[WordPress] 外掛分享： WordSentinel

內容簡介

總結: WordSentinel WordPress 外掛強化您的網站安全性，可設定 HTTP 安全標頭，並提供兩個知名服務的安全評分：Mozilla Observatory 及 Qualys SSL Labs。

1. 這個 WordPress 外掛的作用是什麼？
- 增強您的 WordPress 網站安全性，設定可配置的 HTTP 安全標頭並提供安全評分。

2. WordSentinel 外掛可連接到哪些外部服務？
- WordSentinel 外掛可連接到 Mozilla Observatory 和 Qualys SSL Labs 進行分析。

3. 使用 Qualys SSL Labs 服務的目的是什麼？
- 這個服務用來分析網站的 SSL/TLS 配置。

4. 使用 Mozilla Observatory 服務的目的是什麼？
- 這個服務用於分析給定網站的安全標頭。

5. 外掛支援哪些語言？
- 英語（默認）、法語、德語、意大利語、西班牙語和巴西葡萄牙語。

外掛標籤

開發者團隊

原文外掛簡介

The WordSentinel plugin by Nexsol Technologies Sàrl enhances your WordPress website’s security by automatically applying and managing HTTP security headers — including Content Security Policy (CSP) — while providing live security analysis powered by Mozilla Observatory.
Unlike simple header managers, WordSentinel actively helps you understand, measure, and improve your site’s protection.
It provides clear dashboards, actionable insights, and real-time grading so you can reinforce your headers with confidence — no deep technical knowledge required.
What WordSentinel Does
WordSentinel helps protect your WordPress website against common web vulnerabilities such as:
– Cross-Site Scripting (XSS)
– Clickjacking attacks
– Content injection and mixed content issues
– Insecure resource loading (scripts, iframes, styles)
It does so by implementing a complete and configurable set of browser-level security headers, giving you granular control over each directive.
In addition, it connects securely to Mozilla Observatory to scan your site and assign a security grade (A+ to F), helping you benchmark your configuration and understand what needs improvement.
Key Features

Comprehensive HTTP Header Management
Easily configure headers such as:

Content Security Policy (CSP)
Strict-Transport-Security (HSTS)
X-Frame-Options
Referrer-Policy
X-Content-Type-Options
Permissions-Policy

Real-Time Security Analysis
Instantly scan your site via Mozilla Observatory and get a visual security grade.
The plugin automatically handles rate limits with built-in cooldown protection.

Advanced CSP Management
Create, test, and refine your CSP rules dynamically.
WordSentinel now supports automatic hash generation for inline scripts and styles, improving both flexibility and security.

Smart License and Subscription System
The free version covers essential headers and analysis.
Premium users unlock advanced CSP tools, automatic reports, and custom integrations.
Licenses are securely validated through Nexsol’s API and cached locally for 24 hours.

Optimized for Local and Production Environments
Automatically detects if you are running on localhost and disables API calls for safe testing.

Performance and Privacy First
WordSentinel is lightweight, privacy-respecting, and runs entirely within WordPress.
No telemetry, analytics, or tracking are ever collected.

Multilingual and Accessible Interface
Translated into six languages with an adaptive design inspired by Mozilla’s clean security aesthetic.

Why Choose WordSentinel?

Easy setup — no coding skills required
Combines security headers and observatory analysis in one plugin
Works seamlessly with most WordPress security and caching plugins
Developed and maintained by Nexsol Technologies, a Swiss-based IT company
Transparent, privacy-respecting, and GPL-licensed

WordSentinel merges modern web security standards with a simple and intuitive configuration experience — making it a must-have for both developers and site owners who care about protection and compliance.
External Services and API Usage
WordSentinel securely connects to a small number of external APIs to perform license validation and site analysis:

Mozilla Observatory API – Used to analyze your website’s HTTP headers and generate a public security grade.
Data sent: only your site’s public URL.
Service: https://observatory.mozilla.org/api/

Nexsol License Validation API – Used to verify premium licenses and maintain secure feature access.
Data sent: license key only.
Service: https://api.nexsol-tech.ch/wordsentinel/licenses

Nexsol Public Key API – Used to securely retrieve the public keys required for validating license signatures.
Data sent: none.
Service: https://api.nexsol-tech.ch/wordsentinel/certs

All requests are transmitted securely via HTTPS.
WordSentinel never sends personal information, usage analytics, or tracking data of any kind.
Languages Supported

English (default)
Français (fr_FR)
Deutsch (de_DE)
Italiano (it_IT)
Español (es_ES)
Português Brasileiro (pt_BR)

License
This plugin is licensed under the GPLv2 or later.
See the GPLv2 License for details: https://www.gnu.org/licenses/gpl-2.0.html
Support
For documentation, updates, and premium features, visit https://nexsol-tech.ch/wordsentinel

延伸相關外掛

Cloudflare這個外掛可以為您做些什麼 自動平台優化 (APO) 使用 Cloudfl...SSL Insecure Content Fixer清理您的 WordPress 網站的 HTTPS 不安全內容和混合內容警告...Easy HTTPS Redirection (SSL)僅在您的網站安裝 SSL 憑證和 HTTPS 正常運作時使用此外掛 安...Flexible SSL for CloudFlare點擊查看完整的安裝指南。 在 WordPress 上使用 CloudFlare® ...WP Force SSL & HTTPS SSL RedirectWP Force SSL可以幫助你將不安全的HTTP流量重定向到安全的HTT...WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect, Security & SSL ScanWP Encryption 外掛可輕鬆為您的 WordPress 網站提供免費的 S...Easy SSL Plugin for SAKURA Rental Server此外掛是專為使用 Sakura 租用伺服器的客戶所設計的。若您在 ...WordPress Force HTTPS強制整個站點都使用 HTTPS。 如有任何錯誤或功能需求，請至下...SSL Zen — SSL Certificate Installer & HTTPS Redirects使用免費 Let’s Encrypt SSL 憑證，保護您的網站。全球...One Click SSL這是一個簡單易用的 WordPress SSL 外掛程式，可將所有非 SSL...SSL Mixed Content Fix在你的免費測試網站上試用：點擊這裡 => https://tastewp....Cloudflare SSL by WeslinkCloudFlare 無法簡單地使用 SSL，需要進行微小的修改，以避免...WP Free SSL – Free SSL Certificate for WordPress and force HTTPS在幾分鐘內為 WordPress 獲取免費的 SSL 憑證 您經營電子商務...Simple HTTPS Redirect此外掛會強制將您的網站導向 https 協議，保障您的網站安全性...WP SSL RedirectWP SSL Redirect 外掛會透過從 HTTP 位置到 HTTPS 位置的 301...