Linux 软件免费装

Plugin Name

开发者 ZeroCool51
更新时间 2013年5月6日 01:07
捐献地址: 去捐款
PHP版本: 3.0 及以上
WordPress版本: 3.5
版权: GPLv2 or later
版权网址: 版权信息

标签

security force ssl force ssl connection man in the middle session hijacking prevention session stealing prevention

下载

1.0

详情介绍:

This is a very simple plugin that forces SSL on all pages when a user is logged in (not only on admin ones). Why would you need it? If you force SSL usage only in the admin area, and use HTTP as your blog URL, then some links and buttons in the admin area revert to HTTP. This flaw is fixed by this plugin. If you want to check out details about session hijacking, you can view the screencast and the following post on my blog - Wordpress Session Hijacking and Prevention. [youtube http://www.youtube.com/watch?v=Zm3vAxJGrl0] How does it work? This effectively prevents session hijacking and man in the middle attacks.

安装:

Before installing and configuring the files, make sure you have configured your server to work with HTTPS and that you have a valid server certificate installed. Optional step - Install the plugin SSL Insecure Content Fixer (so that all your style, javascript and other URLs are changed to HTTPS). It is optional, but I highly recommend it! Now, open your wp-config.php file and add the following in the end (if not already done): define('FORCE_SSL_LOGIN', true); define('FORCE_SSL_ADMIN', true); Save the file. Now do the following:
  1. Upload the plugin directory to to the '/wp-content/plugins/' directory
  2. Activate the plugin through the 'Plugins' menu in WordPress
And that is it. No options and no configuring is required.

更新日志:

1.0