外掛標籤
開發者團隊
② 後台搜尋「Steel Security & Hardening – Site Audit Tools」→ 直接安裝(推薦)
原文外掛簡介
Steel Security & Hardening – Site Audit Tools focuses on practical security hygiene for WordPress administrators.
The free plugin provides:
on-demand security scans
risk summaries grouped by severity and category
checks for common WordPress hardening gaps
checks for exposed root-level artifacts such as .env, SQL dumps, phpinfo files, and backup archives
a quarantine vault for operator-reviewed file isolation
uploads PHP execution blocking on supported server environments
manual guidance when automatic server hardening is not safely supported
This plugin is positioned as an auditing and hardening tool. It helps surface risk and apply selected preventive controls, but it does not promise malware removal, incident response, or complete server protection.
Included checks
The scan currently looks for items such as:
PHP error display exposure
WP_DEBUG and debug.log exposure
XML-RPC availability
author and REST user enumeration exposure
theme/plugin file editor availability
WordPress generator meta output
comments enabled by default
uploads PHP execution hardening status
root-level sensitive files and archives
Server-aware behavior
This plugin only auto-applies server config changes where it can do so in a scoped and reversible way.
Apache and LiteSpeed: uploads PHP blocking is managed through a Steel Security-marked .htaccess block
IIS: uploads PHP blocking is managed through a Steel Security-marked web.config section
Nginx and unsupported environments: Steel Security provides manual guidance instead of claiming automatic protection
Pro companion
This plugin can work with a separate Pro companion plugin that adds features such as scheduled scans, scan history, reports, and managed server-level controls such as directory listing protection and baseline security headers. The free plugin remains usable on its own.
