| 开发者 | techbysh |
|---|---|
| 更新时间 | 2026年7月13日 14:35 |
| PHP版本: | 8.0 及以上 |
| WordPress版本: | 7.0.1 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
tbsh-compliance-audit-logger folder to the /wp-content/plugins/ directory.Every log entry combines its ID, message, timestamp, and metadata with the hash of the preceding entry to calculate its own SHA-256 signature. If a database record is altered, its signature changes, causing validation checks to fail for that row and all subsequent rows.
No. The plugin uses an asynchronous-like queue. Logs are stored in memory during the runtime and written to the database during the WordPress shutdown hook, after the page has finished loading for the visitor.
Yes. The plugin is fully multisite-ready, supports network-wide activation, and stores logs with site identifiers to allow filtering by site.
Yes. When IP address anonymization is enabled (default), client IPs are salted and hashed using HMAC-SHA-256 before insertion. They cannot be reversed to reveal the raw IP.
No. The free version does not limit the number of logs, exports, or evidence snapshots you can generate.
Go to 'Compliance Logs' -> 'Integrity Center' and click the 'Run Integrity Verification' button. The verifier will scan all records and report if any anomalies are found.
If the Integrity Center reports a compromised status, it lists the exact log ID where the validation failed, indicating that the database row was modified or deleted.
The Evidence Vault takes a snapshot of your site's technical configuration (plugins list, theme versions, user capability definitions, security constants). It provides proof of the site's state at a specific point in time.
Yes. You can generate CSV or JSON log exports from the Export Center, using filters like date ranges, compliance categories, or severity levels.
Yes. The plugin creates custom capabilities (tbsh_cal_view_logs, tbsh_cal_view_evidence, tbsh_cal_export_data, tbsh_cal_manage_settings, tbsh_cal_verify_integrity) assigned to administrators by default.
If enabled in settings, the plugin runs a daily or weekly cron job to capture system configuration archives.
Yes. When a WordPress data erasure request is completed for a user, the plugin anonymizes their data and automatically rebuilds the hash chain to keep the cryptographic audit trail unbroken.
All data is stored locally in dedicated custom database tables (wp_tbsh_cal_logs, wp_tbsh_cal_evidence, wp_tbsh_cal_integrity). No logs are written to default options tables.
Events are automatically tagged with compliance categories such as Access Control, Identity Management, Authentication, Change Management, Security Monitoring, and Operational Security.
Yes. The Compliance Overview screen maps your active logs, settings, and verification histories to specific controls in ISO 27001, SOC 2, NIS2, and DORA frameworks.