and trusted by over 900,000 webmasters for its robust security shield and ease of use to safeguard WordPress applications from possible attacks on any hosting platform.
AWARDS:
Monster Awards 2022: Best WordPress Security Plugin 🥇
Monster Awards 2021: Best WordPress Security Plugin 🥇
Plugin Video
Plugin Tutorial
Unveil the vast array of features and unleash the full potential of our security plugin in our Security Optimizer Tutorial.
SITE PROTECTION FEATURES
Safeguard your WordPress application using our powerful site security toolset. Our comprehensive features are specifically designed to strengthen your website’s defenses against malware, exploits, and various malicious activities. With these tools at your disposal, you can ensure the utmost bot, malware and brute force protection for your website:
Lock and Protect System Folders
Ensure the maximum security for your application’s system folders by preventing the execution of any unauthorized or malicious scripts. The Lock and Protect System Folders feature acts as a powerful shield against potential threats.
Hide WordPress Version
Protect your website from mass attacks by hiding the WordPress version, which helps to mitigate version-specific vulnerabilities.
Disable Themes & Plugins Editor
Enhance the security of your WordPress admin area by disabling the Themes & Plugins Editor, preventing potential coding errors and unauthorized access through the editor.
Disable XML-RPC
Mitigate potential security risks by disabling the XML-RPC protocol, which has been exploited in various attacks. Please note that disabling XML-RPC will restrict WordPress from communicating with third-party systems. We recommend enabling this feature unless you have a specific need for it.
Disable RSS and ATOM Feeds
Prevent content scraping and specific attacks on your site by disabling RSS and ATOM feeds. Unless you have readers accessing your site via RSS readers, it is recommended to keep this feature enabled.
Advanced XSS Protection
Add an extra layer of website security against cross-site scripting (XSS) attacks by enabling Advanced XSS Protection, bolstering the overall security of your website.
Delete Default Readme.html
Eliminate potential vulnerabilities by deleting the default readme.txt file, which contains information about your website. By removing this file, you reduce the risk of your site being listed in vulnerable sites targeted by hackers.
Login Security
Custom Login Url
Personalize your login URL to thwart potential attacks and create a strong entry point. Bid farewell to the default login URL and embrace a bespoke path of your choosing. Additionally, you have the freedom to modify the default sign-up URL as well.
Login Access
Restrict login page access to specific IP addresses or IP ranges, effectively thwarting malicious login attempts and deterring brute force attacks.
2FA (Two-Factor Authentication)
Immerse your website in an impenetrable shield of security with 2FA. This formidable feature demands that all admin users furnish a unique token, generated exclusively through the Google Authentication application, during the login process.
Disable Common Usernames
Don’t fall victim to predictable security breaches! The use of common usernames, such as ‘admin,’ poses a significant threat to the integrity of your website. Activate this option to disable the creation of common usernames. If any weak usernames already exist, we’ll prompt you to provide new, stronger alternatives.
Limit Login Attempts
Maintain control over unauthorized access attempts with Limit Login Attempts. Set a specific threshold for the number of login failures users can endure before consequences arise. After reaching the limit, the IP address associated with the unsuccessful login attempts will be blocked for one hour. Persistent failures will result in longer restrictions, starting with 24 hours and escalating to a week.
ACTIVITY MONITORING
Monitor your website and login page for unauthorized visitors and brute force attempts to prevent malicious actions
Activity Log
The Activity Log page provides you with a comprehensive view of the activities performed by registered, unknown, and blocked visitors. It allows you to closely monitor any suspicious behavior and take appropriate actions in case of a compromised user, plugin, or hacking attempt. You can leverage the quick tools available to swiftly block future attempts.
Weekly Security Reports
Receive a weekly traffic summary for your website directly to your inbox. This Weekly Security Report compiles data on both bot and human traffic, along with details about blocked login and visit attempts to proactively monitor traffic and promptly identify suspicious activity.
POST-HACK ACTIONS
Take immediate measures to protect your website if you suspect a compromise and prevent further damage. Here, you’ll find convenient solutions to address the situation effectively:
Reinstall All Free Plugins
In the event of a hack, utilizing the Reinstall All Free Plugins feature can help mitigate potential harm. This action reinstalls all of your free plugins, reducing the likelihood of additional exploits or the reuse of malicious code.
Log Out All Users
To prevent any further unauthorized activities by users or attackers, you can choose to log out all users instantly using the Log Out All Users feature.
Force Password Reset
By enforcing a password reset, you can ensure that all users are prompted to change their passwords during their next login. This not only strengthens the security of their accounts but also immediately logs out all currently logged-in users.
Requirements
WordPress 4.7
PHP 7.0
Working .htaccess file
Data Collection
Collection of technical data is optional and is listed here. This data is collected only for technical analysis, improvements and the possibility to contact the plugin user in case urgent issues need to be fixed (for example a critical security release that needs to be communicated to site owners). The plugin user can manage their preferences within the WP admin to control the collection of technical data. We advise opting in for this data collection, as it can enhance the plugin’s performance. You may find more information on data collection in our Plugins Privacy Notice.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Security Optimizer – The All-In-One Protection Plugin」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.5.2 | 1.5.3 | 1.5.4 | 1.5.5 | 1.5.6 | 1.5.7 | trunk |
延伸相關外掛(你可能也想知道)
Wordfence Security – Firewall, Malware Scan, and Login Security 》fective way to manage multiple WordPress sites with Wordfence installed from a single location., Monitor security status across all your sites from...。
Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) 》le Plugins include Complianz GDPR, Disable Updates Manager, and Really Simple CAPTCHA., , Really Simple SSL是一個外掛,自動配置你的網站最大程度上使...。
Jetpack – WP Security, Backup, Speed, & Growth 》search engines, and grow your traffic with Jetpack. It’s the ultimate toolkit for WordPress professionals and beginners alike., , Customize and des...。
Hostinger Tools 》- Hostinger Onboarding WordPress Plugin 简化和加快了WordPress网站的设置过程。, - 提供了简便和快速的方式来建立WordPress网站。。
Limit Login Attempts Reloaded – Login Security, Brute Force Protection, Firewall 》Limit Login Attempts Reloaded 是一款WordPress外掛,可阻止暴力破解攻擊並透過限制常規登錄、XMLRPC、Woocommerce和自訂登錄頁面的登錄嘗試次數來優化您的...。
ManageWP Worker 》, Want to clone or migrate your WordPress website to a new host or domain? No problem! With ManageWP, you can easily clone or migrate your website ...。
Safe SVG 》Safe SVG 可以讓你安心地在 WordPress 中上傳 SVG 檔案!, 它能夠讓你允許上傳 SVG 檔案的同時,確保它們已經經過消毒以防止 SVG/XML 弱點影響你的網站。此外...。
Loginizer 》Loginizer 是一個 WordPress 外掛,可幫助您對抗暴力攻擊,當 IP 地址達到最大重試次數時,該外掛會阻止其登錄。您可以使用 Loginizer 將 IP 地址列入黑名單...。
All-In-One Security (AIOS) – Security and Firewall 》vated to your website, All-in-One Security's WAF will detect and block hacking attempts, adding an extra layer of security to your WordPress site. ...。
Solid Security – Password, Two Factor Authentication, and Brute Force Protection 》ing iThemes Security Plugin can benefit you:, 保護您的 WordPress 網站的最佳外掛程式, 平均每天有 30,000 個網站遭受駭客攻擊,在網路上每 39 秒就會有一...。
User Role Editor 》「User Role Editor」WordPress 外掛讓您輕鬆更改使用者角色和權限。, 只需打開您希望新增到所選角色的能力核取方塊,然後按「更新」按鈕以保存您的更改。完...。
Sucuri Security – Auditing, Malware Scanner and Security Hardening 》Sucuri Inc. 是全球公認的網站安全權威,專門為 WordPress 安全提供專業知識。, Sucuri Security WordPress 擴充套件對所有 WordPress 使用者免費提供。它是...。
MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites 》這是一個針對「MainWP Dashboard」的子外掛程式,可將您的 WordPress 網站連接至 MainWP Dashboard。, MainWP是一個完整的 WordPress 管理解決方案,是自助...。
SiteGuard WP Plugin 》版本: 1.6.7, , 您可以在日文網頁和英文網頁上找到文件、常見問題和更詳細的資訊。 , 安裝SiteGuard WP Plugin後,WordPress安全性會得到提高。, 本外掛是一...。
Limit Login Attempts 》此外掛可限制正常登入及使用驗證 cookies 登入的次數。, WordPress 預設允許使用者無限次數嘗試登入,無論是透過登入頁面或是傳送特殊 cookies 皆可。這讓密...。