Mô tả SiteGround Security
Mô tả
With the carefully selected and easy to configure functions the SiteGround Security plugin provides everything you need to secure your website and prevent a number of threats such as brute-force attacks, compromised login, data leaks, and more.
LOGIN SETTINGS
Here you can use the tools we’ve developed to protect your login page from unauthorized visitors, bots, and other malicious behavior.
CUSTOM LOGIN URL
Change the default login url to prevent attacks and have an easily memorisable login URL. You can also change the default sign-up url if you have that option enabled for your website.
Important!
You can revert to the default login type by using the following snippet.
add_action( ‘init’, ‘remove_custom_login_url’ );
function remove_custom_login_url() {
update_option( ‘sg_security_login_type’, ‘default’ );
}
LOGIN ACCESS
Login Access allows you to limit the access of the login page to a specific IP’s or a range of IP’s to prevent malicious login attempts or brute-force attacks.
Important!
If you lock yourself out of your admin panel, you can add the following option to your theme’s function.php, reload the site and then remove it once you have gained access. Keep in mind that this will also remove all IP’s that are allowed to access the login page and a re-configuration will be needed:
add_action( ‘init’, ‘remove_login_access_data’ );
function remove_login_access_data() {
update_option( ‘sg_login_access’, array() );
}
TWO-FACTOR AUTHENTICATION
Two-factor Authentication for Admin User will force all admins to provide a token, generated from the Google Authentication application when logging in.
Important!
You can force other roles to use the Two-Factor authentication as well. Once enabled, you can add your filter as the following.
add_filter( ‘sg_security_2fa_roles’, ‘add_user_roles_to_2fa’ );
function add_user_roles_to_2fa( $roles ) {
$roles[] = ‘your_role’;
return $roles;
}
DISABLE COMMON USERNAMES
Using common usernames like ‘admin’ is a security threat that often results in unauthorised access. By enabling this option we will disable the creation of common usernames and if you already have one ore more users with a weak username, we’ll ask you to provide new one(s).
LIMIT LOGIN ATTEMPTS
With Limit Login Attempts you can specify the number of times users can try to log in with incorrect credentials. If they reach a specific limit, the IP they are attempting to log from will be blocked for an hour. If they continue with unsuccessful attempts, they will be restricted for 24 hours and 7 days after that.
Important!
If you lock yourself out of your admin panel, you can add the following option to your theme’s function.php, reload the site and then remove it once you have gained access. Keep in mind that this will also remove the unsuccessful attempts block for all IP’s:
add_action( ‘init’, ‘remove_unsuccessfull_attempts_block’ );
function remove_unsuccessfull_attempts_block() {
update_option( ‘sg_security_unsuccessful_login’, array() );
}
SITE SECURITY
With this toolset you can harden your WordPress аpplication and keep it safe from malware, exploits and other malicious actions.
LOCK AND PROTECT SYSTEM FOLDERS
Lock and Protect System Folders allows you to block any malicious or unauthorized scripts to be executed in your applications system folders.
HIDE WORDPRESS VERSION
When using Hide WordPress Version you can avoid being marked for mass attacks due to version specific vulnerabilities.
DISABLE THEMES & PLUGINS EDITOR
Disable Themes & Plugins Editor in the WordPress admin to prevent potential coding errors or unauthorized access through the WordPress editor.
DISABLE XML-RPC
You can Disable XML-RPC protocol which was recently used in a number of exploits. Keep in mind that when disabled, it will prevent WordPress from communicating with third-party systems. We recommend using this, unless you specifically need it.
FORCE HTTP STRICT-TRANSPORT-SECURITY (HSTS)
HSTS (HTTP Strict-Transport-Security) is a response header. It allows the website to tell browsers that it should only be accessed using HTTPS, instead of using HTTP. Тhis prevents “man-in-the-middle” attacks and ensures that regular visitors will redirected to the secure version of the website.
DISABLE RSS AND ATOM FEEDS
Disable RSS and ATOM Feeds to prevent content scraping and specific attacks against your site. It’s recommended to use this at all times, unless you have readers using your site via RSS readers.
ADVANCED XSS PROTECTION
By enabling Advanced XSS Protection you can add an additional layer of protection against XSS attacks.
DELETE THE DEFAULT README.TXT
When you Delete the Default Readme.txt which contains information about your website, you reduce the chances of it ending in a potentially vulnerable sites list, used by hackers.
ACTIVITY LOG
Here you can monitor in detail the activity of registered, unknown and blocked visitors. If your site is being hacked, a user or a plugin was compromised, you can always use the quick tools to block their future actions.
Important!
You can set a custom log lifetime ( in days ), using the following filter we have provided for that purpose.
add_filter( ‘sgs_set_activity_log_lifetime’, ‘set_custom_log_lifetime’ );
function set_custom_log_lifetime() {
return ‘your-custom-log-lifetime-in-days’;
}
POST-HACK ACTIONS
REINSTALL ALL FREE PLUGINS
If your website was hacked, you can always try to reduce the harm by using Reinstall All Free Plugins. This will reinstall all of your free plugins, reducing the chance of another exploit or the re-use of malicious code.
LOG OUT ALL USERS
You can Log Out All Users to prevent any further actions done by them or use.
FORCE PASSWORD RESET
Force Password Reset to force all users to change their password upon their next login. This will also log-out all current users instantly.
WP-CLI SUPPORT
In version 1.0.2 we’ve added full WP-CLI support for all plugin options and functionalities.
wp sg limit-login-attempts 0|3|5 – limits the login attempts to 3, 5, or 0 in order to disable it
wp sg login-access add IP – allows only specific IP(s) to access the backend of the website
wp sg login-access list all – lists the whitelisted IP addresses
wp sg login-access remove IP – removes IP from the whitelisted ones
wp sg login-access remove all – removes all of the whitelisted IP addresses
wp sg secure protect-system-folders enable|disable – enables or disables protects system folders option
wp sg secure hide-wordpress-version enable|disable – enables or disables hide WordPress version option
wp sg secure plugins-themes-editor enable|disable – enables or disables plugin and theme editor
wp sg secure xml-rpc enable|disable – enables or disables XML-RPC
wp sg secure rss-atom-feed enable|disable – enables or disables RSS and ATOM feeds
wp sg secure xss-protection enable|disable – enables or disables XSS protection
wp sg secure 2fa enable|disable – enables or disables two-factor authentication
wp sg secure disable-admin-user enable|disable – enables or disables usage of “admin” as username
wp sg log ip add|remove|list
wp sg log ua add|remove|list
wp sg list log-unknown|log-registered|log-blocked –days=
wp sg 2fa reset id ID – Resets the 2fa setup for the user ID.
REQUIREMENTS
WordPress 4.7
PHP 7.0
Working .htaccess filehttps://vi.wordpress.org/plugins/sg-security/
Người đóng góp & Lập trình viên SiteGround Security
Hristo PandjarovSiteGround Security Pro – Premium free có key full crack Dịch vụ SEO TVD SEO
Phiên bản
Đang cập nhật.
Lần cập nhật gần nhất plugin SiteGround Security
Đang cập nhật.
Số lượt kích hoạt plugin SiteGround Security
Đang cập nhật.
Phiên bản WordPress với plugin SiteGround Security
Đang cập nhật.
Đánh giá plugin SiteGround Security
Dịch vụ SEO TVD SEO đánh giá plugin SiteGround Security 6 trên 10 điểm
Link tải Plugin SiteGround Security Pro – Premium free có key full crack
link: https://vi.wordpress.org/plugins/sg-security/