Linux 软件免费装
Banner图

CodeWP Shield Monitor

开发者 vithanhlam
更新时间 2026年7月15日 17:48
PHP版本: 7.4 及以上
WordPress版本: 7.0
版权: GPLv2 or later
版权网址: 版权信息

标签

privacy security login hardening audit-log

下载

1.3.2

详情介绍:

CodeWP Shield Monitor adds a careful baseline of WordPress security controls without sending site data to third parties by default. CodeWP Shield Monitor hashes IP addresses in its 30-day audit log. For failed-login lockout management, it may also store recent source IP addresses, attempt counts, lockout status, and last failed-login time so administrators can block or unlock those IPs. File contents and post body content are never stored.

安装:

  1. Upload the codewp-shield-monitor folder to /wp-content/plugins/.
  2. Activate CodeWP Shield Monitor through the Plugins screen.
  3. Open CodeWP Shield Monitor in the WordPress dashboard and review the defaults.

常见问题:

Does CodeWP Shield Monitor send data to an external service?

CodeWP Shield Monitor sends the installed WordPress version, locale, and CodeWP Shield Monitor version user-agent to the official WordPress.org checksum API at most once every 12 hours when core checksum verification is enabled. Stored IP fields, credentials, file contents, and post body content are not included; as with any network request, WordPress.org can observe the request's source IP. If an administrator explicitly pairs CodeWP Shield Monitor App or Web, that client can request site security and monitoring data from token-protected REST endpoints hosted on the site. The administrator can disable checksum verification or revoke client access at any time.

What audit data is stored locally?

CodeWP Shield Monitor stores 30-day history in its local event table for login, lockout, user-role, administrator-access, public content create/update, notification, plugin/theme lifecycle, software-update, file-change, and suspicious-code scan metadata. Content audit entries store metadata such as post ID, public post type, title, status, changed field names, WordPress user ID, and username when available. Notification events can store selected Contact Form 7 field values, WooCommerce order metadata, and selected post type creation metadata. File-change entries store relative file labels and cryptographic hashes only. Suspicious-code scan reports store severity, relative file paths or database record labels, heuristic signatures, and short sanitized evidence snippets. File uploads, file contents, full database values, CAPTCHA tokens, post body content, API tokens, and plain-text IP addresses are never stored in the audit log. Recent source IP addresses can be stored separately for failed-login lockout management. WordPress.org Privacy Policy: https://wordpress.org/about/privacy/

Can XML-RPC remain enabled?

Yes. XML-RPC blocking is disabled by default because Jetpack and remote publishing may depend on it.

更新日志:

1.3.2 1.3.1 1.3.0 1.2.2 1.2.1 1.2.0 1.1.0 1.0.0