DominoGuard Security
| 开发者 | digitalwebtutor |
|---|---|
| 更新时间 | 2026年5月10日 02:24 |
| PHP版本: | 7.2 及以上 |
| WordPress版本: | 6.9 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
DominoGuard is a focused, minimalistic security solution for WordPress. Designed to be fast and lightweight, it provides the essential security features every website needs with a clean configuration.
Key Features
- Limit Login Attempts: Automatically block IPs for 15 minutes after 5 continuous failed login attempts, keeping brute-force attacks at bay.
- Email Two-Factor Authentication (2FA): Add an extra layer of security for Administrators. When enabled, logging in requires a 6-digit code sent to the admin's email address.
- Brute Force Protection: Easily disable XML-RPC, a common vector for brute force and pingback attacks.
- Block User Enumeration: Prevent attackers from discovering your administrator username by blocking
/?author=Nquery scans. - Basic Firewall: A lightweight WAF that silently blocks simple directory traversal attempts (
../) and basic malicious query strings commonly found in automated SQL injections.
安装:
- Upload the
dominoguard-securitydirectory to your/wp-content/plugins/directory, or install it directly via the WordPress Plugins menu. - Activate the plugin through the 'Plugins' menu in WordPress.
- Navigate to Settings > DominoGuard in the admin dashboard.
- Toggle the security features you wish to enable and click "Save Settings".
常见问题:
How does the Email 2FA work?
When "Enable Email 2FA" is active, Administrators will be prompted to enter a 2FA code during login. If the password is correct, the plugin sends a secure 6-digit code to the administrator's email. This code must be entered into the "2FA Code" field on the login screen, alongside the username and password, to successfully log in.
Will DominoGuard slow down my website?
No. DominoGuard is built with a minimalist philosophy. It runs efficient code with minimal impact on your website performance.
Do I need to configure the Firewall?
No configuration is needed. When enabled, it quietly blocks some explicit malicious patterns in URLs before WordPress even loads fully, keeping you safe.
更新日志:
1.0.0
- Initial Release.