前言介紹
- 這款 WordPress 外掛「WP Hardening (discontinued)」是 2019-10-26 上架。
- 目前有 10000 個安裝啟用數。
- 上一次更新是 2024-09-13,距離現在已有 233 天。
- 外掛最低要求 WordPress 4.3 以上版本才可以安裝。
- 外掛要求網站主機運作至少需要 PHP 版本 5.3 以上。
- 有 19 人給過評分。
- 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。
外掛協作開發者
外掛標籤
內容簡介
WP Hardening by Astra Security 是一個工具,可實時進行網站的安全稽核,以查找缺失的安全最佳實踐。使用我們的「Security Fixer」,您也可以從 WordPress 後台進行單擊即可解決此問題。
基本的 WordPress 安全措施是一項任務,但不使用多個外掛程序實現這些措施往往會增加網站遭到破壞的風險。多個外掛程序還需要更好的維護和更新,但許多網站所有人無法遵守。WP Hardening 外掛程序可以解決這個問題以及更多問題。
WP Hardening 是實現 WordPress 網站安全建議的一站式解決方案。它易於使用,並可有效從 WordPress 後台工作。
關於 Astra
Astra Security 是 Techstars 公司和法國科技計劃的獲獎者。它是「全球網絡安全大會」最具創新性的安全公司。
Astra 的愿景是讓企業的網絡安全只需五分鐘。
Astra 對企業所有人的承諾是,如果一家企業使用 Astra,他們將是安全的,沒有任何問題。
功能
硬化稽核
WordPress 版本檢查
檢查插件是否過期
檢查 PHP 版本
檢查文件和文件夾權限
數據庫密碼強度
檢查防火牆保護
安全修復程序
管理員和 API 安全
停止用戶枚舉
更改登錄 URL
禁用 XMLRPC
禁用 WP API JSON
如果您不使用 Astra 防火牆,則禁用它可能會對您的網站產生影響,因此請確保您確實不需要它。
原文外掛簡介
WP Hardening is a tool which performs a real-time security audit of your website to find missing security best practices. Using our ‘Security Fixer’ you can also fix these with a single click from your WordPress backend.
Discontinuation Notice
IMPORTANT: This plugin is discontinued
This is to inform you that this plugin is no longer being maintained or updated. We have placed a discontinuation request with the WordPress team, and the plugin will soon be ‘closed’ for new installations.
This plugin was launched as a side project and has sadly reached the end of its journey. Thank you for your understanding and for using our plugin. We apologize for any inconvenience this may cause.
What This Means for You
No Further Updates: There will be no more updates, bug fixes, or new features.
No Support: Support for this plugin is no longer available.
We recommend that you deactivate and delete this plugin from your WordPress site as soon as possible. Please seek alternative plugins to replace the functionality provided by this plugin.
Features
Hardening Audit
WordPress Version Check
It checks if your website is on the latest version or not.
Checking Outdated Plugins
It checks if your website is running the updated plugins or not.
Checking PHP Version
WP Hardening also checks if your website is running on a secure version of PHP.
Checking File & Folder Permissions
WP Hardening also checks if your website is built on the secured version of PHP or not.
Database Password Strength
We check the strength of passwords used on your database. Not having a secured password can become an easy target for Brute-Force attacks.
Checking Firewall Protection
We’ll check if your website is being protected by a firewall or not. Firewalls leverage a great monitoring and filtering system on your website.
Security Fixers
Admin & API Security
Stop User Enumeration Hackers & bad bots can easily find usernames in WordPress by visiting URLs like yourwebsite.com/?author=1. This can significantly help them in performing larger attacks like Bruteforce & SQL injection.
Change Login URL Prevent admin password brute-forcing by changing the URL for the wp-admin login area. You can change the url only when this fixer is disabled.
Disable XMLRPC XMLRPC is often targeted by bots to perform brute force & DDoS attacks (via pingback) causing considerable stress on your server. However, there are some services which rely on xmlrpc. Be sure you definitely do not need xmlrpc before disabling it.
Disable WP API JSON Since 4.4 version, WordPress added JSON REST API which largely benefits developers. However, it’s often targeted for bruteforce attacks just like in the case of xmlrpc. If you are not using it, best is to disable it.
Disable File Editor If a hacker is able to get access to your WordPress admin, with the file editor enabled it becomes quite easy for them to add malicious code to your theme or plugins. If you are not using this, it’s best to keep the file editor disabled.
Disable WordPress Application Passwords WordPress application passwords have full permissions of the user that generated them, making it possible for an attacker to gain control of a website by tricking the site administrator into granting permission to their malicious application.
Disable Information Disclosure & Remove Meta information
Hide WordPress version number
This gives away your WordPress version number making life of a hacker simple as they’ll be able to find targeted exploits for your WordPress version. It’s best to keep this hidden, enabling the button shall do that.
Remove WordPress Meta Generator Tag
The WordPress Meta tag contains your WordPress version number which is best kept hidden
Remove WPML (WordPress Multilingual Plugin) Meta Generator Tag
This discloses the WordPress version number which is best kept hidden.
Remove Slider Revolution Meta Generator Tag
Slider revolution stays on the radar of hackers due to its popularity. An overnight hack in the version you’re using could lead your website vulnerable too. Make it difficult for hackers to exploit the vulnerabilities by disabling version number disclosure here
Remove WPBakery Page Builder Meta Generator Tag
Common page builders often are diagnosed with a vulnerability putting your website’s security at risk. With this toggle enabled, the version of these page builders will be hidden making it difficult for hackers to find if you’re using a vulnerable version.
Remove Version from Stylesheet
Many CSS files have the WordPress version number appended to their source, for cache purposes. Knowing the version number allows hackers to exploit known vulnerabilities.
Remove Version from Script
Many JS files have the WordPress version number appended to their source, for cache purposes. Knowing the version number allows hackers to exploit known vulnerabilities.
Basic Server Hardening
Hide Directory Listing of WP includes
WP-includes directory gives away a lot of information about your WordPress to hackers. Disable it by simply toggling the option to ensure you make reconnaissance of hackers difficult
Security Headers
Clickjacking Protection
Protect your WordPress Website from clickjacking with the X-Frame-Options response header. Clickjacking is an attack that tricks a user into clicking a webpage element which is invisible or disguised as another element.
XSS Protection
Add the HTTP X-XSS-Protection response header so that browsers such as Chrome, Safari, Microsoft Edge stops pages from loading when they detect reflected cross-site scripting (XSS) attacks.
Content Sniffing protection
Add the X-Content-Type-Options response header to protect against MIME sniffing vulnerabilities. Such vulnerabilities can occur when a website allows users to upload content to a website, however the user disguises a particular file type as something else. This can give them the opportunity to perform cross-site scripting and compromise the website.
HTTP only & Secure flag
Enable the HttpOnly and secure flags to make the cookies more secure. This instructs the browser to trust the cookie only by the server, which adds a layer of protection against XSS attacks.
各版本下載點
- 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
- 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「WP Hardening (discontinued)」來進行安裝。
(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。
1.1 | 1.2 | 1.1.1 | 1.1.2 | 1.2.1 | 1.2.2 | 1.2.3 | 1.2.4 | 1.2.5 | 1.2.6 | 1.2.7 | 1.2.8 | trunk |
延伸相關外掛(你可能也想知道)
Discontinued Products 》WooCommerce Discontinued Products 可啟用 WooCommerce 的停產產品。, WooCommerce Discontinued Products 需要最新版本的 WooCommerce。您可以在這裡找到最...。
Discontinued Product Stock Status for WooCommerce 》Discontinued Product Stock Status for WooCommerce 允許您在 WooCommerce 目錄中將產品標記為「已停產」,如果需要,寫入自定義訊息引導買家前往新產品或其...。
Discontinued Products for WooCommerce 》這個外掛可以讓你將 WooCommerce 庫存中的產品標記為停售狀態。。