Title: Steel Security &amp; Hardening – Site Audit Tools
Author: sweetwatermedia
Published: <strong>2026 年 4 月 28 日</strong>
Last modified: 2026 年 4 月 28 日

---

搜尋外掛

![](https://ps.w.org/steel-security/assets/banner-772x250.png?rev=3517816)

![](https://ps.w.org/steel-security/assets/icon-256x256.png?rev=3517818)

# Steel Security & Hardening – Site Audit Tools

 由 [sweetwatermedia](https://profiles.wordpress.org/sweetwatermedia/) 開發

[下載](https://downloads.wordpress.org/plugin/steel-security.1.0.4.zip)

 * [詳細資料](https://tw.wordpress.org/plugins/steel-security/#description)
 * [使用者評論](https://tw.wordpress.org/plugins/steel-security/#reviews)
 *  [安裝方式](https://tw.wordpress.org/plugins/steel-security/#installation)
 * [開發資訊](https://tw.wordpress.org/plugins/steel-security/#developers)

 [技術支援](https://wordpress.org/support/plugin/steel-security/)

## 外掛說明

Steel Security & Hardening – Site Audit Tools focuses on practical security hygiene
for WordPress administrators.

The free plugin provides:

 * on-demand security scans
 * risk summaries grouped by severity and category
 * checks for common WordPress hardening gaps
 * checks for exposed root-level artifacts such as `.env`, SQL dumps, `phpinfo` 
   files, and backup archives
 * a quarantine vault for operator-reviewed file isolation
 * uploads PHP execution blocking on supported server environments
 * manual guidance when automatic server hardening is not safely supported

This plugin is positioned as an auditing and hardening tool. It helps surface risk
and apply selected preventive controls, but it does not promise malware removal,
incident response, or complete server protection.

#### Included checks

The scan currently looks for items such as:

 * PHP error display exposure
 * `WP_DEBUG` and `debug.log` exposure
 * XML-RPC availability
 * author and REST user enumeration exposure
 * theme/plugin file editor availability
 * WordPress generator meta output
 * comments enabled by default
 * uploads PHP execution hardening status
 * root-level sensitive files and archives

#### Server-aware behavior

This plugin only auto-applies server config changes where it can do so in a scoped
and reversible way.

 * Apache and LiteSpeed: uploads PHP blocking is managed through a Steel Security-
   marked `.htaccess` block
 * IIS: uploads PHP blocking is managed through a Steel Security-marked `web.config`
   section
 * Nginx and unsupported environments: Steel Security provides manual guidance instead
   of claiming automatic protection

#### Pro companion

This plugin can work with a separate Pro companion plugin that adds features such
as scheduled scans, scan history, reports, and managed server-level controls such
as directory listing protection and baseline security headers. The free plugin remains
usable on its own.

## 安裝方式

 1. Upload the plugin files to the `/wp-content/plugins/steel-security` directory, 
    or install the plugin through the WordPress plugins screen.
 2. Activate the plugin through the ‘Plugins’ screen in WordPress.
 3. Open `Steel Security` in wp-admin to review the dashboard, run a scan, and configure
    hardening controls.

## 常見問題集

### Does this plugin make remote calls?

The free plugin does not rely on a third-party service for core scanning or hardening,
and it does not require remote API calls for its free feature set.

### Does this plugin remove malware automatically?

No. This plugin is designed to audit, surface risk, and help with selective hardening
and operator-reviewed quarantine workflows. It should not be described as an automatic
malware removal tool.

### Will this plugin edit my server configuration?

Only for specific controls where the plugin can write a clearly delimited, reversible
block on supported servers. Unsupported environments receive manual guidance instead.

### What happens on uninstall?

The plugin removes its stored scan data, settings, and hardening rollback metadata.
Quarantine payloads are intentionally preserved so operators can review and handle
them manually.

## 使用者評論

這個外掛目前沒有任何使用者評論。

## 參與者及開發者

以下人員參與了開源軟體〈Steel Security & Hardening – Site Audit Tools〉的開發相關
工作。

參與者

 *   [ sweetwatermedia ](https://profiles.wordpress.org/sweetwatermedia/)

[將〈Steel Security & Hardening – Site Audit Tools〉外掛本地化為台灣繁體中文版](https://translate.wordpress.org/projects/wp-plugins/steel-security)

### 對開發相關資訊感興趣？

任何人均可[瀏覽程式碼](https://plugins.trac.wordpress.org/browser/steel-security/)、
查看 [SVN 存放庫](https://plugins.svn.wordpress.org/steel-security/)，或透過 [RSS](https://plugins.trac.wordpress.org/log/steel-security/?limit=100&mode=stop_on_copy&format=rss)
訂閱[開發記錄](https://plugins.trac.wordpress.org/log/steel-security/)。

## 變更記錄

#### 1.0.4

 * refreshed the free plugin release package for the latest WordPress.org submission

#### 1.0.3

 * finalized the WordPress.org review follow-up fixes, removed dormant Pro-only 
   local hardening code from Free, moved rollback metadata out of uploads, and refreshed
   the release package

#### 1.0.2

 * rebuilt the free plugin package after final WordPress.org review fixes and packaging
   updates

#### 1.0.1

 * clarified advisory-only handling for `DISALLOW_FILE_MODS` and excluded it from
   hardening posture scoring
 * moved managed directory listing and baseline security headers fully into the 
   Pro companion plugin
 * replaced hardening-page Pro placeholders with a contextual upgrade section
 * moved admin-page JavaScript to enqueued assets and tightened WordPress.org review
   compliance

#### 1.0.0

 * finalized WordPress.org-compliant free plugin naming and packaging
 * aligned Pro package naming to Steel Security Pro for clearer installs
 * refreshed the Steel Security logo asset in the admin header

#### 0.1.2

 * narrowed backup archive detection to avoid false positives from plugin files 
   in backup-related paths
 * improved first-scan dashboard messaging so new installs prompt for a scan instead
   of showing a misleading high-risk empty state
 * improved action button labels and tooltips for quarantine workflows
 * tightened uninstall cleanup for Free and Pro-owned data and rollback metadata

#### 0.1.1

 * refreshed release packaging
 * improved dashboard and scan presentation

## 中繼資料

 *  版本 **1.0.4**
 *  最後更新 **3 個月前**
 *  啟用安裝數 **20+**
 *  WordPress 版本需求 ** 6.4 或更新版本 **
 *  已測試相容的 WordPress 版本 **6.9.4**
 *  PHP 版本需求 ** 8.0 或更新版本 **
 *  語言
 * [English (US)](https://wordpress.org/plugins/steel-security/)
 * 標籤:
 * [audit](https://tw.wordpress.org/plugins/tags/audit/)[hardening](https://tw.wordpress.org/plugins/tags/hardening/)
   [scanner](https://tw.wordpress.org/plugins/tags/scanner/)[security](https://tw.wordpress.org/plugins/tags/security/)
 *  [進階檢視](https://tw.wordpress.org/plugins/steel-security/advanced/)

## 評分

這個項目尚無任何評論記錄。

[Your review](https://wordpress.org/support/plugin/steel-security/reviews/#new-post)

[查看全部使用者評論](https://wordpress.org/support/plugin/steel-security/reviews/)

## 參與者

 *   [ sweetwatermedia ](https://profiles.wordpress.org/sweetwatermedia/)

## 技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

 [檢視技術支援論壇](https://wordpress.org/support/plugin/steel-security/)