Title: Two-factor authentication (formerly IP Vault) Author: youtag Published: 2020 年 12 月 1 日 Last modified: 2023 年 6 月 6 日 --- 搜尋外掛 ![](https://ps.w.org/ip-vault-wp-firewall/assets/banner-772x250.jpg?rev=2442466) 這個外掛**並未在最新的 3 個 WordPress 主要版本上進行測試**。開發者可能不再對這個 外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。 ![](https://ps.w.org/ip-vault-wp-firewall/assets/icon.svg?rev=2442466) # Two-factor authentication (formerly IP Vault) 由 [youtag](https://profiles.wordpress.org/youtag/) 開發 [下載](https://downloads.wordpress.org/plugin/ip-vault-wp-firewall.zip) * [詳細資料](https://tw.wordpress.org/plugins/ip-vault-wp-firewall/#description) * [使用者評論](https://tw.wordpress.org/plugins/ip-vault-wp-firewall/#reviews) * [開發資訊](https://tw.wordpress.org/plugins/ip-vault-wp-firewall/#developers) [技術支援](https://wordpress.org/support/plugin/ip-vault-wp-firewall/) ## 外掛說明 IP Vault lets you protect your WordPress backend – and any other part of your website– from non verified users. IP Vault Firewall also preserves your server ressources and bandwidth by blocking hacking attempts before they reach your site. ### How does it work ? Requests to protected files and folders are redirected to the _Authentication Page_. IP Vault unlocks user’s IP addresses using a key that is emailed for authentication. Once users verify their account, they can access all restricted areas. Users are automatically verified on registration. ### What is protected ? Out-of-the box, IP Vault restricts access to `.php` and `.phtml` files, as well as `wp-admin` folder, which are frequently exploited by bad bots and hackers. You can choose which part of your site to protect. Need to make the whole website private? No problem, just restrict access to `/`. ### The story behind this plugin In the past 20 years, I have been monitoring a few dozen client sites to prevent malicious access. I have also helped a great number of people to clean their website from malware. I noticed that even marginal WordPress sites or non-wordpress PHP based sites are constantly exposed to hacking attempts. Almost all exploits I have seen work by either calling a vulnerable PHP script already on the server, by adding such a script or by injecting their own code into an existing script. I have tried and tested quite a few security plugins. They can be quite complex to set up and to maintain. Some security plugins try to block access to vulnerable files by comparing requests to a blacklist. These tend to become quite large and need frequent updates to be efficient. Others use geo-blocking services to block requests from certain countries. However in my experience, hacking attempts can come from just about any location. I thought there must be a better way using whitelists for verified users instead. And that’s how the idea for IP Vault was born. ### To Dos * add option to get auth code by SMS (requires users to register phone number) ### I love this plugin. How can I contribute ? * [Rate plugin](https://wordpress.org/support/plugin/ip-vault-wp-firewall/reviews/#new-post) and leave feedback on WordPress.org * Help resolve questions in support forums * Help with translations * [Donate](https://www.paypal.com/donate/?hosted_button_id=Y7VNAG4WC8YMC) ### Disclaimer This plugin uses the following **3rd Party services** : * [ip-api.com](https://ip-api.com) – used to offer insights into IP addresses, namely country and city information. [Terms and Policies](https://ip-api.com/docs/legal) * [ipify.org](https://www.ipify.org) – used to map IPv6 addresses to IPv4. [Terms and Policies](https://geo.ipify.org/terms-of-service) ## 螢幕擷圖 * [[ * Authentication Page * [[ * Dashboard Widget * [[ * Which files and folders should be protected ? * [[ * IP Address Whitelist * [[ * Blocked connection logs & stats ## 使用者評論 這個外掛目前沒有任何使用者評論。 ## 參與者及開發者 以下人員參與了開源軟體〈Two-factor authentication (formerly IP Vault)〉的開發相關 工作。 參與者 * [ youtag ](https://profiles.wordpress.org/youtag/) [將〈Two-factor authentication (formerly IP Vault)〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/ip-vault-wp-firewall) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/ip-vault-wp-firewall/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/ip-vault-wp-firewall/),或透過 [RSS](https://plugins.trac.wordpress.org/log/ip-vault-wp-firewall/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/ip-vault-wp-firewall/)。 ## 變更記錄 #### 2.1 * optimization : added a 404 header to disallowed requests, in order to discourage bots from returning * optimization : mapping (frequently changing) IPv6 addresses to IPv4 using third party service _ipify_ * fixed potential XSS vulnerabilities #### 2.0 * optimization : complete rewrite of authentication method : replaced secret URL by a 4-digit pin code * various small fixes #### 1.1 * optimization : set transient for api calls (cache results for 1 week) * experimental feature : use ASN for authentication (useful if your public IP changes often) #### 1.0.2.1 * optimisation : limit requests to ip-api to unknown IP addresses (IPs not yet logged) * optimisation : settings link added to plugin screen * optimisation : allow custom comments for whitelisted IPs * fixed minor bug : title on stats screen displays correct date * fixed minor bug : removing IP addresses with backslashes from whitelist #### 1.0.1 * fixed minor bug : missing envelope.svg * tested up to WP version 5.7.2 #### 1.0 * redesigned bar chart and added daily tables in statistics * authentication mail back to plain text to optimise deliverability * various small fixes #### 0.7 * added a `soft rewrite` mode, as `.htaccess` mode can be tricky on some installs * cosmetic changes to authentication mails, now using html * improved logging and statistics, database cleaned through daily cron job #### 0.5 * Reengineered auth page (no longer depending on frontend page) * New logo and redesigned auth page * Improved style and optimised ressource usage * _a lot_ of small changes #### 0.4.1 Fixed issue where settings were not properly removed on uninstall #### 0.4 First release. ## 中繼資料 * 版本 **2.1** * 最後更新 **3 年前** * 啟用安裝數 **20+** * WordPress 版本需求 ** 4.0 或更新版本 ** * 已測試相容的 WordPress 版本 **6.2.9** * PHP 版本需求 ** 7.0 或更新版本 ** * 語言 * [English (US)](https://wordpress.org/plugins/ip-vault-wp-firewall/) * 標籤 * [Brute Force](https://tw.wordpress.org/plugins/tags/brute-force/)[ip](https://tw.wordpress.org/plugins/tags/ip/) [lock](https://tw.wordpress.org/plugins/tags/lock/)[protection](https://tw.wordpress.org/plugins/tags/protection/) [security](https://tw.wordpress.org/plugins/tags/security/) * [進階檢視](https://tw.wordpress.org/plugins/ip-vault-wp-firewall/advanced/) ## 評分 這個項目尚無任何評論記錄。 [Your review](https://wordpress.org/support/plugin/ip-vault-wp-firewall/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/ip-vault-wp-firewall/reviews/) ## 參與者 * [ youtag ](https://profiles.wordpress.org/youtag/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/ip-vault-wp-firewall/) ## 贊助 想要支援這個外掛的發展嗎? [ 贊助這個外掛 ](https://www.paypal.com/donate/?hosted_button_id=Y7VNAG4WC8YMC)