[WordPress] 外掛分享: WordPress Security – Firewall, Malware Scanner, Secure Login and Backup

WordPress 外掛 WordPress Security – Firewall, Malware Scanner, Secure Login and Backup 的封面圖片。

前言介紹

  • 這款 WordPress 外掛「WordPress Security – Firewall, Malware Scanner, Secure Login and Backup」是 2016-02-23 上架。 目前已經下架不再更新,不建議安裝使用。
  • 目前有 700 個安裝啟用數。
  • 上一次更新是 2022-10-31,距離現在已有 920 天。超過一年沒更新,安裝要確認版本是否可用。以及後續維護問題!
  • 外掛最低要求 WordPress 2.0.2 以上版本才可以安裝。
  • 外掛要求網站主機運作至少需要 PHP 版本 5.3 以上。
  • 有 12 人給過評分。
  • 還沒有人在論壇上發問,可能目前使用數不多,還沒有什麼大問題。

外掛協作開發者

miniorange | cyberlord92 |

外掛標籤

firewall | security | Brute Force | malware scanner | limit login attempts |

內容簡介

WORDPRESS 最受歡迎的防火牆和安全掃描器

Wp security pro 包含專門為 WordPress 創建的恶意軟件掃描器和終端防火牆。為了保障您的網站安全,我們的威脅防禦資料提供最新的防火牆規則、恶意程式簽名和危險 IP 地址。Wp security pro 是最完整的 WordPress 安全解決方案,還包括二次驗證和各種額外功能。

功能特色

完整的網路安全套件,保護 WordPress 免受攻擊
網路應用防火牆(WAF):保護您的網站
OWASP 前十名防護
登入保護:防止垃圾郵件和登入攻擊
恶意軟件掃描器:檢測病毒、惡意程式和木馬
備份:使用本地和雲端儲存的加密備份
限制登入嘗試,防止密碼猜測
即時全球 IP 封鎖
限制請求速率:保護資源免受安全漏洞的利用
爬蟲偵測和阻擋
封鎖 IP 和攻擊
阻止國家和瀏覽器
防止暴力破解密碼攻擊
使用驗證碼偵測機器人
Google reCAPTCHA
登入表單保護
註冊表單保護
與不同外掛整合 - Woo commerce、BuddyPress、ultimate member、以及其他
報告
審計日誌

網路應用防火牆

WordPress 專用防火牆,可阻擋 WordPress 網站上的惡意流量。
阻止攻擊,防止訪問
SQL 注入防護
XSS 攻擊
遠程文件包含(RFI)
本地文件包含
安全速率限制 - 控制從特定 IP 到服務(網站)的請求數量。
即時全球 IP 封鎖 - 保護 WordPress 免受惡意 IP,只允許真正的流量進入。
即時規則和簽名更新 - 基於威脅不斷更新的簽名。
封鎖 IP - 只需點擊一下,就可以封鎖任何 IP。

登入保護和垃圾郵件保護

暴力登入/攻擊防護 - 我們會跟踪使用者的登入嘗試,如果有人超過允許的失敗登入嘗試次數,我們將發送警報給管理員。
保護登入頁面,防止暴力破解密碼攻擊。
限制登入嘗試 - 自動攻擊登入頁面以猜測您的密碼,這可能對使用者的帳戶造成風險。您可以只限制登入嘗試次數和請求速率。
登入安全性 - 限制登入嘗試並跟踪使用者的登入嘗試
常用密碼保護 - 檢測使用者是否使用常見洩露的密碼
使用者註冊安全性 - 不允許使用一次性/假電子郵件地址
Google reCAPTCHA - 登入和註冊的驗證保護
垃圾郵件保護和評論垃圾郵件保護

註冊安全性

註冊表單上的驗證碼
WordPress 檔案保護 - 我們為您提供了一個選項,可以避免用戶從瀏覽目錄內容和 WP Dashboard(主題和外掛)編輯檔案。
阻止假用戶 - 我們可以幫助您立即檢測可疑的電子郵件地址。大多數使用者使用一次性、假或臨時郵件地址進行註冊。

原文外掛簡介

WORDPRESS’S MOST POPULAR FIREWALL & SECURITY SCANNER
A malware scanner and endpoint firewall that was created specifically for WordPress is included in Wp security pro. To keep your website secure, our Threat Defense Feed provides Wp Security Pro with the most recent firewall rules, malware signatures, and dangerous IP addresses. The most complete WordPress security solution is Wp security pro, which is rounded off by 2FA and a variety of extra features.
Features

Complete Web Security suite to protect WordPress from any attacks
Web Application Firewall (WAF): WordPress Firewall to protect your site
OWASP TOP 10 Protection
Login Protection: Spam and Login Protection
Malware scanner: Detects any virus, malware, and trojan
Backup: Taking Encrypted Backup with local storage and cloud storage
Limit Login Attempts to stop password guessing
Real-time Global IP Blocking
Limit Rate of Request: Protecting resources from any security hole exploit
Crawler Detection and blocking
Blocking IP and Attacks
Country Blocking and Browser Blocking
Brute Force Attacks prevention to stop password hack
Captcha for Bot Detection
Google Recaptcha
Login Form Protection
Registration Form Protection
Integration with the different plugins – Woo commerce, BuddyPress, ultimate member, and others
Reporting
Audit Log

Web Application Firewall

WordPress firewall is built specifically for WordPress and blocks malicious traffic on your WordPress Site.
Block Attacks and prevent access
SQL injection Protection (SQL)
Cross-site scripting(XSS) Attacks
Remote-File Inclusion(RFI)
Local File Inclusion(LFI)
Secure Rate Limiting – It controls the number of incoming requests from a specific IP to a service(Website).
Realtime Global IP Blocking – It protects from malicious IPs and lets the genuine traffic on your WordPress.
Realtime Rules and Signatures update – Constant update of signatures based on threats.
Blocking IP – Block any IP you want just with one click.

Login Protection and Spam Protection

Brute Force Login / Attacks Protection – We keep track of users’ login attempts and we send alerts to administrators for unusual activities if someone exceeds allowed failed login attempts.
Protects from brute force attacks and password guessing on the login page.
Limit Login Attempts – Automated attacks on the login page to guess your password can be a risk for users’ accounts. You can just limit the login attempts and the rate of requests on the website.
Login Security – Limit Login Attempts and track user login attempts
Common Password protection – Detect if users use commonly leaked passwords
User Registration Security – Disallow Disposable / Fake email addresses
Google reCAPTCHA protection for login, and registration.
Spam Protection and Comment Spam Protection

Registration Security

Captcha on the registration form
Protection for WordPress files – We provide you the option to prevent access to users from browsing directory content and editing files from WP Dashboard (Themes and plugins).
Block Fake Users – We help you to detect suspicious email addresses instantly. Most of the users use disposable, fake, or temporary email addresses for registering on online websites. We help you stop accepting registrations from those emails.

Malware Scanner

Malware scanner will scan all the files including WordPress core, plugins, and theme files to know if any of them have malware and malicious URLs.
Malware Scanner  – The scanner will scan all the files including WordPress core, plugins, and theme files to know if any of them have malware and malicious URLs.
Malware Detection Signatures – With Real-time signature updates, it checks for the latest threats and notifies you of any issues found.

Backup

Encrypted Database backup and File Backup – Backup your WordPress database files easily with a single click. You can either download your backup or can save it on your server.
Cloud Backups – Store it in cloud storage or remote locations like Google Drive, Amazon S3, DropBox, and others.
One-Click Restore – File restoring is made easy with just One-Click Restore.

Blocking

IP Blocking – Manual and automatic blocking of IP address ( Blacklisting and whitelisting included ).
Country Blocking – If you have a website that gets inundated with SPAM or hacking attempts from visitors or bots originating from certain countries we can help you block those attempts. You can block the request coming from countries like Russia, Brazil, China, and others.

Live traffic Monitoring and Reporting

Traffic Monitoring – Keep a Real-time watch on traffic and get details on every request. Also, you get the option of filtering reports with various criteria like username, IP address, and date. Also, you can export reports in CSV and pdf.
IP Lookup – IP Lookup gives you a way to look up who owns an IP address or domain name that is visiting your website or is engaging in malicious activity on your website.
Security Log – Logs Blocked IPs, Spammers, Bots, HTTP 404,403 and 400 logging

Advanced Features :-

Advanced Blocking – Block users based on: IP range, Country, Browser / User Agent, Referrer, and HostName(DNS)
Htaccess Website Security Protection- Secure your website from unintended users with ht-access website security protection which blocks user requests on the server(apache) level.
Comment SPAM Filter and Site SPAM Check – We check if your website is generating SPAM to protect your website from getting blocked by search engines. Also, we help you to filter comments for malware and phishing URLs.
SPAM Protection and google reCAPTCHA for comments – Google reCAPTCHA protects your website from spam and abuse. reCAPTCHA uses an advanced risk analysis engine and adaptive CAPTCHAs to keep automated software from engaging in abusive activities on your site.
Notification to admin and end users – Send Email Alerts for IP blocking and unusual activities with a user account
DOS (Denial of service) attacks protection – Protect your resources from DOS attacks by slowing down attackers by delaying response and increasing delay in each of his requests and eventually blocking them entirely.
Notifications – Get email alerts for unusual activities with your user accounts. We also support customized email templates that you can use for branding.

How is miniOrange Different?
miniOrange has various types of deployments that gives the customer a safe and protective choice. miniOrange offers plugins, Cloud, and On-premise server modules. The plugin will block all incoming requests on the network where the website is hosted. You can block the request before reaching the server with the network solutions. And keeping backups are essential so that you can fall back in case of any loss or modification of data intentionally or unintentionally. miniOrange provides encrypted backups for files and databases with one-click recovery.
=miniOrange provides three levels of Security to which owners can decide which solution would be the best for them=

WordPress-Level Web Application Firewall
Server Level On-premise WAF
Server Level Cloud-based WAF

Do you want to support?
Please email us at [email protected] or Contact us

各版本下載點

  • 方法一:點下方版本號的連結下載 ZIP 檔案後,登入網站後台左側選單「外掛」的「安裝外掛」,然後選擇上方的「上傳外掛」,把下載回去的 ZIP 外掛打包檔案上傳上去安裝與啟用。
  • 方法二:透過「安裝外掛」的畫面右方搜尋功能,搜尋外掛名稱「WordPress Security – Firewall, Malware Scanner, Secure Login and Backup」來進行安裝。

(建議使用方法二,確保安裝的版本符合當前運作的 WordPress 環境。

4.2 | 4.0.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.7 | 4.0.8 | 4.0.9 | 4.1.0 | 4.1.1 | 4.2.1 | 4.2.2 | 4.2.3 | 4.3.0 | 4.3.1 | 4.3.2 | trunk |

延伸相關外掛(你可能也想知道)

文章
Filter
Apply Filters
Close
Mastodon