內容簡介
在2017年WordCamp St. Louis演講後 http://wordpress.tv/2017/03/29/paul-gilzow-access-denied-keeping-yourself-off-an-attackers-radar/,
有人問我是否能將我展示的代碼打包成外掛來供不熟悉編程的人使用。正如它的名字所示,它非常簡單。沒有任何設置。整個代碼庫包含在一個文件中,
大部分代碼長度約為20行。它完全有註釋,我鼓勵您查看代碼,而不是盲目相信它。
具體來說,此外掛:
* 刪除將請求重新導向自/ ? author =#到作者的漂亮永久鏈接的重定向
* 更改作者漂亮永久鏈接為/ ? author =#
* 更改作者訂閱源漂亮永久鏈接為/ ? author =#&feed =
* 從REST API中的用戶端點中刪除用戶端點的作者標識屬性
* 當登錄嘗試失敗時刪除過於詳細的錯誤消息
請記住:僅此外掛本身將無法保護您的網站免受破壞。但是,在多層的防禦深度安全策略中使用,它可以成為重要的保護層。
幫助和支援
請在WordPress外掛論壇上發布問題、尋求幫助,或發送電子郵件至 ssaeb@gilzow.com。請確認在主題行中包含“ssaeb”。
待辦事項
繼續添加阻止枚舉的方法。
外掛標籤
開發者團隊
② 後台搜尋「Super Simple Account Enumeration Blocker」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
After speaking at WordCamp St. Louis 2017 http://wordpress.tv/2017/03/29/paul-gilzow-access-denied-keeping-yourself-off-an-attackers-radar/,
I was asked if I could bundle the code I demo’ed in the talk into a plugin for people who aren’t as comfortable writing their
own code. As its name implies, it is super simple. There are no settings. The entire codebase is contained in one file,
and for the most part is about 20 lines of code in length. It is fully commented and I encourage you to look at the code
to see what it does instead of blindly trusting it.
Specifically, this plugin:
* removes the redirection of a request from /?author=# to an author’s pretty permalink
* changes author pretty permalinks to /?author=#
* changes author feed pretty permalinks to /?author=#&feed=
* removes author slug property from user response object for user endpoint in the REST API
* removes overly informative error message when login attempt fails
Rememer: this plugin, by itself, will not protect your site from being compromised. However, it can be an important layer of
defense when used in a multilayer, defense-in-depth security strategy.
Help and Support
Please post questions, request for help to the WordPress plugins forum or
email [email protected]. Please be sure to include ‘ssaeb’ in the
subject line.
TO-DO’s
Keep adding ways to block enumerations.
