外掛標籤
開發者團隊
原文外掛簡介
Sitevorx is a lightweight, all-in-one WordPress plugin that helps you optimize performance, harden security, and manage your website from a single, modern dashboard. No bloat, no external dependencies — just the tools you need.
Security Center (NEW in 1.1.0)
Security Score Dashboard: A single 0–100 score that summarizes the hardening state of your site, with prioritized recommendations.
Core Integrity Checker: Compares every WordPress core file against the official api.wordpress.org MD5 checksums to detect modified, missing, or extra files.
HTTP Security Headers: One-click enable X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy on the frontend.
Login Honeypot: Invisible bait field on wp-login.php that silently rejects spam bots without affecting real users.
User Enumeration Protection: Blocks ?author=N probing and the public REST /wp/v2/users endpoint for non-logged-in visitors.
Login Notification: Emails the administrator whenever an account with manage_options logs in successfully (1-hour cooldown per IP).
Login Attempt Limiter: Lock out IPs after repeated failed login attempts, with configurable threshold, lockout duration, and IP allowlist.
Secret Login URL: Hide the default wp-login.php behind a custom keyword.
Google reCAPTCHA v2 / v3: Protect the login form from bots, with a configurable v3 score threshold.
Disable XML-RPC and Disable File Editor: Block DDoS / brute-force vectors and stop code editing from the dashboard.
Speed Optimization
Heartbeat Throttle: Slows the Heartbeat API to 60 seconds instead of disabling it, preserving autosave and post-locking.
System Tweaks: Lazy load images, limit post revisions, allow safe SVG uploads (with XXE-hardened sanitizer).
Database Cleanup: Remove revisions, spam comments, and expired transients in one click.
Malware Scanner: Scan your entire codebase and database for suspicious injections.
SMTP Configuration
Send emails via Gmail (App Password) or a custom SMTP server (SSL/TLS).
Built-in Test Email sender.
Email delivery log with success/failure tracking.
Force From Name and From Email to prevent address drift.
Website Utilities
Inject tracking codes in Header/Footer (Google Analytics, Facebook Pixel, etc.).
Content Protection: Disable right-click, text selection, and drag-and-drop.
Maintenance Mode: Display a professional “under construction” page to visitors.
Custom Login Logo: Replace the WordPress logo on the login screen with your own brand.
Disk Space Manager
Recursively scan your hosting for large files (>50 MB).
Auto-categorize files (backups, error logs, large media).
Bulk delete to free up disk space instantly.
Floating Contact Buttons
Phone Hotline button with animated icon.
Zalo chat button (auto-opens Zalo app).
Messenger chat button (m.me deep link).
Fully responsive floating widget in the corner of your site.
Import / Export Settings
Export all Sitevorx settings as a JSON file.
Import settings from another site in one click.
Reset all settings to factory defaults.
Scheduled Cleanup (WP-Cron)
Automatic cleanup: daily, twice daily, or weekly.
Clears temp files, auto-drafts, spam, and optimizes database tables.
Activity log showing the last 20 cleanup runs.
Maintenance & Update Monitor
Track plugins and themes that need updating.
Check WordPress core, PHP version, SSL status, and WP_DEBUG.
Maintenance health score with actionable recommendations.
Server Info
View Web Server, PHP, MySQL, and WordPress versions at a glance.
PHP limits: memory, execution time, input vars, upload size.
List all loaded PHP extensions.
Database size monitoring.
External Services
Google reCAPTCHA (v2 and v3)
Sitevorx can optionally integrate with Google reCAPTCHA (v2 checkbox or v3 invisible / score-based) to protect the WordPress login form. This feature is disabled by default and only works when an administrator explicitly enables it, selects a version, and provides valid Google-issued API keys.
When enabled, the plugin loads the Google reCAPTCHA JavaScript on the login screen and sends the generated verification token to Google’s verification endpoint (https://www.google.com/recaptcha/api/siteverify) during login validation. For v3, the configurable score threshold (filter sitevorx_recaptcha_v3_score_threshold, default 0.5) is compared against Google’s returned score.
This service is provided by Google:
* Service URL: https://www.google.com/recaptcha/
* Verification endpoint: https://www.google.com/recaptcha/api/siteverify
* Terms of Service: https://policies.google.com/terms
* Privacy Policy: https://policies.google.com/privacy
WordPress.org Core Checksums API
The Security Center → Kiểm Tra Toàn Diện → WordPress Core Integrity check (off by default; runs only when the admin clicks “Kiểm tra”) fetches the official MD5 checksums for the installed WordPress version from WordPress.org so it can flag modified or missing core files.
Verification endpoint: https://api.wordpress.org/core/checksums/1.0/
Request payload: only the installed WordPress version string (e.g. 6.4.2) and the locale en_US. No site URL, user data, or content is sent.
Operated by: WordPress.org
Terms of Service: https://wordpress.org/about/privacy/
Highlights
All-in-one: Replaces 5-7 single-purpose plugins (SMTP, Security, Optimization, Cleanup, Maintenance).
Modern UI: Gradient banners, collapsible sidebar, toast notifications, fully responsive.
Secure by design: Nonce verification, input sanitization, CSRF protection, prepared database queries.
Lightweight: Modular architecture — only loads what you use. Zero frontend impact. No Composer or NPM required.
Localized: Full Vietnamese (vi) translation included via .po/.mo files.
