內容簡介
請注意:此外掛已不再為非企業客戶提供支援。我們建議使用Jetpack Protect,這是一個免費的 WordPress 安全外掛程式,利用 WPScan 的龐大資料庫進行掃描,以掃描您的網站並警告您可能的漏洞,保護您的網站免受安全威脅和惡意軟體的影響。
WPScan WordPress 安全外掛程式的獨特之處在於它使用自己手動精心編輯的 WPScan WordPress 漏洞資料庫,此漏洞資料庫從 2014 年開始運作,由專業的 WordPress 安全專家和社區不斷更新,其中包含超過 21,000 種已知的安全漏洞。此外掛程式使用這個資料庫來掃描WordPress 漏洞、外掛程式漏洞和佈景主題漏洞,並提供自動每日掃描和電子郵件通知的選項。
WPScan 提供免費的 API 方案,適合大部分的 WordPress 網站使用,但也有付費方案供需要更多 API 呼叫的使用者。要使用 WPScan WordPress 安全外掛程式,您需要使用免費的 API 令牌,請到 此處註冊使用。
免費方案可每日使用 25 次 API 請求。查看不同可用的 API 方案。
需要多少 API 請求?
我們的 WordPress 掃描器每個 WordPress 版本、每個已安裝的外掛程式和每個已安裝的佈景主題都會執行一次 API 請求。
平均來說,一個 WordPress 網站有 22 個已安裝的外掛程式。
免費方案應該可以涵蓋大約 50% 的 WordPress 網站。
安全檢測
WPScan WordPress 網頁安全外掛程式還會檢查其他不需要 API 令牌的安全問題,例如:
檢查 debug.log 檔案
檢查 wp-config.php 備份檔案
檢查是否啟用 XML-RPC
檢查程式庫檔案
檢查是否使用預設的密鑰
檢查是否有匯出的資料庫檔案
弱密碼
啟用 HTTPS
此外掛程式可以做什麼?
掃描已知的 WordPress 漏洞、外掛程式漏洞和佈景主題漏洞;
進行其他安全檢查;
在管理者工具列上顯示帶有已發現的安全漏洞總數的圖示;
新發現安全漏洞時通過郵件通知您。
進一步閱讀
WPScan WordPress 漏洞資料庫
WPScan WordPress 安全掃描器
WPScan Twitter
外掛標籤
開發者團隊
② 後台搜尋「WPScan – WordPress Security Scanner」→ 直接安裝(推薦)
📦 歷史版本下載
原文外掛簡介
Please note: This plugin is no longer actively supported for non-enterprise customers. We recommend using Jetpack Protect – a free security plugin for WordPress that leverages the extensive database of WPScan. Jetpack Protect scans your site and warns you about vulnerabilities, keeping your site one step ahead of security threats and malware.
The WPScan WordPress security plugin is unique in that it uses its own manually curated WPScan WordPress Vulnerability Database. The vulnerability database has been around since 2014 and is updated on a daily basis by dedicated WordPress security specialists and the community at large. The database includes more than 21,000 known security vulnerabilities. The plugin uses this database to scan for WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities, and has the options to schedule automated daily scans and to send email notifications.
WPScan has a Free API plan that should be suitable for most WordPress websites, however, also has paid plans for users who may need more API calls. To use the WPScan WordPress Security Plugin you will need to use a free API token by registering here.
The Free plan allows 25 API requests per day. View the different available API plans.
How many API requests do you need?
Our WordPress scanner makes one API request for the WordPress version, one request per installed plugin and one request per installed theme.
On average, a WordPress website has 22 installed plugins.
The Free plan should cover around 50% of all WordPress websites.
Security Checks
The WPScan WordPress Security Plugin will also check for other security issues, which do not require an API token, such as:
Check for debug.log files
Check for wp-config.php backup files
Check if XML-RPC is enabled
Check for code repository files
Check if default secret keys are used
Check for exported database files
Weak passwords
HTTPS enabled
What does the plugin do?
Scans for known WordPress vulnerabilities, plugin vulnerabilities and theme vulnerabilities;
Does additional security checks;
Shows an icon on the Admin Toolbar with the total number of security vulnerabilities found;
Notifies you by mail when new security vulnerabilities are found.
Further Reading
WPScan WordPress Vulnerability Database
WPScan WordPress Security Scanner
WPScan Twitter
