Lockora Security Audit -- WordPress 插件

开发者	cmdgw
更新时间	2026年5月23日 23:05
PHP版本:	7.4 及以上
WordPress版本:	7.0
版权:	GPLv2 or later
版权网址:	版权信息

Lockora Security Audit helps site owners and agencies review a WordPress site's security posture from the admin area. Current prototype features include:

Manual security scans.
Weighted security score out of 100.
WordPress core file integrity checks using official checksums.
WordPress authentication key and salt checks, with an explicit action to generate missing salts.
Must-use plugin directory presence checks.
PHP version status using WordPress.org Serve Happy data.
HTTPS and HTTP security header checks.
WordPress core, plugin, and theme update posture checks.
Administrator account posture checks for default usernames, excess admins, inactive admins, user ID 1 exposure, and an admin username/email inventory.
Optional known vulnerability matching with a configured Wordfence Intelligence API key.
Optional AI client reports on WordPress 7.0+ when the site's AI Connector is configured.
Reversible hardening toggles for XML-RPC, REST user routes, generator tag output, and basic security headers.

安装:

Upload the lockora-security-audit folder to /wp-content/plugins/.
Activate Lockora Security Audit from the Plugins screen.
Go to Tools > Lockora Security Audit.
Click Run Scan.

常见问题:

更新日志:

0.1.2

Lowered the required WordPress version to 6.0 for non-AI security scanning and hardening checks.
Kept AI client reports disabled unless WordPress 7.0+ AI Client support is available.

0.1.1

Fixed HTTP security header scanning when a server returns duplicate headers as arrays.

0.1.0

Initial prototype with manual scans, hardening checks, core integrity checks, PHP version checks, vulnerability posture checks, optional Wordfence feed matching, and optional client-ready AI reports.

Lockora Security Audit

标签

下载

详情介绍:

安装:

常见问题:

更新日志: