內容簡介
總結:Ultimate Security 是一款 WordPress 外掛,旨在增強您網站的安全性,提供易於使用的界面來強制實施密碼最小長度要求、要求特定字符類型(如大寫字母、小寫字母、數字和特殊字符)、管理密碼生命週期(設定密碼過期時間等),以及提供定製的錯誤消息和即時密碼驗證。通过 WooCommerce 的專用設置面板,灵活配置政策設置。該 WooCommerce 密碼政策能夠提升您商店的安全性,確保客戶使用強大且最新的密碼。
問題與答案:
1. 如何啟用外掛?
- 導航到 WooCommerce > Settings > Password Policy。
- 啟用密碼策略強制執行。
2. 如何設置密碼要求?
- 設置最小密碼長度,並選擇要強制執行的字符要求,包括大寫字母、小寫字母、數字和特殊字符。
3. 如何管理密碼生命周期?
- 配置密碼生命周期設置,包括設置密碼過期(例如,90 天)和啟用防止密碼重複使用。
4. 如何自定義錯誤消息和調整即時驗證選項?
- 自定義錯誤消息,並根據需要調整即時驗證選項。
5. 如何獲取支持?
- 請訪問 WordPress.org 支援論壇。
6. 如何貢獻?
- 歡迎貢獻!隨時 fork 存儲庫並提交拉取請求。有關指南,請參閱 WordPress.org 的貢獻者文檔。
7. 這個外掛的授權?
- 這個外掛是根據 GPL-2.0+ 許可進行許可 - 詳細信息請查看許可文件。
外掛標籤
開發者團隊
② 後台搜尋「Ultimate Security – Login Protection, 2FA, Anti-Spam CAPTCHA, Brute-Force & Security Tools」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
WORDPRESS SECURITY PLUGIN — PROTECTION WITHOUT THE COMPLEXITY
Automated bots probe WordPress logins and forms around the clock. Ultimate Security shuts that down — with two-factor authentication, brute-force lockouts, anti-spam CAPTCHA, a hidden login URL, session controls, and security maintenance tools — all from a clean dashboard you do not need to be a security expert to run.
🛡️ Lightweight. Privacy-first. No bloat.
Why Ultimate Security?
It just works. Sensible defaults out of the box — turn it on, you are safer in minutes.
Built for real attacks. Stops the automated login, brute-force and spam traffic that actually hits WordPress sites.
Zero learning curve. Plain-English settings, a Test Mode to preview rules before they go live.
Privacy-respecting. No tracking, no data collection. Pro features are clearly labelled.
🔐 Login & Two-Factor Authentication
Two-Factor Authentication (2FA) — Email one-time codes and authenticator apps via TOTP/HOTP.
Per-user 2FA with role-based configuration options — Let users enable 2FA and configure which roles should use email or app-based 2FA.
Brute-force login lockout — Limit failed attempts, auto-lock offenders, auto-reset retries, block specific users, and keep a recovery URL for emergencies.
Custom login URL — Hide wp-admin / wp-login.php behind a secret address so bots cannot find it.
Strong password policies — Enforce length, complexity, expiry and password history.
Session control — Limit concurrent logins per user and harden auth cookies.
🤖 Bot & Brute-Force Protection
Anti-spam CAPTCHA — Google reCAPTCHA v2/v3 and Cloudflare Turnstile.
Form coverage — Protect WordPress login, registration and lost-password forms; Turnstile also supports comment forms; WooCommerce login/register forms are supported when enabled.
No-conflict mode — Plays nicely alongside other CAPTCHA setups.
🧱 Security Maintenance & Controls
Rotate WordPress security keys / salts on demand.
Use the Update Manager to control WordPress core, plugin and theme update behavior.
Connect Cloudflare and deploy configurable WAF rule groups from the dashboard.
Review a basic Security Score with prioritized security checks.
Advanced hardening toggles, API privacy filtering and scheduled salt rotation are available in Pro.
📊 Monitoring & Tools
Login Activity snapshot — Review recent successful and failed login activity from the dashboard.
Basic Security Score — See a scored security posture based on enabled protections.
Site Health snapshot — WordPress/PHP versions, memory, active plugins and theme at a glance.
Test Mode — Simulate security rules and review what would have been blocked before enforcing.
Settings backup & restore — Export/import your configuration as JSON for migrations or disaster recovery.
👉 Check Out »
External Services
This plugin connects to the following third-party services, and only when you explicitly enable the related feature:
Google reCAPTCHA
When: reCAPTCHA CAPTCHA protection is enabled.
Data sent: the visitor’s reCAPTCHA response token and your site secret key.
Endpoint: https://www.google.com/recaptcha/api/siteverify
Terms: https://policies.google.com/terms — Privacy: https://policies.google.com/privacy
Cloudflare Turnstile
When: Cloudflare Turnstile CAPTCHA protection is enabled.
Data sent: the visitor’s Turnstile response token and your site secret key.
Endpoint: https://challenges.cloudflare.com/turnstile/v0/siteverify
Terms: https://www.cloudflare.com/website-terms/ — Privacy: https://www.cloudflare.com/privacypolicy/
WordPress.org Secret-Key (Salt) API
When: you request rotation of WordPress security keys/salts.
Data sent: a request for randomly generated salt strings (no site or user data).
Endpoint: https://api.wordpress.org/secret-key/1.1/salt/
Privacy: https://wordpress.org/about/privacy/
WordPress.org Core Version Check
When: the Update Manager checks for available WordPress core updates.
Data sent: a standard WordPress core version-check request (no user data).
Endpoint: https://api.wordpress.org/core/version-check/1.7/
Privacy: https://wordpress.org/about/privacy/
Cloudflare API
When: you connect Cloudflare or deploy/view WAF rules.
Data sent: Cloudflare credentials/token, selected zone/rule data, and Cloudflare API requests needed for verification, deployment and analytics.
Endpoint: https://api.cloudflare.com/client/v4/
Terms: https://www.cloudflare.com/website-terms/ — Privacy: https://www.cloudflare.com/privacypolicy/
