Title: Secure Custom Fields Author: WordPress.org Published: 2024 年 11 月 21 日 Last modified: 2026 年 4 月 30 日 --- 搜尋外掛 ![](https://ps.w.org/secure-custom-fields/assets/banner-772x250.jpg?rev=3194494) ![](https://ps.w.org/secure-custom-fields/assets/icon.svg?rev=3194494) # Secure Custom Fields 由 [WordPress.org](https://profiles.wordpress.org/wordpressdotorg/) 開發 [下載](https://downloads.wordpress.org/plugin/secure-custom-fields.6.8.4.zip) [即時預覽](https://tw.wordpress.org/plugins/secure-custom-fields/?preview=1) * [詳細資料](https://tw.wordpress.org/plugins/secure-custom-fields/#description) * [使用者評論](https://tw.wordpress.org/plugins/secure-custom-fields/#reviews) * [開發資訊](https://tw.wordpress.org/plugins/secure-custom-fields/#developers) [技術支援](https://wordpress.org/support/plugin/secure-custom-fields/) ## 外掛說明 Secure Custom Fields (SCF) extends WordPress’s capabilities, transforming it into a flexible content management tool. With SCF, managing custom data becomes straightforward and efficient. **Easily create fields on demand.** The SCF builder makes it easy to add fields to WordPress edit screens, whether you’re adding a new “ingredients” field to a recipe or designing complex metadata for a specialized site. **Flexibility in placement.** Fields can be applied throughout WordPress—posts, pages, users, taxonomy terms, media, comments, and even custom options pages—organizing your data how you want. **Display seamlessly.** Using SCF functions, you can display custom field data in your templates, making content integration easy for all levels of developers. **A comprehensive content management solution.** Beyond custom fields, SCF allows you to register new post types and taxonomies directly from the SCF interface, providing more control without needing additional plugins or custom code. **Accessible and user-friendly design.** The field interface aligns with WordPress’s native design, creating an experience that’s both accessible and easy for content creators to use. Installing this plugin will deactivate plugins with matching function names/functionality, specifically Advanced Custom Fields, Advanced Custom Fields Pro, and the legacy Secure Custom Fields plugins, to avoid code errors (this is the same behavior as ACF Pro). Read more about Secure Custom Fields at [developer.wordpress.org/secure-custom-fields](https://developer.wordpress.org/secure-custom-fields/). #### 主要特色 * 簡明易用的設定 * 強大的內容管理功能 * 超過 30 種欄位類型 ## 螢幕擷圖 * [[ * Add groups of custom fields. * [[ * Easy to add custom content while writing. * [[ * Need a new post type? Just add it! * [[ * Navigate the various field types with ease. ## 使用者評論 ![](https://secure.gravatar.com/avatar/5a3c7fa91d24b070853e6d77f30b2a7e7ce7039bd6e2defa6ba54bc4456e3ea8? s=60&d=retro&r=g) ### 󠀁[Most needed plugin.](https://wordpress.org/support/topic/most-needed-plugin/)󠁿 [Usman Ahmed](https://profiles.wordpress.org/syedusmanahmed/) 2026 年 4 月 12 日 It is the most needed plugin for any WordPress website in my opinion. I prefer it on ACF because it is a community edition. ![](https://secure.gravatar.com/avatar/ea4720c9ce81ba0c28c0ce0f7d96c5808be7b77420ce6caff5598f10a5c74cb1? s=60&d=retro&r=g) ### 󠀁[Excellent plugin](https://wordpress.org/support/topic/excellent-plugin-9812/)󠁿 [sibony88](https://profiles.wordpress.org/sibony88/) 2026 年 2 月 27 日 Excellent plugin, works smoothly with the system, great with Elementor ![](https://secure.gravatar.com/avatar/269137198aecb27e9025de71538c5d94d4b4e27eb7b7b07898f8b06a61b18937? s=60&d=retro&r=g) ### 󠀁[do not use this plugin](https://wordpress.org/support/topic/do-not-use-this-plugin-67/)󠁿 [createscape](https://profiles.wordpress.org/createscape/) 2026 年 1 月 28 日 1 則留言 The owners of this plugin used poor methods when they stole the plugin repository for ACF, and renamed it Secure Custom Fields, instead of forking and starting a new plugin. At the time they also took all ACF’s positive reviews with them. They seem to have remedied that situation, however they also removed all the bad reviews from people who noticed what they did. If you are looking for a custom fields plugin, use ACF where you can get reliable support and the option to upgrade to ACF pro. ![](https://secure.gravatar.com/avatar/9216ea2f2d26247a3914fa82e4c3c6608525d72a9764d970c5aac3386d43bb40? s=60&d=retro&r=g) ### 󠀁[Great fork](https://wordpress.org/support/topic/great-fork-2/)󠁿 [boykottke](https://profiles.wordpress.org/boykottke/) 2025 年 12 月 19 日 Yeah, it’s a fork. Yeah, it kills WP Engine’s business model. But that’s precisely why it’s necessary: ​​WP Engine built a business for a very long time based on free software with truly useful extensions, without giving anything back to the community. At the same time, they violated the WordPress Codex standards and put users at risk. SCF is what I need. It’s open source, freely available, and secure. Because I’m storing personal data with it, I need a secure solution, not one that thinks what it offers is enough. So thank you for taking a WP standard established by WP Engine and securing it according to community standards. ![](https://secure.gravatar.com/avatar/4ad982b9b9e52bae9da50e1fd7d27cb70e4a05e6a7ae2d2f30d3ddb53770fcd5? s=60&d=retro&r=g) ### 󠀁[Thank you](https://wordpress.org/support/topic/thank-you-3705/)󠁿 [koqpe](https://profiles.wordpress.org/koqpe/) 2025 年 12 月 5 日 Great plugin — lightweight, reliable, and truly secure. Secure Custom Fields protects sensitive data without slowing down the site and integrates smoothly with WordPress workflows. Clean, simple, and does exactly what it promises. Recommended. ![](https://secure.gravatar.com/avatar/e211765d437ba96c71e8659df5d84d7f29bd04219e31e639bda28940aeeeaf23? s=60&d=retro&r=g) ### 󠀁[Best alternative to ACF](https://wordpress.org/support/topic/best-alternative-to-acf/)󠁿 [busingebrian](https://profiles.wordpress.org/busingebrian/) 2025 年 11 月 18 日 This is by far the most useful tool on the internet. [ 閱讀全部 60 則使用者評論 ](https://wordpress.org/support/plugin/secure-custom-fields/reviews/) ## 參與者及開發者 以下人員參與了開源軟體〈Secure Custom Fields〉的開發相關工作。 參與者 * [ WordPress.org ](https://profiles.wordpress.org/wordpressdotorg/) 〈Secure Custom Fields〉外掛目前已有 12 個本地化語言版本。 感謝[全部譯者](https://translate.wordpress.org/projects/wp-plugins/secure-custom-fields/contributors) 為這個外掛做出的貢獻。 [將〈Secure Custom Fields〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/secure-custom-fields) ### 對開發相關資訊感興趣? 任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/secure-custom-fields/)、 查看 [SVN 存放庫](https://plugins.svn.wordpress.org/secure-custom-fields/),或透過 [RSS](https://plugins.trac.wordpress.org/log/secure-custom-fields/?limit=100&mode=stop_on_copy&format=rss) 訂閱[開發記錄](https://plugins.trac.wordpress.org/log/secure-custom-fields/)。 ## 變更記錄 #### 6.8.4 _Release Date 30th April 2026_ _主要特色_ * Backports 6.8.0 and 6.8.0.1 feature work into SCF. * AI integration: SCF now integrates with the WordPress Abilities API, allowing external consumers, including AI tools, to manage field groups, post types, and taxonomies when explicitly enabled via the `enable_acf_ai` feature flag. * Structured data: SCF can now generate JSON-LD structured data fields when explicitly enabled via the `enable_schema` feature flag. * WP-CLI: Added `wp scf json` and backward-compatible `wp acf json` commands for importing, exporting, syncing, and checking the status of SCF JSON files. * Post types: SCF custom post types now support the WordPress 6.9+ Notes editor feature via a new Notes checkbox in the Supports settings. * JSON Schemas: Added v1 schemas for supported field types and updated field group, post type, and taxonomy schemas. _Enhancements_ * Blocks V3: The Open in Expanded Editor button text can now be customized via a new `acf.expandedEditorButtonText` block.json property. * Blocks V3: Added an `acf/blocks/default_expanded_editor_button_text` PHP filter to customize the default Open in Expanded Editor button text. * Blocks V3: The edit and Open in Expanded Editor buttons can now be hidden via a new `acf.expandedEditorButtons` block.json property. * Blocks V3: Added a `blocks/expanded_editor_overlay_class` JavaScript filter for customizing the Expanded Editor modal overlay class. * Blocks V3: The block form HTML is now preloaded alongside the preview, eliminating an extra AJAX call on mount. * Blocks V3: Expanded Editor buttons are now hidden for V3 blocks that have no fields assigned. * SCF inline script tags now use `wp_print_inline_script_tag()` for Content Security Policy (CSP) compliance and nonce support. _Fixes_ * V3 blocks with WYSIWYG fields no longer enqueue TinyMCE editor assets on the frontend. * V3 blocks with identical attributes and different InnerBlocks content no longer return cached output from the first block on the frontend. * Flexible Content fields now properly clean up nested postmeta when a parent layout containing nested Flexible Content fields is deleted. * The Expanded Editor Done button now stays disabled until the AJAX save completes, preventing data loss. * Pressing Escape while the Expanded Editor is saving will no longer close the modal, preventing data loss. * InnerBlocks content containing backslashes or dollar signs now renders correctly. * Auto Inline Editing now only applies to SCF Blocks V3, resolving incorrect hover/ focus borders appearing on V2 blocks. * Auto Inline Editing blocks now receive block context variables in render templates. * Auto Inline Editing now works with blocks using `renderCallback`. * Validation errors in the V3 Expanded Editor no longer cause a dead-end state. * Icon Picker selections in Repeater fields no longer disappear. * Range field number input now syncs to the slider and correctly updates V3 block previews. * Message field Name and Instructions settings are no longer shown in the field group editor. * Image field no longer crashes in WordPress 7.0 release candidates. * V3 blocks registered via PHP now correctly show the Open in Expanded Editor button. * Flexible Content disabled layouts now work correctly in Blocks V3. #### 6.8.3 _Release Date 22th April 2026_ _Fixes_ * Fix command palette type error on wp-admin. * Plugins requiring ACF are also validated for SCF. * REST API calls now honor the user’s `unfiltered_html` capability. * Block Preview rendering now verifies the user can edit the target post. * Paginated Repeater fields now verify the user can edit the target post. * Flexible Content layout title AJAX requests now validate a security nonce. * Clone field AJAX endpoints now enforce SCF admin permissions on field group listings. #### 6.8.2 _Release Date 24th March 2026_ _Fixes_ * AJAX Handlers: Prefix field-specific nonces to resolve an issue where third-party nonces could be treated as valid for AJAX calls. * Block Preview: Verify that user has access to post specified via block context. * Repeater Field: Verify that user has access to specified post. * REST API: Apply KSES sanitization to field content saved by users without `unfiltered_html` capabilities. * REST API: Respect `show_in_rest` setting for field groups in `/types` endpoint. #### 6.8.1 _Release Date 11th March 2026_ _Backports from 6.7.1_ * Security – User field AJAX queries now enforce field-configured role restrictions and validate search permissions. * Security – Post Object, Relationship, and Page Link field AJAX queries now enforce field-configured restrictions for post status, post type, and taxonomy. * Site Health – Track blocks using auto inline editing. #### 6.8.0 _Release Date 30 Dec 2025_ _主要特色_ * Abilities integration: addded field abilities for Field Groups. * Abilities integration: added trash/untrash abilities for internal post types. * All backports up to 6.7.0.2. * JSON Schemas: Added several fields schemas. * WooCommerce HPOS: Added support for custom fields on any WooCommerce Order Types. * Added PHPUnit tests. _Fixes_ * Hide duplicated Command Palette Commands on WP 6.9+. * Fix field schema validation for WP Rest API. * Fix checkbox toggle functionality. #### 6.7.0 #### 6.7.1 _Release Date 10 Dec 2025_ _主要特色_ * JSON Schemas: Added Options Pages schema. _Fixes_ * Fixed too-early validation of schemas causing a fatal error. * Fix block validation on WordPress 6.2. #### 6.7.0 _Release Date 3 Dec 2025_ _主要特色_ * Tested compatibility up to WordPress 6.9. * Abilities support. Taxonomy abilities. * JSON schemas. Taxonomy schema. #### 6.6.0 _Release Date 19 Nov 2025_ _主要特色_ * Backported features up to 6.6.0. * Abilities API integration. Post Type abilities. * JSON schemas validation infrastructure. _Fixes_ * Fixed Function in network.php * SCF label in “More” menu. * Get the formatted_value from the original field value. * Blocks V3: Fix flexible content not working in sidebar – modal. * Use specific entity prefixes for key generation when duplicating entities. #### 6.5.7 _Release Date 28 Aug 2025_ _主要特色_ * Flexible Content layouts can now be renamed in the post editor, giving content editors better clarity when managing layouts. * Flexible Content layouts can now be disabled, preventing them from rendering on the frontend without needing to delete their data. * Flexible Content layouts can now be collapsed and expanded in bulk for faster content editing. * Editing a Flexible Content layout now highlights the layout being edited, making it easier to identify. * The Date and Date Time Picker fields can now be configured to default to the current date. * Custom Icon Picker tabs now work correctly when used inside an ACF Block. * Duplicating a Field Group no longer causes a fatal error when using Russian translations. * ACF classes no longer use dynamic class properties, improving compatibility with PHP 8.2+. * Field group metabox collapse and expand buttons are no longer misaligned in the post editor. * HTML is now escaped from field validation errors and tooltips. * Added a new source parameter to the /wp/v2/types REST API endpoint that allows filtering post types by their origin: core (WordPress built-in), scf (for SCF managed types), or other for the rest of CPTs. _Security_ – Unsafe HTML in field group labels is now correctly escaped for conditionally loaded field groups, resolving a JS execution vulnerability in the classic editor. – HTML is now escaped from field group labels when output in the ACF admin. – Bidirectional and Conditional Logic Select2 elements no longer render HTML in field labels or post titles. – The acf.escHtml function now uses the third party DOMPurify library to ensure all unsafe HTML is removed. A new esc_html_dompurify_config JS filter can be used to modify the default behaviour. – Post titles are now correctly escaped whenever they are output by ACF code. Thanks to Shogo Kumamaru of LAC Co., Ltd. for the responsible disclosure. – An admin notice is now displayed when version 3 of the Select2 library is used, as it has now been deprecated in favor of version 4. #### 6.5.6 Release discarded due to SVN errors. #### 6.5.5 _Release Date 31 Jul 2025_ _主要特色_ * Connect block attributes with custom fields via UI. * Remove the word ‘New’ from default `add-new*` label values. _Bug Fixes_ * Bug fix: Prevent fatal if class does not exist on Beta Features. #### 6.5.4 _Release Date 30 Jul 2025_ Revert from 6.5.2. #### 6.5.2 _Release Date 30 Jul 2025_ _主要特色_ * Connect block attributes with custom fields via UI. * Remove the word ‘New’ from default `add-new*` label values. #### 6.5.1 _Release Date 2 Jul 2025_ _Bug Fixes_ * Command Palette: Use `@wordpress\icons` instead of Dashicons. #### 6.5.0 _Release Date 23 Jun 2025_ _Enhancements & Features_ * Added Command Palette support. * Added editor preview to acf-field source. * Added an endpoint to retrieve the custom fields of a post type. * Added nav menu as field type. * Added compatibility with Woo HPOS for order fields and subscriptions. ( Ported from ACF ) * Create new options when editing a fields value on Selector. ( Ported from ACF) * The “Escaped HTML” warning notice is now disabled by default. ( Ported from ACF) * Added new `acf/fields/icon_picker/{tab_name}/icons` filter ( Ported from ACF ) _Bug Fixes_ * Update initialization of the acfL10n object to ensure it’s available globally. * SCF Blocks are now forced into preview mode when editing a synced pattern. ( Ported from ACF ) * SCF no longer causes an infinite loop in bbPress when editing replies. ( Ported from ACF ) * Changing a field type no longer enables the “Allow Access to Value in Editor UI” setting. ( Ported from ACF ) * Blocks registered via acf_register_block_type() with a `parent` value of `null` no longer fail to register. ( Ported from ACF ) * Fix AJAX repeater pagination. ( Ported from ACF ) * Paginated Repeater fields no longer save duplicate values when saving to a WooCommerce Order with HPOS disabled ( Ported from ACF ) _Testing_ * Added an initial batch of e2e tests. #### 6.4.2 _Release Date 14 Apr 2025_ * Resolved issue with shortcode translation not parsing correctly. * Improve validation for an URL on field admin. #### 6.4.1 _Release Date 7 Mar 2025_ * Forked from Advanced Custom Fields® * Various updates to coding standards. * Updated to rely on the WordPress.org translation packs for all strings. #### 6.3.9 _Release Date 22nd October 2024_ * Version update release #### 6.3.6.3 _Release Date 15th October 2024_ * Security – Editing a Field in the Field Group editor can no longer execute a stored XSS vulnerability. Thanks to Duc Luong Tran (janlele91) from Viettel Cyber Security for the responsible disclosure * Security – Post Type and Taxonomy metabox callbacks no longer have access to any superglobal values, hardening the original fix from 6.3.6.2 even further * Fix – SCF Fields now correctly validate when used in the block editor and attached to the sidebar #### 6.3.6.2 _Release Date 12th October 2024_ * Security – Harden fix in 6.3.6.1 to cover $_REQUEST as well. * Fork – Change name of plugin to Secure Custom Fields. #### 6.3.6.1 _Release Date 7th October 2024_ * Security – SCF defined Post Type and Taxonomy metabox callbacks no longer have access to $_POST data. (Thanks to the Automattic Security Team for the disclosure) ## 社群版外掛 這個外掛由社群人員開發及提供技術支援。 [參與這個外掛專案](https://github.com/wordpress/secure-custom-fields/) ## 中繼資料 * 版本 **6.8.4** * 最後更新 **6 天前** * 啟用安裝數 **70,000+** * WordPress 版本需求 ** 6.2 或更新版本 ** * 已測試相容的 WordPress 版本 **6.9.4** * PHP 版本需求 ** 7.4 或更新版本 ** * 語言 * [Bengali (Bangladesh)](https://bn.wordpress.org/plugins/secure-custom-fields/)、 [Chinese (China)](https://cn.wordpress.org/plugins/secure-custom-fields/)、[Dutch](https://nl.wordpress.org/plugins/secure-custom-fields/)、 [Dutch (Belgium)](https://nl-be.wordpress.org/plugins/secure-custom-fields/)、 [English (US)](https://wordpress.org/plugins/secure-custom-fields/)、[Korean](https://ko.wordpress.org/plugins/secure-custom-fields/)、 [Polish](https://pl.wordpress.org/plugins/secure-custom-fields/)、[Russian](https://ru.wordpress.org/plugins/secure-custom-fields/)、 [Spanish (Chile)](https://cl.wordpress.org/plugins/secure-custom-fields/)、[Spanish (Ecuador)](https://es-ec.wordpress.org/plugins/secure-custom-fields/)、 [Spanish (Spain)](https://es.wordpress.org/plugins/secure-custom-fields/)、[Swedish](https://sv.wordpress.org/plugins/secure-custom-fields/)、 及 [Vietnamese](https://vi.wordpress.org/plugins/secure-custom-fields/). * [將這個外掛本地化為你的母語版本](https://translate.wordpress.org/projects/wp-plugins/secure-custom-fields) * 標籤: * [custom fields](https://tw.wordpress.org/plugins/tags/custom-fields/)[fields](https://tw.wordpress.org/plugins/tags/fields/) [meta](https://tw.wordpress.org/plugins/tags/meta/)[scf](https://tw.wordpress.org/plugins/tags/scf/) * [進階檢視](https://tw.wordpress.org/plugins/secure-custom-fields/advanced/) ## 評分 4.7 星,滿分為 5 星 * [ 56 個 5 星使用者評論 ](https://wordpress.org/support/plugin/secure-custom-fields/reviews/?filter=5) * [ 0 個 4 星使用者評論 ](https://wordpress.org/support/plugin/secure-custom-fields/reviews/?filter=4) * [ 0 個 3 星使用者評論 ](https://wordpress.org/support/plugin/secure-custom-fields/reviews/?filter=3) * [ 0 個 2 星使用者評論 ](https://wordpress.org/support/plugin/secure-custom-fields/reviews/?filter=2) * [ 4 個 1 星使用者評論 ](https://wordpress.org/support/plugin/secure-custom-fields/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/secure-custom-fields/reviews/#new-post) [查看全部使用者評論](https://wordpress.org/support/plugin/secure-custom-fields/reviews/) ## 參與者 * [ WordPress.org ](https://profiles.wordpress.org/wordpressdotorg/) ## 技術支援 最近 2 個月解決的問題: 總計 1 個問題,已解決 0 個 [檢視技術支援論壇](https://wordpress.org/support/plugin/secure-custom-fields/)