Linux 软件免费装

在这里免费安装WordPress以及其他软件

Banner图

Onionify

开发者 ivijanstefan
creativform
更新时间 2025年10月27日 21:38
PHP版本: 7.4 及以上
WordPress版本: 6.8
版权: GPLv2 or later
版权网址: 版权信息

标签

privacy security tor csp onion

下载

1.0.0 1.0.1 1.0.2

详情介绍:

Onionify is an independent plugin that enables WordPress websites to operate seamlessly through onion services (.onion). This plugin is not affiliated with or endorsed by the Tor Project. Onionify adds safe and standards-compliant integration for onion access - rewriting runtime URLs when requests arrive via .onion, preventing canonical redirects that might expose onion visitors to the clearnet, optionally adding the official Onion-Location HTTP header, and applying additional privacy-hardening measures (CSP, COEP, oEmbed and resource hints control) specifically for onion traffic. The plugin follows WordPress.org guidelines and is designed for secure public distribution:

安装:

  1. Upload the onionify folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the 'Plugins' screen in WordPress.
  3. (Single-site) Go to Settings → Onionify and enter your .onion host (host only, e.g. abcd1234xyz.onion) and optional hardening settings.
  4. (Multisite) Network Admin → Onionify → use the Mapping page to map each site to its onion host, and optionally set Network Defaults on the Defaults submenu.
  5. (Optional) To verify IPs against the official Tor exit list enable verification:
  6. Add define('TOS_VERIFY_TOR_EXIT', true); to wp-config.php, or
  7. Add add_filter('onion_verify_exit_list', '__return_true'); in a mu-plugin or theme functions file. Note: verification is opt-in and cached for 24 hours. If your environment disables external HTTP calls, keep verification disabled.

升级注意事项:

1.0.2
  • Added welcome screen and refreshed documentation with GitHub contribution section.
  • Improved design and activation flow.

常见问题:

How to set up a WordPress site with a .onion address?

First, you need to configure a Tor hidden service on your server. This is done outside of WordPress, by editing the Tor configuration file (usually /etc/tor/torrc) and adding lines such as: HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80 After restarting the Tor service, Tor will generate a hostname file (for example /var/lib/tor/hidden_service/hostname) that contains your new .onion address. Once you have the .onion address, open your WordPress admin panel and go to:

  • Settings → Onionify (single-site)
  • or Network Admin → Onionify (multisite) Enter your .onion host (for example abcd1234xyz.onion) in the provided field. Onionify will automatically handle URL rewriting and privacy adjustments when visitors access your site through the onion address.
If you want browsers to automatically discover your onion mirror from the clearnet site, enable Send Onion-Location from clearnet in the plugin settings. Note: Onionify does not create or manage the Tor hidden service itself; it only configures WordPress to correctly respond to requests coming from your .onion address.

Will this make my site available only through an onion address?

No. The plugin does not modify hosting, DNS, or server-level routing. It simply adjusts WordPress behavior when incoming requests originate from an onion address. If you want a site that is accessible exclusively via onion services with no clearnet presence, that requires additional server and network configuration beyond this plugin.

I use a CDN like Cloudflare - will this work?

The plugin inspects common headers (for example, CF-Connecting-IP and X-Forwarded-For) to help detect onion-origin requests behind CDNs. It also provides the onion_is_onion_request filter for integrations with other plugins. If your CDN modifies or removes headers, adjust your CDN or proxy settings so that the real client IP headers are passed through to WordPress.

What happens if I enable Custom CSP but make a mistake?

If the Custom CSP is invalid or overly restrictive, some parts of your site (including the admin area) may stop functioning properly. The plugin will send exactly the CSP string you provide. Use this feature only if you understand Content Security Policy rules, and test changes on a staging or development site first.

Does the plugin change database home or siteurl values?

No. The plugin returns rewritten URLs dynamically at runtime. Database values remain unchanged.

How do I enable or disable the exit-address verification check?

The feature is disabled by default. No action is required to keep it off. To enable it, add define('ONS_VERIFY_EXIT_ADDRESSES', true); to your wp-config.php file or use the filter add_filter('onion_verify_exit_list', '__return_true');.

更新日志:

1.0.0 1.0.1 1.0.2