Linux 软件免费装
Banner图

Apocalypse Meow

开发者 blobfolio
更新时间 2024年12月4日 16:16
捐献地址: 去捐款
PHP版本: 7.3 及以上
WordPress版本: 6.7
版权: WTFPL
版权网址: 版权信息

标签

secure spam security wordpress security block hackers login security protection antivirus malware brute-force security plugin opsec passwords sessions exploit infection

下载

21.0.3 21.0.4 21.0.5 21.1.0 21.1.2 21.1.3 21.1.4 21.2.0 21.2.2 21.2.3 21.2.4 21.2.6 21.2.8 21.3.2 21.4.0 21.4.1 21.4.2 21.5.0 21.5.1 21.6.0 21.6.2 21.1.1 21.2.7 21.6.1 21.8.1 20.2.0 21.7.1 21.7.3 21.9.0 20.1.8 21.0.2 21.3.0 21.3.1 21.7.2 21.7.4 21.0.1 21.2.5 21.7.5 21.2.1 21.6.3 21.8.0

详情介绍:

Apocalypse Meow's main focus is addressing WordPress security issues related to user accounts and logins. This includes things like: Security is an admittedly technical subject, but Apocalypse Meow strives to help educate "normal" users about the nature of common web attacks, mitigation techniques, etc. Every option contains detailed explanations and links to external resources with additional information. Knowledge is power!

安装:

Nothing fancy! You can use the built-in installer on the Plugins page or extract and upload the apocalypse-meow folder to your plugins directory via FTP. To install this plugin as Must-Use, download, extract, and upload the apocalypse-meow folder to your mu-plugins directory via FTP. See the MU Caveats for more information about getting WordPress to load an MU plugin that is in a subfolder. Please note: MU Plugins are removed from the usual update-checking process, so you will need to handle future updates manually.

屏幕截图:

  • All settings include detailed explanations, suggestions, and links to additional resources. Not only will your site be vastly more secure, you'll learn a lot!
  • The Community Pool: the login blocklist can ultimately be extended to include community-reported attack data, vastly increasing the effectiveness of the brute-force login mitigation.
  • Simple but sexy statistics.
  • A ton of additional security and management tools for system administrators, including an ability to view and revoke individual user sessions.
  • A full suite of WP-CLI tools, hookable functions and filters to interact with or extend the login protection features, read-only configurations, and detailed documentation covering it all!

升级注意事项:

21.9.0 This release adds a new (default) feature to anonymize the leaky headers WP adds to all remote requests. There are a few minor documentation fixes and updates as well. 21.8.1 This release tweaks the lockdown behavior to exit POST requests with a 403 status instead of returning an error. 21.8.0 This release adds a new Login Lockdown option to help mitigate distributed brute-force attacks. 21.7.5 This release adds a workaround to fix compatibility issues with the (unaffiliated) activitypub plugin, and removes some obsolete documentation. 21.7.4 This release fixes a typo in the documentation.

常见问题:

Is this plugin compatible with WPMU?

No, sorry. This plugin may only be installed on single-site WordPress instances.

How does the Community Pool Blocklist Work?

The Community Pool is a new opt-in feature that combines attack data from your site with other sites running in pool mode to produce a global blocklist. In other words, an attack against one becomes an attack against all! The blocklist data is conservatively filtered using a tiered and weighted ranking system based on activity shared within the past 24 hours. For an IP address to be eligible for community banning, it must be independently reported from multiple sources and have a significant amount of total failures. Your site's whitelist is always respected. Failures from whitelisted IPs will never be sent to the pool, and if the pool declares a ban for an IP you have whitelisted, your site will not ban it. For more information, check out the Community Pool settings page.

How do I unban a user?

The Login Activity page will show any active bans in the top/right corner. You can click the button corresponding to the victim to remove the ban. If you accidentally banned yourself and cannot access the backend, you have a few options:

  • Wait until the defined time has elapsed;
  • Login from a different IP address (tip: use your cellphone (via data, not Wifi));
  • Ask a friend to login and pardon you;
  • Temporarily de-activate the plugin by renaming the apocalypse-meow plugin folder via FTP;
Remember: you can (and should) whitelist any IP addresses that you commonly log in from. This is done through the Settings pgae.

Can I see the passwords people tried when logging in?

Of course not! Haha. Apocalypse Meow is here to solve security problems, not create them. Only usernames and IP addresses are stored.

Will the brute-force log-in prevention work if my server is behind a proxy?

As of version 1.5.0, it is now possible to specify an alternative $_SERVER variable Apocalypse Meow should use to determine the visitor's "true" IP. It is important to note, however, that depending on how that environmental variable is populated, the value might be forgeable. Nonetheless, this should be better than nothing!

I am seeing "You are running Vue in development mode." in the console?

This informational message appears on Apocalypse Meow admin pages if your site is running in WP_DEBUG mode. This version of Vue.js can provide more useful information for debugging Javascript-related issues. When WP_DEBUG is set to FALSE (which should be the case for any production sites), the leaner production version of Vue.js is loaded instead. :)

Multi-Server Setup

Apocalypse Meow tracks login history in the database. If your WordPress site is spread across multiple load-balanced servers, they must share access to a master database, or else tracking will only occur on a per-node basis.

更新日志:

21.9.0 21.8.1 21.8.0 21.7.5 21.7.4