[WordPress] 外掛分享: ZA Creative Login Shield

首頁外掛目錄 › ZA Creative Login Shield
WordPress 外掛 ZA Creative Login Shield 的封面圖片
全新外掛
安裝啟用
尚無評分
4 天前
最後更新
問題解決
WordPress 5.8+ PHP 7.4+ v6.0.0 上架:2026-06-20

外掛標籤

開發者團隊

⬇ 下載最新版 (v6.0.0) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「ZA Creative Login Shield」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

ZA Creative Login Shield is a comprehensive enterprise-grade security platform that protects your WordPress site against brute force attacks, unauthorized access, credential stuffing, file tampering, and known vulnerabilities. It provides 28 integrated security features with an intuitive dashboard.
⭐ Security Health Score
Weighted security score (0-100) with star rating (⭐⭐⭐⭐⭐) and detailed check breakdown. 23 automated checks including 2FA, rate limiting, password policy, SSL, file integrity, vulnerability scanning, admin username, XML-RPC, debug mode, and more.
🔐 Two-Factor Authentication (2FA)
Email OTP and Google Authenticator (TOTP) support with per-role enforcement. Force 2FA for administrators, editors, or any custom role.
🔑 Passkeys & WebAuthn
Support for Windows Hello, Face ID, Touch ID, Android Passkeys, and physical security keys. Users can register multiple credentials from their profile page.
⚡ One-Click Security Wizard
Apply all recommended security settings with one click: 2FA, rate limiting, password policy, email notifications, custom login URL, session timeout, device tracking, and more.
📊 Analytics Dashboard
Professional analytics with login activity charts, browser distribution, operating systems, 24-hour attack timeline, top attackers, country statistics, success/failure rates, and most attacked usernames. AJAX-loaded with period switching.
🎯 Risk Scoring per Login
Five-factor risk scoring engine evaluating IP reputation, new device detection, failed attempt history, TOR/VPN detection, and geolocation changes. Scores classify logins as Low, Medium, High, or Critical.
👤 Session Manager
View all active sessions with user, device, browser, country, and last activity. Terminate individual sessions or force logout all sessions.
📱 Device Trust
Recognize trusted devices via browser fingerprinting. Unknown devices trigger email verification before allowing access.
🛡️ Emergency Lockdown
One-click lockdown disables all logins, XML-RPC, REST API authentication, and new user registration. Whitelist IPs for emergency access. Full audit trail logging.
📁 File Integrity Monitor
Scan WordPress core files, plugins, themes, wp-config.php, and .htaccess for unauthorized changes. Detects modified, missing, and new files with hash verification.
🔍 Vulnerability Scanner
Connects to WPScan API and GitHub vulnerability feeds to check installed plugins and themes against known security vulnerabilities. Severity ratings (Critical, High, Medium, Low).
🦠 Malware Scanner
Detects suspicious PHP patterns including base64 encoded payloads, eval() execution, shell_exec() calls, and recently modified files during file integrity scans.
🔒 Password Policy
Enforce minimum length, uppercase, lowercase, numbers, special characters, password expiration (days), password history (prevent reuse), and block 26+ common passwords.
🧠 AI Security Assistant
Smart daily briefing generating natural-language security summaries: “You had 53 login attempts. 43 blocked. 8 from Russia. 2 from China.” Contextual recommendations based on real-time activity.
🎨 Login Branding
Customize login page with custom logo image, logo URL, logo title, background color, form background, text color, primary button color, custom CSS, header HTML, and footer HTML.
📧 Advanced Email Templates
Six professional HTML email templates with inline CSS: login notification, blocked IP alert, scheduled report, device verification, OTP code, and default template. Dark-mode compatible.
🔔 Notification Center
In-WordPress notification system with dismiss functionality and unread counts. Alerts for blocked attacks, new IPs, plugin updates, and 2FA changes. Stored per user.
📋 Audit Trail
Complete action log for all security events: settings changes, IP blocks, lockdown activation, user sessions, file scans, vulnerability scans, report generation, and wizard actions.
📅 Scheduled Security Reports
Daily, weekly, or monthly email reports delivered in beautiful HTML format. Includes login statistics, blocked IPs, top attackers, and country breakdown. PDF download available.
📤 Export Everything
Export login logs, blocked IPs, and comprehensive security reports in CSV, JSON, and PDF formats. One-click download from any admin page.
🌐 Public REST API
Eight REST API endpoints under zacls/v1: get stats, get logs, get blocked IPs, get analytics, get health score, get reports, enable lockdown, and disable lockdown.
⚡ Performance Dashboard
Monitor memory usage, database size, cron job status, database query count, and per-table row counts for all plugin tables. Memory usage indicator with percentage.
🧹 Auto Cleanup
Automatically delete old login logs, audit logs, expired sessions, and risk scores. Configurable frequency (daily, weekly, monthly) and retention period (7-365 days).
🔌 Integrations

Cloudflare – One-click import of Cloudflare IP ranges to restore real visitor IPs.
ip-api.com – Free GeoIP country lookup (no API key required).
WPScan API – Vulnerability database for plugin and theme scanning.

Privacy
This plugin stores the following information:

Login attempt records
IP addresses
Device fingerprint identifiers (opt-in, disabled by default)
WebAuthn credential IDs (public key only, no private keys stored)
Risk score evaluations
Audit trail events
Two-factor authentication status
File integrity hashes
Vulnerability scan results
User notification preferences

All data is stored locally inside the WordPress database.
Country information may be retrieved via ip-api.com if GeoIP is enabled (opt-in, disabled by default). Cloudflare API requests (manual admin action) send no visitor data. WPScan API requests send installed plugin slugs and versions.
Site administrators are responsible for complying with local privacy laws.
Full data removal on uninstall (all database tables and options cleaned up).
External Services
This plugin uses the following external services:
Cloudflare API

Purpose: Fetch Cloudflare IP ranges for restoring real visitor IPs behind Cloudflare proxy.
Data Sent: None beyond the standard HTTP request to api.cloudflare.com.
Trigger: Manual admin action (button click on settings page).
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Terms of Service: https://www.cloudflare.com/website-terms/

ip-api.com

Purpose: GeoIP country code lookup for login attempts and blocked IPs.
Data Sent: Visitor IP address.
Trigger: Any login attempt when GeoIP is enabled in settings (opt-in, disabled by default).
Terms of Service: https://ip-api.com/docs/legal
Privacy Policy: https://ip-api.com/docs/legal

WPScan API

Purpose: Check installed plugins against known WordPress vulnerabilities.
Data Sent: Installed plugin slugs and version numbers.
Trigger: Vulnerability scan initiated from admin panel.
Privacy Policy: https://wpscan.com/privacy

延伸相關外掛

文章
Filter
Mastodon