Linux 软件免费装
Banner图

Plugin Name

开发者 cteitzel
tynor
更新时间 2021年6月3日 04:18
PHP版本: 5.5 及以上
WordPress版本: 5.7
版权: GPLv2 or later
版权网址: 版权信息

标签

secure security password API key encrypt encryption locker secrets management secrets

下载

详情介绍:

API & ENCRYPTION KEY MANAGEMENT FOR WORDPRESS Lockr is the first hosted secrets management solution for WordPress, providing an affordable solution for all sites to properly manage site secrets such as API and encryption keys used by their plugins. Lockr's offsite key management solution protects against critical vulnerabilities, delivers best-practice security to help sites comply with many industry regulations, and provides a Defense in Depth approach to securing your data. Lockr also provides AES-256 encryption to your custom plugins in a seamless manner to protect data at rest in your site. And best of all, even though it delivers enterprise-grade key management, you can try it for 2 weeks free! Learn more at http://www.lockr.io. Lockr Features: Lockr is the first key management service for WordPress. More and more plugins are leveraging 3rd party APIs. To securely access these APIs, a token, secret key, or password is necessary. Until now, these highly sensitive secrets were stored right in your database. We’ve seen a major need to secure sensitive data and communications by removing these API keys from your database, encrypting them, and storing safely in an offsite key vault. This limits the damage that could be done if your site is compromised or a developer has a local copy of your database. Lockr makes key management easy. Just install the plugin for WordPress, configure your account and begin securely storing your keys. Lockr provides patches for the major plugins used by hundreds of thousands of sites and with WP-CLI a single command will make sure your plugins use Lockr. Who is Lockr for? Lockr is available for WordPress sites of all sizes. Easy to use for the novice site owner and advanced enough for the expert developer, Lockr secures web transactions and data at rest by protecting API and encryption keys. For Site Builders: fill out a single registration form and you’re set. To use with other plugins, look for those that have Lockr available or use our patch library to update your favorite plugin to use Lockr. For Developers: Lockr provides an easy to use framework to “get and set” keys from your custom plugin. Additionally, Lockr provides a simple to use yet strong AES-256 encryption function, ensuring your data is encrypted according to industry best-practices and securely stored. Using Lockr helps keep the developer safe, by removing the sensitive passwords and key secrets from the code and database, following security best practices should a site be compromised. Is Lockr Safe? Lockr can secure any API key, secret key, and other types of credentials. Once enabled in WordPress, keys entered are encrypted, then sent over to the Lockr system and removed from the code repository and database. This encryption teamed with hosting provider based authentication prevents your key from being used outside your website. Lockr also manages keys on a “per environment" basis which helps eliminate the potential of keys being shared from production to development environments. No longer will you have to worry about sending a notification from development to your production users, or having production data decrypted in development environments. Leveraging proven enterprise-grade key management technology from Townsend Security, Lockr's offsite key management delivers best-practice security to protect against critical vulnerabilities and help sites meet PCI DSS, HIPAA and other security requirements and regulations. This plugin is designed, written and maintained by experts in security, to the end user it is easy to use and understand. Let Lockr handle the difficult part of securing your site, so you can focus on delivering the best experience possible to your users.

安装:

Installation of Lockr is simple, and if you are on a supported hosting partner, it is done seamlessly and within seconds.
  1. Upload the Lockr directory to the /wp-content/plugins/plugin-name directory, or install the plugin through the WordPress plugins screen directly.
  2. Activate Lockr through the 'Plugins' screen in your WordPress
  3. Visit Settings > Lockr
  4. Follow the prompts to connect your site to a KeyRing. This will open up a popup window where current users can login, or new users can register for an account.
  5. You can create a new KeyRing or connect your site to an existing KeyRing to share secrets with another application on your account.
  6. Once the dashboard shows you as having a certificate and registration you're done!
  7. When ready to deploy to production, follow the prompts provided which will remove the development certificate and place a production one in its place. With production you're in our guaranteed uptime environment.
You're set! Start entering your keys through the Lockr config or creating option overrides to integrate with other plugins! To get the values out of Lockr all you will need is the function lockr_get_key([machine_name_of_key]) where you put in the machine name of the key you have set. Be sure to check out our docs for more details.

常见问题:

How is my key stored?

Before transmitting your key to Lockr, it is encrypted and verified with a HMAC. It is then sent via a secure connection to the Lockr server where it is held in a FIPS 140-2 compliant key manager. By encrypting it before it leaves the site, Lockr has no way of knowing or accessing your key, and with the HMAC you can be sure no one has possibly interfered with the key in transit. Only your site can unlock the key for it to be used.

Will this slow down my site?

Not to any noticeable effect. The connection to the Lockr server depends on the speed of your servers connection but on average we see round trips of under 200ms. This is about the same time that some database queries take.

What is the uptime guarantee of Lockr

We know your keys are critical to your site. To ensure you have your keys whenever you need it our cloud is built to scale, and we back that with a 99.9% uptime guarantee. A dedicated SLA is available for enterprise clients.

更新日志:

3.0.4 This is a minor fix that cleans up an undefined constant for a deprecated extension. 3.0.3 This is a minor fix that cleans up an incompatibility with upcoming versions of PHP. 3.0.2 Attention Pantheon Users This is a mandatory update for all Pantheon users. There is a change in the Pantheon filesystem which effects how the plugin authenticates to the Lockr Service. This will provide support for the new filesystem and ensure no disconnections occur as it is rolled out. 3.0.1 This is a minor release with a single fix to some issues reported with legacy keys created prior to our newest library release. 3.0 Welcome to Lockr v2! Welcome to the new Lockr 2.0! We’ve completely re-architected the service from the ground up and as such the modules got an overhaul at the same time. Re Architected from the ground up The latest version of Lockr does not sit on top of the previous version, but rather incorporates all that we have learned since the first release. It takes full advantage of the latest technical improvements to speed, performance and security. FASTER We’ve always been committed to creating a fast lookup time for any secret in Lockr. With 2.0, secret retrievals are blazing fast, now in the sub-100 millisecond range. Go ahead and utilize Lockr with the peace of mind knowing we won’t be slowing you down. Lockr KeyRings Secrets are no longer organized by site, but rather by a new logical grouping we call KeyRings. These KeyRings are easier to create (now done in a convenient popup) and it’s even easier now to create clients (connections) on multiple environments which all connect to the same KeyRing. This means you can deploy Lockr to your development, staging, and local environments with ease and without the risk of creating multiple subscriptions. Cloud Independent Lockr infrastructure has now freed itself of cloud host-proprietary capabilities. This allows Lockr to be deployed across multiple various cloud providers to increase performance by offering more points of presence. Be on the lookout for more of these as they come online and if you have a location you’d like to see Lockr located, just drop us a line. Cache Mesh Network Lockr has improved the speed of key retrieval through a patent-pending mesh network of cache Hardware Security Modules (HSMs). These caches will automatically distribute and hold the values you store closer to where your site is located. The result is a significant improvement in performance. Want more info? Check out our blog post where we go into more details. 2.4 Big update! With this update we've added automatic registration! This means that when you enable the plugin it will automatically set you up with the certificates for a development account. We didn't stop there, we've setup a few of the largest WordPress hosts with a customized experience for you if you're on one of the hosts. The hosts we now support with automatic registration are: But wait... there's more! We've added 2 ways to keep your data in WordPress even more secure. With our roots in encryption we wanted to make sure WordPress users every opportunity to stay secure. We've also added the ability to encrypt posts. Simply check the box in the Lockr configuration and any post you password protect will also be encrypted in the database. Now you can keep those private posts encrypted and not able to be read from the database. With this reliance on password protection, we also wanted to make the password handling as secure as possible as well. So we added the ability to hash passwords stored in the database, keeping your passwords as secure as they can be. Of course we wouldn't launch this without full Gutenberg compatibility! All the encryption works great, no matter what editor you use! 2.3 With our new pricing, and free trial period, we've added a row to the status table to show when the trial period ends. We've also fixed a bug that caused some intermittent issues on Pantheon. 2.2 2.1 2.0.1 2.0