前言介紹
- 這款 WordPress 外掛「Web Application Firewall – website security」是 2020-04-14 上架。 目前已經下架不再更新,不建議安裝使用。
- 目前有 300 個安裝啟用數。
- 上一次更新是 2022-10-31,距離現在已有 915 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
- 外掛最低要求 WordPress 4.6 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.3.0 以上。
- 有 4 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
cyberlord92 | miniorangesecurity |
外掛標籤
firewall | IP-blocking | IP whitelisting | country blocking | Firewall Security |
內容簡介
網路安全應用程式中的防火牆是一個監視和過濾進出網路流量(IP 地址)的網路安全應用程式。防火牆就像是一道屏障,位於私人內部網路和公共網際網路之間。
功能豐富、易於使用、穩定、安全且得到良好支援的 WordPress 防火牆安全外掛程式
防火牆可透過檢查漏洞以及實施和執行最新的 WordPress 安全實務和技術來降低風險。我們的安全和防火牆規則分為「基本」和「進階」兩類。這樣您可以漸進式地應用防火牆規則,而不會破壞您站點的功能。
使用防火牆安全外掛程式,管理員可以輕鬆地阻止國家和 IP。防火牆可保護您的網站免受不必要的流量和惡意機器人攻擊。該防火牆可保護您的網站免受不同類型的攻擊,並在您的網站上提供安全層。
符合 GDPR 的要求。
Web 應用程式防火牆 (WAF) 的作用是什麼?
WAF/防火牆跟蹤進入您的網站/網路應用程式的 HTTP 流量。基本上,它監視所有進入您的網站/網路應用程式的請求。如果 WAF 覺得進入的請求可疑,例如進入的請求可能會對您的資料庫進行某些更改,或者未經授權的人員/黑客可能能夠存取您的網路應用程式,WAF 會阻止這些請求,從而使您的網站免於受到不必要的攻擊。基本上,WAF 會過濾和封鎖可疑或不必要的進出一個網路應用程式的 HTTP 流量。
下列是由 miniorange 防火牆安全外掛程式提供的安全和防火牆功能清單:
使用者登入安全
登入鎖定功能可保護免於「暴力破解登入攻擊」。使用特定 IP 地址或範圍的使用者會在依據配置設定的一段時間內被系統鎖定,您也可以選擇收到電子郵件通知,每當某人因登入嘗試失敗而被鎖定時。
作為管理員,您可以查看易於閱讀和瀏覽的表格中所有被鎖定的使用者的清單,並透過點選按鈕為單獨或批次 IP 地址取消封鎖。
監視/查看登入失敗的嘗試,包括使用者的 IP 地址、使用者 ID/帳號名稱,以及失敗登入嘗試的日期和時間。
追蹤記錄每個使用者帳戶的使用者名稱、IP 地址、登入日期/時間和登出日期/時間,以監視/查看其帳戶活動。
可以將一個或多個 IP 地址加入到白名單中。
將 Google reCaptcha 新增到 WP 登入表單和忘記密碼表單。
檔案系統安全
識別設定不安全權限的檔案或目錄,並將權限更改為建議的安全值。
透過停用檔案編輯並防止人們存取您的 WordPress 網站的 readme.html、license.txt 和 wp-config.php 檔案,保護您的 PHP 代碼。
htaccess 和 wp-config.php 檔案備份和還原
輕鬆備份您的原始 .htaccess 和 wp-config.php 檔案,以防需要使用它們來還原損壞的功能,您也可以修改目前的/.htaccess 或 wp-config.php 檔案內容。
黑名單功能
使用者可以通過使用萬用字元指定其使用者代理或 IP 位址來阻止使用者。
防火牆功能
此外掛程式可輕鬆地提供大量的防火牆保護。
原文外掛簡介
A firewall security is a network security application that monitors and filters incoming and outgoing network traffic (IP Address). A firewall security, is a barrier that sits between a private internal network and the public Internet.
FEATURE-RICH, EASY TO USE, STABLE, SECURE AND WELL SUPPORTED WORDPRESS FIREWALL SECURITY PLUGIN
Firewall reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
Our security and firewall rules are categorized into “essential(basic)” and “advanced”. This way you can apply the firewall rules progressively without breaking your site’s functionality.
Easy way to block country and to block IP. Using firewall security plugin admin can protect the website from unwanted traffic, and bad bots. The firewall protects your website from different kinds of attacks. And provides a security layer on your website.
GDPR Compliant
What does a Web Application Firewall (WAF) exactly do?
A WAF/firewall keeps a track of the HTTP traffic that comes to your website/web application. Basically, it monitors all the requests that are coming to your web application/website. If the WAF feels that the incoming requests are suspicious i.e. if the incoming request can harm your website (eg. the request may contain some code that can make some changes to your database or an unauthorized person/hacker would be able to gain access to your web application) WAF blocks those requests and prevents your website from unwanted attacks. Basically WAF filters and blocks suspicious or unwanted HTTP traffic to and from a web application.
The following is a list of the security and firewall features provided by miniorange firewall security plugin:
User Login Security
The login locked out protects against “Brute Force Login Attacks.” Users with a specific IP address or range will be locked out of the system for a predetermined period of time-based on the configuration settings, and you can also opt to be notified via email whenever someone is locked out due to too many login attempts.
As the administrator, you can view a list of all locked out users in an easily readable and navigable table, as well as unblock individual or bulk IP addresses with the click of a button.
Monitor/view failed login attempts, which include the user’s IP address, User ID/Username, and the date and time of the failed login attempt.
Keep track of the username, IP address, login date/time, and logout date/time for all user accounts on your system to monitor/view their account activity.
Allows you to add one or more IP addresses to a whitelist.
Add Google reCaptcha to your WP Login form and forget password form.
File System Security
Identify files or folders with insecure permission settings and, change the permissions to the recommended secure values.
Protect your PHP code by disabling file editing and prevent people from accessing the readme.html, license.txt, and wp-config.php files of your WordPress site.
htaccess and wp-config.php File Backup and Restore
Easily backup your original .htaccess and wp-config.php files in case you need to use them to restore broken functionality and also you can modify the contents of the current htaccess or wp-config.php file.
Blacklist Functionality
Users can be blocked by specifying their user agents or IP addresses by using a wildcard to specify IP ranges.
Firewall Functionality
This plugin makes it simple to add a lot of firewall protection to your site via the htaccess file. Your web server processes a htaccess file before loading any other code on your site.
Access control facility.
Instantly activate a selection of firewall settings ranging from basic, intermediate, and advanced.
Deny bad or malicious query strings.
Protect against Cross-Site Scripting and more.
Brute force login attack prevention
This firewall feature will prevent all login attempts from humans and bots. It is possible to hide the admin login page. Change the URL of your WordPress login page so that bots and hackers cannot access your actual WordPress login URL. You can use this feature to change the default login page (wp-login.php) to something you specify.
Security Scanner
If any files in your WordPress system have changed, the file change detection scanner will notify you. You can then investigate to see if the change was legitimate or if malicious code was injected.
Comment SPAM Security
Monitor the most active IP addresses which persistently produce the most SPAM comments using google reCaptcha and instantly block them with the click of a button.
Regular updates and additions of new security features
WordPress security is a living thing that changes over time. Our Firewall Security will regularly update with new security features, so you can be confident that your site will be up to the mark of security protection techniques.
FREE Plugin Feature
Plugin Level Waf: IPs blocked by admin will be blocked on WordPress site load. It is less secure than htaccess level WAF.
Rate Limiting: It helps to prevent DoS attacks on your site. You can set hit/min for each IP.
** SQL Attack Detection and Blocking:** Cyber attacks and suspicious activities will be detected and access to the site for that IP will be blocked.
htaccess and wp-config.php File Backup and Restore
Easily backup your original .htaccess and wp-config.php files in case you will need to use them to restore broken functionality.
Modify the contents of the currently active .htaccess or wp-config.php files from the admin dashboard with only a few clicks
Email Notification: Admin can get a notification on email for any suspicious activity detected on site.
Report: Admin can see the login failed/success, attacks report in the report.
reCaptcha Protection Google services are used to provide ReCaptcha protection.
Premium Plugin Feature
htaccess Level WAF: IPs blocked by admin will be blocked on the server only. These IPs won’t able to access the site.
Real-Time IP Blocking: This firewall feature protects your site from those IPs which are marked as spam by miniOrange WAF.
Rate Limiting for Crawler: Web crawler crawls your Website to increase your ranking in the search engine. But sometimes they can make so many requests to the server that the service can get damaged. By enabling this feature you can provide a limit at which a crawler can visit your site.
Advance Blocking: You can block particular country, IP range, Single IP, browser, and HTTP referrers from gaining access to your site.
Fake Web Crawler Protection: Web Crawlers are used for scanning the Website and indexing it. Google, Bing, etc. are the top crawlers that increase your site’s indexing in the search engine. There are several fake crawlers that can damage your site.
Whitelist Crawler: You can whitelist the top crawler which increases the indexing of your website in the search engine. By enabling this feature the whitelisted crawler will not get throttled/blocked by rate-limiting.
BotNet Protection: BotNet is a network of robots or an army of robots. The BotNet is used for Distributed denial of service attacks. The attacker sends too many requests from multiple IPs to a service so that the legitimate traffic can not get the service.
Remote File Inclusion Protection: It protects from adding files from a remote server to your server.
Remote Code Execution Protection: It Protects from executing malicious commands on your server.
Bot Detection detect bots with malicious intent and stop them from accessing and affecting your site.
Live Monitoring and Auditing Tracking activity all the requests realtime can help you check activities on your sites on important events
Plugin Support
If you have a question or problem with the Web Application Firewall Security plugin, post it on the support forum and we will help you.
Customized solutions and Active support are available. Email us at [email protected] or call us at +1 9786589387.
Check the following page for F.A.Q (see the FAQ section):
https://security.miniorange.com/
Privacy Policy
This firewall security plugin may collect IP addresses for security reasons such as mitigating brute force login threats and malicious activity, the collected information is stored on your server. No information is transmitted to third parties or remote server locations via firewall security.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「Web Application Firewall – website security」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0.0 | 1.0.1 | 1.0.2 | 1.0.3 | 1.0.4 | 1.1.0 | 1.1.1 | 2.0.0 | 2.1.0 | 2.1.1 | trunk |
延伸相關外掛(你可能也想知道)
Advanced Country Blocker 》總結:Advanced Country Blocker 外掛能夠透過依據訪客的地理位置(國家)或IP位址來限制存取,進而幫助您加強 WordPress 網站的安全性。提供多項功能,包括自...。
NoHackMe Defender 》總結:NoHackMe Defender 外掛透過封鎖 IP 地址來確保您的 WordPress 網站的安全性,當收到可疑請求時或單一 IP 在特定時期內發送太多請求時。外掛提供完善的...。
Authorize by IP 》Authorize by IP 是一款 WordPress 外掛,可根據訪客的 IP 授權訪問現有網站後的 WordPress 網站。在開發新 WordPress 網站時,此外掛尤其有用,可允許客戶查...。
SyntaxHub-SecureLog 》SyntaxHub-SecureLogは、WordPressサイトのセキュリティを強化するためのプラグインです。, 主な機能:, , ログイン試行の記録, 指定回数以上の失敗でIPアド...。
Your Web Shield 》, , , , 外掛介紹:
,這款名為「Your Web Shield」的外掛可以封鎖高風險IP並...。
Access Guard 》總結: Access Guard是一個全面的WordPress外掛程式,可以增強訪問保護、控制使用者權限並提供IP禁止功能。使用Access Guard,您可以保護網站免受惡意使用者的...。
GEO Security Suite 》WP GEO Website Protection 是一個安全性外掛,可以限制來自不需要的國家或 IP 位址的訪問。, 此外掛允許您限制網站內容的訪問。您可以啟用或禁止來自某些國...。