這個外掛並未在最新的 3 個 WordPress 主要版本上進行測試。開發者可能不再對這個外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。

下載

WP Best Practices

Ed Orsini 開發

外掛說明

This plugin is designed to implement the latest WordPress best practices
around security into your WordPress website.

Features

  1. Deny access to the wp-config.php file to anyone surfing for it. https://codex.wordpress.org/Hardening_WordPress#Securing_wp-config.php
  2. Deny access to .svn files to anyone surfing for it.
  3. Block access to wp-includes scripts to not intended users. https://codex.wordpress.org/Hardening_WordPress#Securing_wp-includes
  4. Disable file editing. https://codex.wordpress.org/Hardening_WordPress
  5. Remove the Compatibility View button on Internet Explorer.
  6. Remove the meta name generator tag from the header of every page, including RSS feeds, which contains your site’s WordPress version.
  7. Disable the XML-RPC (pingback) functionality to help avoid DDoS attacks. http://bit.ly/1o9RsFA

For more information, questions, requests, or comments, please email the developer.

螢幕擷圖

  • This screen shot illustrates the admin section of the plugin which allows you to hide the login page

安裝方式

This section describes how to install the plugin and get it working.

  1. Upload the wp-best-standards.zip to the /wp-content/plugins/ directory
  2. Unzip the file
  3. Activate the plugin through the ‘Plugins’ menu in WordPress
  4. You are all set! Enjoy!

常見問題集

The Meta Name Generator is still displaying the WordPress version. How could this be?

Make sure that your template does not have a hard coded reference within the header.php file. Some older templates seem to have this reference. Please delete or comment the line.

使用者評論

這個外掛目前沒有任何使用者評論。

參與者及開發者

以下人員參與了開源軟體〈WP Best Practices〉的開發相關工作。

參與者

將〈WP Best Practices〉外掛本地化為台灣繁體中文版

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄

變更記錄

1.5.3

  • Performed code cleanup and removed functionality not used.

1.5.3

  • Clean up.

1.5.1

  • Removes the compatibility mode from Internet Explorer

1.5

  • Clean up.

1.4

  • Disables the file editing of themes and plugins in the admin dashboard.
  • Secures the wp-includes folder.
  • Secures the wp-config.php file.

1.3

  • This release disabled the XML-RPC functionality in order to help prevent denial-of-service (DDoS) attacks.

1.2

  • Minor code cleanup.

1.1

  • This release included the ability to hide the WordPress version from the wp-login.php file.
  • Minor code cleanup.

1.0

  • The original release of this plugin.
  • This release included the ability to remove the WordPress version from the meta generator tag and the readme.html file.

中繼資料

評分

這個外掛尚無任何評分記錄。

登入以提交評論

參與者

技術支援

使用者可在技術支援論壇提出意見反應或使用問題。

檢視技術支援論壇