| 开发者 | aamirsahil |
|---|---|
| 更新时间 | 2026年7月18日 21:25 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 7.1 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
/wp-content/plugins/No. The plugin sends integrity metadata and hashes only for supported scan modes.
No. Every REST request requires a valid HMAC-SHA256 signature derived from the shared pairing token plus Ed25519 asymmetric signature verification for critical operations. Without the private key, it is cryptographically impossible to forge a valid request.
Yes. Security headers and CSP policies can be managed through the WebKernelAI dashboard.
Yes. Advanced CSP editing and enforcement controls are supported.
Yes. Signed requests include nonce replay protection and timestamp freshness validation.
Yes. Security policy versioning supports rollback to previous configurations.
Yes. The plugin integrates directly with WebKernelAI Technical SEO Audit and metadata synchronization systems.
Yes. Version 1.0.5 adds a secure signed remote update endpoint that allows the WebKernelAI dashboard to push plugin updates using WordPress's native upgrader, without requiring manual admin access.
The plugin allows the dashboard to delete non-primary users. The first registered user (primary administrator) and the last remaining user on the site are permanently protected from remote deletion by server-side safety rules.
POST /webkernelai/v1/plugin/update) using WordPress native Plugin_Upgrader with Automatic_Upgrader_SkinGET /webkernelai/v1/users and DELETE /webkernelai/v1/users REST endpointsauthor and plugin_uri fields to the plugin overview payload in the security overview endpointis_official flag detection using WordPress.org update transients in get_security_overview()wp-content/upgrade/ temp folders)Automatic_Upgrader_Skin/security-scan-v2, /infections, /users, /plugin/update, and /revokeget_security_overview() to include per-plugin author, plugin_uri, and is_official fieldsGET /webkernelai/v1/security-overview