Read Only Mode – Telchar HiveLock -- WordPress 插件

开发者	telchar
更新时间	2026年4月18日 11:14
PHP版本:	7.4 及以上
WordPress版本:	6.9
版权:	GPLv2 or later
版权网址:	版权信息

Read Only Mode – Telchar HiveLock freezes an already working site by restricting persistent WordPress actions while keeping the site online, browsable, and accessible to administrators. While freeze mode is enabled:

Frontend browsing continues to work.
Administrators can still log in. All users can still log out.
Administrators can still access the dashboard.
Administrators can return to the plugin page and disable the freeze.
Standard WordPress-level persistent changes are blocked.

This plugin is designed for already-finished sites that should stay online and readable without allowing routine changes, uploads, updates, or content edits until an administrator intentionally unfreezes the site again. It is not a maintenance mode plugin. Its purpose is to harden finished sites by reducing their WordPress-level attack surface and blocking persistent changes through standard WordPress write routes. Blocked surfaces include:

post, page, attachment, and custom post type writes
taxonomy changes
comment creation and standard moderation changes
option and settings updates
user creation, deletion, and password reset flows
media uploads
plugin, theme, and core file modification flows handled through WordPress
REST write requests across all namespaces, including third-party plugin routes
admin AJAX restricted to a narrow allowlist of safe core read actions, while taxonomy creation requests return a visible error
XML-RPC publishing and pingback-style mutation routes

This plugin aims to provide a practical WordPress-level freeze mode. It does not claim to provide absolute immutability, server-level filesystem protection, or protection against every possible vulnerability or every custom plugin write path.

安装:

Upload the telchar-site-freeze folder to the /wp-content/plugins/ directory, or install the plugin through the WordPress admin area.
Activate the plugin through the Plugins screen in WordPress.
Open Settings > Read Only Mode.
Enable freeze mode when you want to freeze the site.

常见问题:

更新日志:

1.0.12

Replaced the remaining admin action request helper with explicit local request inspection to reduce review ambiguity around passive mutation detection.

1.0.11

Replaced generic request readers with explicit contextual request inspection and switched the post-toggle admin status notice to a controlled transient-based flow.

1.0.10

Changed the main freeze toggle button to use site-focused labels instead of the plugin brand name, and updated translation catalogs accordingly.

1.0.9

Added a warning encouraging site owners to verify site health before freezing, with a link to Telchar for security audits and related tools.

1.0.8

Blocked post.php?action=delete so attachments cannot be permanently deleted from their detail screen during freeze. Returned core-compatible AJAX errors for blocked comment moderation actions so the admin UI shows a visible failure instead of behaving as if the action succeeded.

1.0.7

Allowed the minimum safe core AJAX actions needed for media and taxonomy browsing in wp-admin, and returned a visible error for blocked AJAX term creation instead of leaving the UI loading indefinitely.

1.0.6

Blocked low-level comment creation paths that pass through wp_new_comment() preprocessing so comment writes are denied more consistently during freeze.

1.0.5

Removed the remaining Heartbeat AJAX exception so frozen sites no longer expose that write-capable route. Added low-level metadata, taxonomy relationship, and user table write blocking to reduce custom code bypasses.

1.0.4

Fixed get_server_value() to use $_SERVER directly instead of filter_input(INPUT_SERVER), which returns null in PHP-FPM environments and silently disabled HTTP-method-dependent admin blocks.

1.0.3

Renamed the plugin, removed manual translation loading, hardened request validation, added a persistent admin notice while frozen, and updated compatibility metadata.

1.0.2

Closed admin-post.php write bypass. Blocked add_option and delete_option during freeze. Strengthened user capability checks. Fixed text inconsistencies in admin UI.

1.0.1

Removed dead code in option allowlist. Session tokens are stored in user meta, not options, so the entry had no effect.

1.0.0

Initial public release.

Read Only Mode – Telchar HiveLock

标签

下载

详情介绍:

安装:

常见问题:

更新日志: