內容簡介
VulnTitan 是一款專注於 WordPress 安全的外掛,提供惡意程式掃描、漏洞檢測、檔案完整性監控、防火牆保護及反垃圾郵件控制,確保網站安全無虞。
【主要功能】
• 惡意程式掃描與移除
• 漏洞檢測及即時風險情報
• 檔案完整性監控
• 防火牆及登入保護
• 反垃圾郵件控制
• 每週安全報告
外掛標籤
開發者團隊
② 後台搜尋「VulnTitan – Malware Scanner, Vulnerability Scanner & Security」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
VulnTitan is a WordPress security plugin focused on malware scanning and removal, vulnerability detection, file integrity monitoring, firewall protection, and anti-spam controls for comments and supported forms.
Instantly scan your WordPress site for malware infections and known vulnerabilities, review detailed results, and clean or remove malware safely using a guided fix workflow with automatic backups.
VulnTitan focuses on practical protection: vulnerability detection, malware scanning and removal, file integrity monitoring, firewall protection, anti-spam defense for comments and supported forms, hidden custom login access, and a weekly executive security digest every 7 days.
Malware Scanner
The WordPress malware scanner inspects your site files for suspicious code patterns and known malicious signatures.
Detect malware infections in core, plugins, and themes
Review problematic files with contextual code preview
Safe-fix workflow with automatic backups
Clear severity indicators and actionable recommendations
Vulnerability Scanner
The vulnerability scanner checks your installed WordPress core, plugins, and themes against a real-time vulnerability database powered by the VulnTitan API.
Detect vulnerable plugins and themes
Identify outdated components with known security risks
Real-time vulnerability intelligence
Clear risk explanations and remediation guidance
File Integrity Scanner
Monitor unauthorized file changes and unexpected modifications.
Baseline comparison for WordPress files
Queue-based processing for performance safety
Visual status legends for fast review
Actionable next steps for suspicious changes
Firewall, Login, Comment & Form Protection
VulnTitan includes firewall, WAF, login protection, and anti-spam controls to block common attack patterns and protect WordPress login, comment, and supported form submission surfaces.
Early MU-plugin runtime request guards
SQL injection (SQLi) payload protection
Command injection detection
Suspicious path traversal blocking
Endpoint whitelisting controls
Login lockout protection against brute-force attacks
TOTP-based two-factor authentication for selected roles
Recovery codes and trusted-device support for enrolled accounts
CAPTCHA protection for login, registration, lost-password, and optional comment forms
XML-RPC allow, disable, or rate-limit policy controls with IP allowlisting
Weak-password blocking during profile updates, password resets, and compatible registrations
Comment Shield with honeypot, signed tokens, submit-time validation, duplicate detection, guest link limits, IP rate limiting, and moderation-aware logging
Form Shield for Contact Form 7 and Fluent Forms with honeypot, signed submit tokens, link heuristics, repeated-domain detection, and IP rate limiting
Form spam blocks are logged into the WAF/live feed with provider-aware source labels for easier review
Suspicious comments can be held for moderation or blocked immediately
REST comments can enforce signed anti-spam tokens and CAPTCHA when anonymous REST commenting is enabled elsewhere
Configurable custom login slug so administrators can use a private login URL instead of the default wp-login.php
Default wp-login.php and guest wp-admin access can be hidden behind a 404 response when custom login is enabled
Weekly executive security report email with 7-day firewall, login abuse, WAF, form spam, and comment moderation statistics
Security-First Architecture
Secure storage and cleanup of scan queues and logs
Hardened backup handling outside ABSPATH by default
Hardened malware and integrity scan actions with stricter capability checks and in-root path validation
Adaptive performance tuning for safe large-site scanning
WP-CLI Support
VulnTitan supports WP-CLI commands for malware, integrity, and vulnerability scans so administrators can run checks from the terminal, scripts, or server automation.
wp vulntitan scan malware
wp vulntitan scan integrity
wp vulntitan scan vulnerability
wp vulntitan scan all
Optional flags: --scope=plugins, --format=json, --fail-on-findings
External services
This plugin connects to an external API at https://vulntitan.com/api/vulnerabilities to fetch up-to-date vulnerability data for WordPress core, plugins, and themes. This data is essential for detecting known vulnerabilities during scan operations.
When a vulnerability scan is performed, the following data is sent to the VulnTitan API:
– The slug and version of each plugin
– The slug and version of each theme
– The WordPress core version
This data is transmitted only during scans initiated by the user or by scheduled scan settings. No personal, user-identifying, or sensitive site data is collected, transmitted, or stored.
The external service is provided and operated by VulnTitan.com.
Terms of Service: https://vulntitan.com/terms
Privacy Policy: https://vulntitan.com/privacy
