前言介紹
- 這款 WordPress 外掛「WordPress Security Plugin – WordShield」是 2025-01-07 上架。
- 目前尚無安裝啟用數,是個很新的外掛。如有要安裝使用,建議多測試確保功能沒問題!
- 上一次更新是 2025-01-23,距離現在已有 99 天。
- 外掛最低要求 WordPress 5.0 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 7.2 以上。
- 有 1 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
security | Brute Force | disable xml-rpc |
內容簡介
### 總結:
WordShield Security 是一個全面的 WordPress 安全外掛,能保護您的網站免受最常見的漏洞和網路攻擊威脅。
### 問題與答案:
- **為什麼需要為 WordPress 安裝安全外掛?**
- 如果您在線上,您就容易受到網路攻擊和威脅。因為 WordPress 是當今最主流的 CMS,不法份子總是尋找機會來利用 WordPress 驅動的網站。
- **WordShield Security 與其他安全外掛有何不同之處?**
- 我們意識到每個 WordPress 外掛都會對網站產生一定程度的負擔和影響效能。所以我們以極大的謹慎設計了這個 WordPress 安全外掛,重點功能如下:
- WordShield 安全性絕無多餘內容。
- 這個 WordPress 安全外掛不是聲稱能做所有事的萬能刀。
- 我們專注處理最常見的漏洞。
- WordShield 安全外掛輕量又超快速。在內部測試中僅增加了一毫秒的執行時間。
- 它遵循 WordPress 最佳實踐,不會修改任何核心檔。
- WordShield 安全外掛不會觸及您的 .htaccess 檔案。以失效安全方式保護您的網站。
- **WordShield Security 的功能有哪些?**
- 您可以透過啟用這個 WordPress 安全外掛,管理以下 WordPress 資產的安全性方面:
- 關閉 XML-RPC
- 隱藏 Generator 標籤
- 停用 PHP 編輯
- **WordShield Security 有哪些即將推出的功能?**
- 包含但不限於以下功能:
- 限制登入次數
- 添加安全標頭
- 更改預設登入網址
- 禁用主題更改
- 使用者名稱審核
- 實施密碼政策
- 停止使用者列舉
- 支援多站點
- 封鎖 IP
- 防止程式碼執行
- 備份和還原
- 日誌、通知等
- **WordShield Security 有哪些支援與維護服務?**
- 這個外掛受到良好支援,並且已確保與每次 WordPress 更新具有相容性。
原文外掛簡介
A lightweight WordPress security plugin to prevent brute force attacks and disable XML-RPC.
What can you do with WordShield?
Brute Force Protection
Disable XML-RPC API exploits
Change default Login URL –Planned
Add Security Headers –Planned
Content Protection –Planned
Login Security –Planned
Hide Generator Tags
Disable PHP Editing
Future Roadmap
Stop user enumerations.
Request rate throttler.
Prevent comment spam.
IP Ban.
Prevent code execution.
2FA
Backup & Restore.
Support for multisite.
Logs, Notifications, and more!
Note:
The current version of the WordShield Security plugin does not work in a multisite environment.
Advantages of WordShield Security Plugin
Lean Code— Unlike most other Security Plugins, WordShield focuses on the core functionalities and has zero bloat.
Ultrafast— This lightweight plugin adds negligible overhead to your website. Each new release is tested for performance before making it available for general use.
It added only 0.004 seconds of execution time in our internal performance profiling tests.*
Failsafe— This WordPress security plugin does not modify any core file. It does not alter the .htaccess file as well. With easy-to-use recovery options, you can be sure that your WordPress website will never break.
Best Practices— WordShield follows WordPress best practices and respects the coding standards.
Maintenance & Support— WordShield has a planned roadmap for the future. It is well-supported and updated for compatibility with each WordPress upgrade.
How to Limit Login Attempts in WordPress?
You can limit login attempts to your WordPress website using the WordShield security plugin. You can prevent Brute Force attacks with the following steps:
Open the settings screen after installing and activating the plugin.
Navigate to the Brute Force tab on the settings screen.
Set the maximum number of invalid attempts you want to allow for each user.
Set the time (in minutes) you want to lock a user account after exceeding the maximum number of invalid attempts.
If you do not want to prevent Brute Force attacks, select 0 for both of these settings.
Save the settings.
👉 The WordShield security plugin informs the user about the remaining retries before the account becomes locked.
👉 If an account gets locked, WordShield informs the user about the time to wait before trying to log in again.
👉 You can customize the default error messages in any language by keying in the message in the 2 optional fields.
👉 Use %%MINUTES_LEFT%% to show the time in minutes in your custom message. Use %%ATTEMPTS_LEFT%% to show the number of retries left in your custom message.
How to disable XML-RPC API exploits?
XML-RPC is enabled by default in every WordPress installation. While XML-RPC is necessary for certain services and plugins like Jetpack, it can make websites vulnerable to remote code injection.
You can protect your website from the XML-RPC vulnerability as follows:
Open the settings screen after installing and activating the plugin.
Navigate to the XML-RPC tab on the settings screen.
Check the Disable XML-RPC checkbox to disable XML-RPC completely.
If you are using JetPack, you can select the Enable Jetpack access so that the Jetpack plugin continues to work seamlessly.
If you need specific IPs to access XML-RPC API, key in the comma-separated list of IPs in the Whitelisted IPs field.
Save the settings.
How to Hide the Generator tags in WordPress?
WordPress and WooCommerce generator tags let the potential attackers can easily identify the specific version of WordPress (or WooCommerce) you are using. This, in turn, exposes technical vulnerabilities thereby making your site more susceptible to hacking attempts.
You can hide the generator tags in WordPress by the following steps.
Open the settings screen after installing and activating the plugin.
Navigate to the Extras tab on the settings screen.
Select the checkbox Remove Generator tags.
Save the settings.
How to disable PHP editing?
You can disable PHP editing to prevent accidental changes in plugins and themes causing a complete system crash.
You can disable PHP editing with the following steps:
Open the settings screen after installing and activating the plugin.
Navigate to the Extras tab on the settings screen.
Select the checkbox Disable PHP editing.
Select the checkbox Disable theme change if you want to hide the Appearance menu as well.
Save the settings.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「WordPress Security Plugin – WordShield」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.0.0 | 1.0.1 | 1.0.2 | 1.1.0 | 1.1.1 | trunk |
延伸相關外掛(你可能也想知道)
Disable XML-RPC-API 》這個外掛可以保護你的網站免受 XML-RPC 的暴力攻擊、DOS 和 DDOS 攻擊,關閉 WordPress 網站上的 XML-RPC 和跟踪回應-引用。, 外掛特點, , 使用 .httacess 文...。
Disable Comments for Any Post Types (Remove comments) 》的" 外掛說明:, , Disable comments 外掛是一個透過關閉討論功能,對博客或網站進行設定的有用工具。它可以完全停用或隱藏任何文章類型、頁面或附件的評論。...。
WP Security Safe 》WP FIREWALL, , 偵測和記錄威脅, 新增防火牆規則,允許和拒絕 IP 地址並附有內部備註, 防火牆封鎖的歷史記錄和視覺化圖表, , WP LOGIN SECURITY, , 停用 XML-...。
Simple Disable XML-RPC 》總結:, Simple Disable XML-RPC是一個功能強大且使用友好的WordPress外掛程式,旨在讓網站管理員完全控制其WordPress網站的XML-RPC功能。 XML-RPC是一種功能...。
Senpai Software – Two-factor authentication (2FA) with a key file 》- 此外掛讓你可以將你電腦上的任何檔案轉換成一個唯一的 Key,以便進入管理區。- 檔案不會被下載或實際存儲在網站上。- 不會產生額外的安全風險。- 不會產生...。
BruteBank – WP Security & Firewall 》專為 WordPress 使用者設計的防止網站攻擊手機應用程式, BruteBank 是一個交互式的防火牆外掛程式,允許 WordPress 擁有者和伺服器管理員透過行動應用程式接...。