Title: OOSOFT WAF Security Author: oosoft Published: 2026 年 5 月 13 日 Last modified: 2026 年 5 月 15 日 --- 搜尋外掛 ![](https://ps.w.org/oosoft-waf-security/assets/icon-256x256.png?rev=3531218) # OOSOFT WAF Security 由 [oosoft](https://profiles.wordpress.org/oosoft/) 開發 [下載](https://downloads.wordpress.org/plugin/oosoft-waf-security.zip) * [詳細資料](https://tw.wordpress.org/plugins/oosoft-waf-security/#description) * [使用者評論](https://tw.wordpress.org/plugins/oosoft-waf-security/#reviews) * [安裝方式](https://tw.wordpress.org/plugins/oosoft-waf-security/#installation) * [開發資訊](https://tw.wordpress.org/plugins/oosoft-waf-security/#developers) [技術支援](https://wordpress.org/support/plugin/oosoft-waf-security/) ## 外掛說明 OOSOFT WAF Security is a comprehensive WordPress security plugin that acts as an application-level Web Application Firewall. It protects your site in real-time by filtering malicious requests, scanning uploads for malware, and maintaining detailed security logs. #### Free Features **Request Firewall** * SQL injection pattern detection and blocking * Cross-site scripting (XSS) pattern detection and blocking * Dangerous user-agent blocking (scanners, exploit tools) * XML-RPC endpoint protection * Brute-force login rate limiting **Upload Malware Protection** * Block uploads with dangerous file extensions (PHP, ASP, shell scripts, etc.) * Detect and block double-extension attacks (e.g., file.jpg.php) * Basic malware signature scanning of file contents * Admin email notification on blocked uploads * Full audit trail for upload attempts **Security Logging** * Detailed log of every blocked attack * Detailed log of every blocked upload attempt * IP address, user agent, request URI, and attack payload recorded * Configurable log retention period * Dashboard view of recent security events #### Pro Features (Coming Soon) * Imunify360 integration for advanced scanning * Auto-detect scanning engine (built-in, Imunify360, or automatic) * Quarantine suspicious uploads * Temporary automatic IP bans * Custom malware signature rules #### About OOSOFT Technology OOSOFT Technology specialises in WordPress security solutions. Visit [https://oosoft.co.in](https://oosoft.co.in) to learn more. ## 安裝方式 1. Upload the `oosoft-waf-security` folder to the `/wp-content/plugins/` directory. 2. Activate the plugin through the **Plugins** menu in WordPress. 3. Navigate to **WAF Security** in the WordPress admin menu to configure your settings. 4. Review the dashboard to confirm all protection modules are active. ## 常見問題集 ### Will this plugin slow down my site? No. The WAF runs lightweight pattern matching on incoming requests. The performance overhead is negligible on any modern server. ### Will XML-RPC protection break the WordPress mobile app? Yes. If you use the official WordPress mobile app or services that rely on XML-RPC( such as Jetpack), leave XML-RPC protection disabled. Only enable it if you do not use any XML-RPC-dependent services. ### Can I whitelist my own IP address? IP whitelisting is planned for a future release. Currently, all requests are subject to the same firewall rules. ### What file extensions are blocked by the upload scanner? The scanner blocks server-executable extensions including PHP variants (php, php3, php4, php5, php7, php8, phtml, pht, phar), ASP variants, shell scripts (sh, bash, csh), CGI scripts (cgi, pl, py, rb), and compiled executables (exe, dll, bat, cmd). Standard image, document, and media files are unaffected. ### How do I report a security vulnerability in this plugin? Please report security issues responsibly by emailing the author via https://oosoft. co.in. Do not open a public issue. ### Is this plugin compatible with multisite? Single-site operation is fully supported. Multisite compatibility is planned for a future release. ## 使用者評論 這個外掛目前沒有任何使用者評論。 ## 參與者及開發者 以下人員參與了開源軟體〈OOSOFT WAF Security〉的開發相關工作。 參與者 * [ oosoft ](https://profiles.wordpress.org/oosoft/) [將〈OOSOFT WAF Security〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/oosoft-waf-security) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/oosoft-waf-security/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/oosoft-waf-security/),或透過 [RSS](https://plugins.trac.wordpress.org/log/oosoft-waf-security/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/oosoft-waf-security/)。 ## 變更記錄 #### 1.0.0 * Initial release. * Request firewall with SQL injection, XSS, and bad user-agent blocking. * XML-RPC protection toggle. * Brute-force login rate limiting. * Upload malware scanner with extension and signature checks. * Security logging with configurable retention. * Admin dashboard with attack statistics. * Pro feature architecture (gated, not yet activated). ## 中繼資料 * 版本 **1.0.0** * 最後更新 **45 分鐘前** * 啟用安裝數 **少於 10 次** * WordPress 版本需求 ** 5.9 或更新版本 ** * 已測試相容的 WordPress 版本 **6.9.4** * PHP 版本需求 ** 7.4 或更新版本 ** * 語言 * [English (US)](https://wordpress.org/plugins/oosoft-waf-security/) * 標籤: * [Brute Force](https://tw.wordpress.org/plugins/tags/brute-force/)[firewall](https://tw.wordpress.org/plugins/tags/firewall/) [malware](https://tw.wordpress.org/plugins/tags/malware/)[security](https://tw.wordpress.org/plugins/tags/security/) [WAF](https://tw.wordpress.org/plugins/tags/waf/) * [進階檢視](https://tw.wordpress.org/plugins/oosoft-waf-security/advanced/) ## 評分 這個項目尚無任何評論記錄。 [Your review](https://wordpress.org/support/plugin/oosoft-waf-security/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/oosoft-waf-security/reviews/) ## 參與者 * [ oosoft ](https://profiles.wordpress.org/oosoft/) ## 技術支援 使用者可在技術支援論壇提出意見反應或使用問題。 [檢視技術支援論壇](https://wordpress.org/support/plugin/oosoft-waf-security/) ## 贊助 想要支援這個外掛的發展嗎? [ 贊助這個外掛 ](https://buymeacoffee.com/oosoft)