內容簡介
### 總結:
WordShield Security 是一個全面的 WordPress 安全外掛,能保護您的網站免受最常見的漏洞和網路攻擊威脅。
### 問題與答案:
- **為什麼需要為 WordPress 安裝安全外掛?**
- 如果您在線上,您就容易受到網路攻擊和威脅。因為 WordPress 是當今最主流的 CMS,不法份子總是尋找機會來利用 WordPress 驅動的網站。
- **WordShield Security 與其他安全外掛有何不同之處?**
- 我們意識到每個 WordPress 外掛都會對網站產生一定程度的負擔和影響效能。所以我們以極大的謹慎設計了這個 WordPress 安全外掛,重點功能如下:
- WordShield 安全性絕無多餘內容。
- 這個 WordPress 安全外掛不是聲稱能做所有事的萬能刀。
- 我們專注處理最常見的漏洞。
- WordShield 安全外掛輕量又超快速。在內部測試中僅增加了一毫秒的執行時間。
- 它遵循 WordPress 最佳實踐,不會修改任何核心檔。
- WordShield 安全外掛不會觸及您的 .htaccess 檔案。以失效安全方式保護您的網站。
- **WordShield Security 的功能有哪些?**
- 您可以透過啟用這個 WordPress 安全外掛,管理以下 WordPress 資產的安全性方面:
- 關閉 XML-RPC
- 隱藏 Generator 標籤
- 停用 PHP 編輯
- **WordShield Security 有哪些即將推出的功能?**
- 包含但不限於以下功能:
- 限制登入次數
- 添加安全標頭
- 更改預設登入網址
- 禁用主題更改
- 使用者名稱審核
- 實施密碼政策
- 停止使用者列舉
- 支援多站點
- 封鎖 IP
- 防止程式碼執行
- 備份和還原
- 日誌、通知等
- **WordShield Security 有哪些支援與維護服務?**
- 這個外掛受到良好支援,並且已確保與每次 WordPress 更新具有相容性。
外掛標籤
開發者團隊
② 後台搜尋「WordPress Security Plugin – WordShield」→ 直接安裝(推薦)
原文外掛簡介
A lightweight WordPress security plugin to prevent brute force attacks and disable XML-RPC.
What can you do with WordShield?
Brute Force Protection
Disable XML-RPC API exploits
Change default Login URL –Planned
Add Security Headers –Planned
Content Protection –Planned
Login Security –Planned
Hide Generator Tags
Disable PHP Editing
Future Roadmap
Stop user enumerations.
Request rate throttler.
Prevent comment spam.
IP Ban.
Prevent code execution.
2FA
Backup & Restore.
Support for multisite.
Logs, Notifications, and more!
Note:
The current version of the WordShield Security plugin does not work in a multisite environment.
Advantages of WordShield Security Plugin
Lean Code— Unlike most other Security Plugins, WordShield focuses on the core functionalities and has zero bloat.
Ultrafast— This lightweight plugin adds negligible overhead to your website. Each new release is tested for performance before making it available for general use.
It added only 0.004 seconds of execution time in our internal performance profiling tests.*
Failsafe— This WordPress security plugin does not modify any core file. It does not alter the .htaccess file as well. With easy-to-use recovery options, you can be sure that your WordPress website will never break.
Best Practices— WordShield follows WordPress best practices and respects the coding standards.
Maintenance & Support— WordShield has a planned roadmap for the future. It is well-supported and updated for compatibility with each WordPress upgrade.
How to Limit Login Attempts in WordPress?
You can limit login attempts to your WordPress website using the WordShield security plugin. You can prevent Brute Force attacks with the following steps:
Open the settings screen after installing and activating the plugin.
Navigate to the Brute Force tab on the settings screen.
Set the maximum number of invalid attempts you want to allow for each user.
Set the time (in minutes) you want to lock a user account after exceeding the maximum number of invalid attempts.
If you do not want to prevent Brute Force attacks, select 0 for both of these settings.
Save the settings.
👉 The WordShield security plugin informs the user about the remaining retries before the account becomes locked.
👉 If an account gets locked, WordShield informs the user about the time to wait before trying to log in again.
👉 You can customize the default error messages in any language by keying in the message in the 2 optional fields.
👉 Use %%MINUTES_LEFT%% to show the time in minutes in your custom message. Use %%ATTEMPTS_LEFT%% to show the number of retries left in your custom message.
How to disable XML-RPC API exploits?
XML-RPC is enabled by default in every WordPress installation. While XML-RPC is necessary for certain services and plugins like Jetpack, it can make websites vulnerable to remote code injection.
You can protect your website from the XML-RPC vulnerability as follows:
Open the settings screen after installing and activating the plugin.
Navigate to the XML-RPC tab on the settings screen.
Check the Disable XML-RPC checkbox to disable XML-RPC completely.
If you are using JetPack, you can select the Enable Jetpack access so that the Jetpack plugin continues to work seamlessly.
If you need specific IPs to access XML-RPC API, key in the comma-separated list of IPs in the Whitelisted IPs field.
Save the settings.
How to Hide the Generator tags in WordPress?
WordPress and WooCommerce generator tags let the potential attackers can easily identify the specific version of WordPress (or WooCommerce) you are using. This, in turn, exposes technical vulnerabilities thereby making your site more susceptible to hacking attempts.
You can hide the generator tags in WordPress by the following steps.
Open the settings screen after installing and activating the plugin.
Navigate to the Extras tab on the settings screen.
Select the checkbox Remove Generator tags.
Save the settings.
How to disable PHP editing?
You can disable PHP editing to prevent accidental changes in plugins and themes causing a complete system crash.
You can disable PHP editing with the following steps:
Open the settings screen after installing and activating the plugin.
Navigate to the Extras tab on the settings screen.
Select the checkbox Disable PHP editing.
Select the checkbox Disable theme change if you want to hide the Appearance menu as well.
Save the settings.
