WordPress.org

Taiwan 正體中文

取得 WordPress
WordPress.org

Plugin Directory

Secure Setup

Secure Setup

Deep Rahman 開發
下載

外掛說明

Securing Setup helps protect your WordPress installation by:
1. Allowing users to set recommended file permissions for directories and subdirectories.
2. Automatically modifying the .htaccess file to:
– Protect the debug.log file from being accessed via the web.
– Restrict execution of specific file types (e.g., .png, .jpg), ensuring only selected file types are processed by the web server.
3. Disabling sensitive WordPress endpoints such as:
system.multicall from XML-RPC.
– The users endpoint in the REST API.

The plugin is user-friendly and includes an easy-to-access settings page.

You can view or contribute to the plugin’s source code on GitHub:
[GitHub Repository]https://github.com/deeprahman/sswp)

Features

  • Set directory and subdirectory permissions for enhanced security.
  • Automate .htaccess file modifications.
  • Disable potentially vulnerable endpoints.
  • Tested with the latest version of WordPress.

Notes

After activation, the plugin adds a submenu named File Permission under the Tools menu, where you can configure settings.

安裝方式

  1. Upload the securing-setup folder to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Navigate to Tools > File Permission to configure settings.

常見問題集

What are recommended file permissions?

The plugin will recommend secure file permissions (e.g., 755 for directories and 644 for files) to reduce risks from unauthorized access.

Can I undo `.htaccess` modifications?

Yes, the plugin provides options to revert changes made to the .htaccess file.

Will this plugin break my media uploads or other file handling?

No, you can configure which file types are allowed for execution by the web server, ensuring normal functionality.

What endpoints are disabled by this plugin?

The plugin disables:
– The system.multicall function in XML-RPC to prevent potential attacks.
– The users endpoint in the REST API to hide user enumeration.

使用者評論

這個外掛目前沒有任何使用者評論。

參與者及開發者

以下人員參與了開源軟體〈Secure Setup〉的開發相關工作。

參與者

將〈Secure Setup〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄

變更記錄

1.0.2

  • Readme updated

1.0.1

  • Added OS warning.
  • Implemented REST API rate limiting.

1.0.0

  • Initial release.
  • File permissions management for directories and files.
  • .htaccess customization for secure file handling.
  • Disabled system.multicall and users REST endpoint for added protection.

中繼資料

評分

這個項目尚無任何評論記錄。

新增使用者評論

查看全部使用者評論

技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

檢視技術支援論壇