WebKernelAI Security
| 开发者 | aamirsahil |
|---|---|
| 更新时间 | 2026年5月11日 02:22 |
| PHP版本: | 7.4 及以上 |
| WordPress版本: | 6.9 |
| 版权: | GPLv2 or later |
| 版权网址: | 版权信息 |
详情介绍:
WebKernelAI Security connects your WordPress site to the WebKernelAI platform.
The plugin can:
- expose secure token-authenticated REST endpoints for WebKernelAI dashboard actions
- enforce signed requests with HMAC + timestamp + nonce replay protection
- restrict API access to trusted WebKernelAI hosts
- apply rate limiting for authentication attempts and security reporting endpoints
- provide file hash inventory for integrity checks (hashes only, no file contents)
- sync SEO metadata (title, description, canonical, OG fields)
- apply security header and CSP configuration
- support advanced CSP controls including manual policy editing for advanced users
- apply robots.txt and llms.txt controls
- apply random-page and taxonomy archive controls
- enable granular per-endpoint feature controls for safer operations
- support production lock profile and advanced security policy rollback history
- expose a read-only security overview endpoint (core, plugins, theme update signals and quick hardening notes) for the WebKernelAI dashboard
安装:
- Upload the plugin folder to
/wp-content/plugins/or install via the WordPress plugin screen. - Activate the plugin.
- Go to Settings -> WebKernelAI Security.
- Generate a site token and copy Site URL, API endpoint, and token into your WebKernelAI dashboard.
常见问题:
Does this plugin send file contents to WebKernelAI?
No. The plugin sends file metadata and hashes (for supported scan modes), not raw file contents.
Can I disable headers or CSP?
Yes. Header and CSP controls are configured from the WebKernelAI dashboard.
Can I customize CSP manually?
Yes. Advanced users can manually edit CSP policy directives from the dashboard integration and choose enforcement mode.
Does the plugin protect against replayed API requests?
Yes. Signed requests include freshness validation and nonce replay defense when advanced security mode is enabled.
Can I roll back security policy changes?
Yes. Advanced security policy versioning keeps history and supports rollback to a previous known-good configuration.
更新日志:
1.0.3
- Added REST route
GET /webkernelai/v1/security-overviewfor dashboard security posture (update transients + readme.html note); advertised as capabilitysecurity-overview. - Fixed active theme update detection when WordPress stores
update_themesas an object (standard core format).
- Added advanced security mode with signed request validation (HMAC, nonce replay protection, and timestamp freshness checks).
- Added trusted-origin host validation for plugin API access.
- Added rate limiting controls for authentication and selected security endpoints.
- Added production lock profile support and advanced security policy versioning with rollback history.
- Added advanced CSP management support including optional manual policy editing.
- Improved dashboard-facing error messaging and security configuration controls.
- WordPress.org compliance: unique
webkernelai_security_*option keys,WebKernelAI_Security_*class names,X-WebKernelAI-Security-Tokenauth header, automated migration from legacy option names.
- Initial release.