[WordPress] 外掛分享: VaultShift

首頁外掛目錄 › VaultShift
WordPress 外掛 VaultShift 的封面圖片
全新外掛
安裝啟用
尚無評分
24 天前
最後更新
問題解決
WordPress 5.8+ PHP 7.4+ v1.1.0 上架:2026-06-22

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.1.0) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「VaultShift」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

VaultShift hardens your WordPress site with a unified security dashboard, real-time threat monitoring, and tools that run locally on your server. Every core module is included and works out of the box after you activate your Free or Cloud key from myapps.wontonee.com.
Optional VaultShift Cloud services (signature sync, IP reputation, cloud spam scoring) stay off by default until you enable them under Settings.
Malware & file integrity scanner

Full-site file scans in the background — no need to keep a browser tab open
Daily or weekly scheduled scans, plus on-demand manual scans
WordPress core checksum verification against the official release
Quarantine suspicious files instead of deleting immediately
Security score and scan history on the dashboard
Automatic scan triggers when attacks are detected

Web Application Firewall (WAF)

Runs as a must-use plugin before WordPress loads, blocking threats early
Learning, active, and paranoid modes
Built-in rule sets plus optional cloud rule updates (when Cloud is enabled)
Block and allow lists, rate limiting, and WAF event logging
Geo-blocking by country and optional VPN/proxy blocking

Login protection

Brute-force lockout after failed attempts
Optional custom login URL to hide wp-login.php
Google reCAPTCHA v3 when you add your own site keys
Two-factor authentication (TOTP) for administrator accounts

WordPress hardening

One-click checklist: disable file editor, limit REST user enumeration, security headers, and more
Sensible defaults with per-toggle control
WordPress Site Health tests for scan freshness, WAF status, and backup directory

Activity log

Tamper-evident log of logins, file changes, plugin updates, and security events
Filterable admin view and REST API access
Helps with audits and incident response

Spam protection

Honeypot, heuristics, and scoring for comments and registration
Optional cloud spam check when VaultShift Cloud is enabled
Integrations for common form plugins

Backup & restore

Create compressed backups of your database and wp-content
Scheduled or manual backups with retention controls
Restore from backup history with progress tracking

VaultShift Cloud (optional)
Enable Cloud services under Settings when you want enhanced protection backed by VaultShift servers:

Up-to-date malware signatures
IP reputation and VPN/proxy detection
Cloud-based spam scoring

Remote calls are opt-in only — nothing is sent until you turn Cloud on.
Free vs Cloud keys
VaultShift requires a cloud key to activate (Free or Cloud tier). Keys tie your site to myapps for plan validation. All local security features remain on your server; Cloud keys unlock optional remote services when you choose to enable them.
External services
This plugin may connect to external services when configured or when you opt in.
VaultShift Cloud
Optional malware signature updates, IP reputation checks, VPN/proxy detection, and cloud-based spam scoring when Cloud services is enabled under Settings.
Sends visitor IP addresses, comment metadata/content (when cloud spam check is enabled), and site identification data when those features run.
Service: VaultShift Cloud API at https://myapps.wontonee.com/v1
Terms of use: https://wontonee.com/terms/
Privacy policy: https://wontonee.com/privacy/
myapps cloud keys (VaultShift activation)
Used when you activate a Free or Cloud key during setup or under Settings.
Sends your cloud key and site domain to register and validate your plan.
Service: https://myapps.wontonee.com/api/vaultshift
Terms of use: https://wontonee.com/terms/
Privacy policy: https://wontonee.com/privacy/
Google reCAPTCHA
Used when you enter reCAPTCHA v3 site and secret keys under Login Protection.
Sends the visitor IP address and reCAPTCHA token to Google for verification when someone logs in or registers.
Terms of use: https://policies.google.com/terms
Privacy policy: https://policies.google.com/privacy
ipapi.co
Used for country-based geo-blocking when you configure blocked country codes under Firewall.
Sends the visitor IP address when determining country code.
Terms of use: https://ipapi.co/terms/
Privacy policy: https://ipapi.co/privacy/
WordPress.org API
Used during malware scans to verify WordPress core file checksums against the official release.
Sends WordPress version and locale.
Terms of use: https://wordpress.org/about/gpl/
Privacy policy: https://wordpress.org/about/privacy/

延伸相關外掛

文章
Filter
Apply Filters
Mastodon