內容簡介
你曾經覺得你的網站或博客登錄頁面非常脆弱且容易被入侵者破壞嗎?
個人而言,我不喜歡想象每天有數百人嘗試開啟我的門鎖數百次,我的博客登錄頁面也是如此。
在 WordPress 上,有兩個主要的 bruteforce 入侵向量:
* http://my-site.com/wp-login.php,這是登錄頁面
* http://my-site.com/xmlrpc.php,這是用於與第三方應用程序交互的 API 網關。
這個外掛程式在您的登錄頁面前增加了一個安全層,同時,如果您不需要它(XML-RPC 是一個廣泛使用的攻擊向量),您還可以通過一個簡單的複選框禁用 XML-RPC。
這個想法很簡單:您選擇一對單詞,當您想要訪問您的登錄頁面時,您只需要在網址中提供它們,就像這樣:http://my-site.com/wp-login.php?word1=word2。這就是全部!
如果您未使用這一對單詞訪問您的登錄頁面,您將收到一條可配置的錯誤消息,您可以在其中侮辱攻擊者,如您所願 😉
外掛標籤
開發者團隊
原文外掛簡介
Did you ever feel like your website or blog login page is ridiculously fragile and reachable, and could be easily broken in by an intruder?
Personally I hate to think of hundreds of people playing with my door lock hundreds of times a day. It’s the same with my blog login page.
On WordPress, there are two main potential vectors of bruteforce intrusion:
* http://my-site.com/wp-login.php, which is the login page
* http://my-site.com/xmlrpc.php, which is an API gateway for interacting with third party applications.
This plugin adds one security layer in front of your login page, and by the way you can also disable XML-RPC with a simple checkbox if you don’t need it (XML-RPC is a WIDELY used vector of attacks).
The idea is simple: you choose a pair of words, and when you want to access your login page, you just have to provide them in the URL like this: http://my-site.com/wp-login.php?word1=word2. That’s all!
If you try to access your login page without this pair of words, you get a configurable error message, where you can insult the attacker as much as you want 😉
