Linux 软件免费装
Banner图

ForceField

开发者 majick
更新时间 2024年7月11日 10:03
捐献地址: 去捐款
PHP版本: 4.0.0 及以上
WordPress版本: 6.5.5
版权: GPLv2 or later
版权网址: 版权信息

标签

security rest api xml rpc login protect bot protect api access admin protect

下载

1.0.6 1.0.1 1.0.2 1.0.4 1.0.3 1.0.8 1.0.5 1.0.7

详情介绍:

Adds several layers of security to restrict access to common hacking attack vectors. By filtering requests in a more specific and intelligent way, ForceField allows permitted actions to continue unaltered, but blocks actions that are disallowed or not explicitly unauthorized. ForceField is not a "firewall" - nor a replacement for a comprehensive security plugin, but rather is intended to complement and enhance your existing security measures, by adding some unique and innovative protection features not easily found elsewhere. These include: Tokenized Protection Easily reduce Brute Force Password attacks, SPAM Comments, Fake User Registrations and Sploggers! Adds a dynamic Javascript Token field to all common user action forms: Login, Registration (and optionally BuddyPress Registration), Blog Signup (Multisite only), Lost Password and Commenting. You can adjust the settings to apply to any or all of these, giving you more fine-grained control as needed. Since the majority of bots do not have the capacity or time to recognize and process javascript fields, their attempts at access via these actions are instantly blocked - with repeat offender getting IP banned from further attempts. This gives seamless and invisible protection (without needing an annoying ReCaptcha field.) Login Role Protection A last line of defense against hackers who have managed to "somehow" create their own administrator account or escalate their user priveleges! Automatically block, notify by email, revoke role and/or demote to subscriber any "administrator" account that logs in who is not in an explicitly allowed list of verified administrator usernames. Goodbye escalated privelege attack! API Protection Adds several ways to restrict access to XML RPC and REST API features. While these can be disabled, there are several other options provided to severely limit bot and other unauthorized access while still being able to use these features as intended! Part of the aim of this plugin is to make these options available for everyone without needing to code them: Multiple request slowdown, disable XML RPC logins, logged in access only, restrict access to specified user roles, and require secure connection. Behavioural Protection ForceField also records access to user actions missing referer headers, missing or bad tokens, and other bad behaviours in a custom table. Reaching transgression limits for any specific action results in an IP ban. Transgression occurrences are reduced via cooldown over time, with old records expired and later deleted (with intervals adjustable.) This process keeps protection high for fresh attacks while keeping the database free of old record bloat. Also gives the option to output a form to banned IPs so users can unblock themselves manually in case of false positives (and so you don't lock yourself out of your site!) Vulnerability Check Checks your installed core, plugins and themes for known vulnerabilities, according to the frequency you set for each. Then sends email alerts and provides an Admin Notice for any new vulnerabilities when they found, giving you a heads up on updates that require action. (Note: This feature is complete but currently being retested more extensively before being included in the plugin in an upcoming version. If you wish to test it out yourself beforehand, you can download the plugin from Github repository.) ForceField Home Support Forum

安装:

  1. Upload forcefield.zip via the Wordpress plugin installer.
  2. Activate the plugin through the 'Plugins' menu in WordPress.
  3. Access the Plugin Settings via the WordQuest -> ForceField menu.
  4. Adjust the Plugin Settings according to your needs (sane defaults are set automatically, but there are some optional features you may wish to enable.)
  5. It is highly recommended you retest each of your login and registration forms after activating, as well as any plugins that rely on the WordPress APIs.

其他记录:

ForceField Home Like this plugin? Check out more of our free plugins here: WordQuest Looking for an awesome theme? Check out my child theme framework: BioShip Child Theme Framework Support For support or if you have an idea to improve this plugin: ForceField Support Quests Contribute Help support improvements and log priority feature requests by a gift of appreciation: Contribute to ForceField Development To aid directly in development, please fork on Github and do a pull request: ForceField on Github

更新日志:

1.0.8 1.0.7 1.0.6 1.0.5 1.0.4 1.0.3 1.0.2 1.0.1 1.0.0 0.9.9 0.9.8 0.9.7 0.9.6 0.9.5 0.9.4 0.9.3 0.9.2 0.9.1 0.9.0