Descripció
This plugin integrates with the WPVulnerability API to provide real-time vulnerability assessments for your WordPress core, plugins, themes, PHP version, Apache HTTPD, nginx, MariaDB, MySQL, ImageMagick, curl, memcached, Redis, and SQLite.
It delivers detailed reports directly within your WordPress dashboard, helping you stay aware of potential security risks. Configure the plugin to send periodic notifications about your site’s security status, ensuring you remain informed without being overwhelmed. Designed for ease of use, it supports proactive security measures without storing or retrieving any personal data from your site.
Fiabilitat de les dades
La informació que proporciona la base de dades d’informació prové de diferents fonts que han estat revisades per tercers. No hi ha cap mena de responsabilitat per la informació. Actua sota el teu propi risc.
Using the plugin
WP-CLI
You can use the following WP-CLI commands to manage and check vulnerabilities:
- Core:
wp wpvulnerability core
- Plugins:
wp wpvulnerability plugins
- Themes:
wp wpvulnerability themes
- PHP:
wp wpvulnerability php
- Apache HTTPD:
wp wpvulnerability apache
- nginx:
wp wpvulnerability nginx
- MariaDB:
wp wpvulnerability mariadb
- MySQL:
wp wpvulnerability mysql
- ImageMagick:
wp wpvulnerability imagemagick
- curl:
wp wpvulnerability curl
- memcached:
wp wpvulnerability memcached
- Redis:
wp wpvulnerability redis
- SQLite:
wp wpvulnerability sqlite
All commands support the --format
option to specify the output format:
--format=table
: Displays the results in a table format (default).--format=json
: Displays the results in JSON format.
Need help?
wp wpvulnerability --help
: Displays help information for WPVulnerability commands.wp wpvulnerability [command] --help
: Displays help information for a WPVulnerability command.
REST API
The WPVulnerability plugin provides several REST API endpoints to fetch vulnerability information for different components of your WordPress site.
- Core:
/wpvulnerability/v1/core
- Plugins:
/wpvulnerability/v1/plugins
- Themes:
/wpvulnerability/v1/themes
- PHP:
/wpvulnerability/v1/php
- Apache HTTPD:
/wpvulnerability/v1/apache
- nginx:
/wpvulnerability/v1/nginx
- MariaDB:
/wpvulnerability/v1/mariadb
- MySQL:
/wpvulnerability/v1/mysql
- ImageMagick:
/wpvulnerability/v1/imagemagick
- curl:
/wpvulnerability/v1/curl
- memcached:
/wpvulnerability/v1/memcached
- Redis:
/wpvulnerability/v1/redis
- SQLite:
/wpvulnerability/v1/sqlite
The WPVulnerability REST API uses Application Passwords for authentication. You need to include a valid Application Password in the Authorization header of your requests.
Example Request with Authentication
curl -X GET https://example.com/wp-json/wpvulnerability/v1/plugins -u username:application_password
Replace username with your WordPress username
and application_password
with your Application Password.
Extra Configurations
“From:” mail (since: 3.2.2)
If, for some reason, you need the emails sent by the plugin to have a From different from the site administrator, you can change it from the wp-config.php
by adding a constant:
define( 'WPVULNERABILITY_MAIL', 'sender@example.com' );
If the constant is active, it will be visible in the configuration screen.
Compatibilitat
- WordPress: 4.1 – 6.7
- PHP: 5.6 – 8.4
- WP-CLI: 2.3.0 – 2.11.0
Seguretat
Aquesta extensió s’adhereix a les següents mesures de seguretat i protocols de revisió per a cada versió:
- WordPress Plugin Handbook
- WordPress Plugin Security
- WordPress APIs Security
- WordPress Coding Standards
- Plugin Check (PCP)
- SonarCloud Code Review
Privadesa
- Aquesta extensió o la WordPress Vulnerability Database API no recopila cap informació sobre el lloc, la identitat, les extensions, temes o contingut que té el lloc.
Vulnerabilitats
- No vulnerabilities have been published up to version 4.0.2.
Heu trobat una vulnerabilitat de seguretat? Informeu-nos en privat en el repositori de GitHub de WPVulnerability.
Col·laboradors
Podeu contribuir a aquesta extensió al repositori GitHub de WPVulnerability.
Captures
Instal·lació
Descàrrega automàtica
Visita la secció d’extensions del WordPress, cerca [wpvulnerability]; Baixa i instal·la l’extensió.
Descàrrega manual
Extraieu el contingut del ZIP i carregueu el contingut al directori /wp-content/plugins/wpvulnerability/
. Un cop pujat, apareixerà a la llista de plugins.
PMF
-
D’on prové la informació sobre vulnerabilitats?
-
L’origen està en l’API WPVulnerability.com. Les vulnerabilitats que apareixen en aquesta API provenen de diferents fonts, com ara les CVE.
-
Les dades del meu lloc s’envien a algun lloc?
-
No. Mai. La teva privacitat és molt important per a nosaltres. No comercialitzem amb les teves dades.
-
Quines vulnerabilitats em trobaré?
-
Vulnerabilities in WordPress Core, Plugins, Themes, PHP, Apache HTTPD, nginx, MariaDB, MySQL, ImageMagick, curl, memcached, Redis, and SQLite are documented.
-
Què faig si el meu lloc web té una vulnerabilitat?
-
First of all, peace of mind. Investigate what the vulnerability is and, above all, check that you have the latest version of the compromised element. We actively recommend that you keep all your WordPress and its plugins up to date. Contact your hosting provider to patch non-WordPress vulnerabilities (like web server, databases, and other software).
Ressenyes
Col·laboradors i desenvolupadors
«WPVulnerability» és programari de codi obert. La següent gent ha col·laborat en aquesta extensió.
Col·laboradors“WPVulnerability” s’ha traduït a 13 configuracions regionals. Gràcies als traductors per les seves aportacions.
Traduïu «WPVulnerability» a la vostra llengua.
Interessats en el desenvolupament?
Navegueu pel codi, baixeu-vos el repositori SVN, o subscriviu-vos al registre de desenvolupament per fisl de subscripció RSS.
Registre de canvis
[4.0.3] – 2024-10-28
- Recreation of the 4.0.2 version. Something did not created the 4.0.2 version.
[4.0.2] – 2024-10-25
Corregit
- ImageMagick: it crashes in some cases where the hosting does not have ImageMagick.
Compatibilitat
- WordPress: 4.1 – 6.7
- PHP: 5.6 – 8.4
- WP-CLI: 2.3.0 – 2.11.0
Tests
- PHP Coding Standards: 3.10.3
- WordPress Coding Standards: 3.1.0
- Plugin Check (PCP): 1.1.0
- SonarCloud Code Review
[4.0.1] – 2024-10-04
Corregit
- API endpoints: some API endpoints were failing.
- CLI endpoints: some CLI endpoints were failing.
Compatibilitat
- WordPress: 4.1 – 6.7
- PHP: 5.6 – 8.4
- WP-CLI: 2.3.0 – 2.11.0
Tests
- PHP Coding Standards: 3.10.3
- WordPress Coding Standards: 3.1.0
- Plugin Check (PCP): 1.1.0
- SonarCloud Code Review
[4.0.0] – 2024-10-01
Afegit
- ImageMagic vulnerabilities (Site Health + WP-CLI + API + mail).
- curl vulnerabilities (Site Health + WP-CLI + API + mail).
- memcached vulnerabilities (Site Health + WP-CLI + API + mail).
- Redis vulnerabilities (Site Health + WP-CLI + API + mail).
- SQLite vulnerabilities (Site Health + WP-CLI + API + mail).
Corregit
- Test email without email.
- Improved MariaDB 11.x detection.
- Improved versions detection (major-minor.patch-build).
- WordPress < 5.3: use of wp_date().
- WordPress < 5.0: locale detection.
- Dashboard widget only for users with capabilities.
- WordPress < 5.2: link to Site Health
Modificat
- Big refactory.
- Less files, less size, improved code quality.
Compatibilitat
- WordPress: 4.1 – 6.7
- PHP: 5.6 – 8.4
- WP-CLI: 2.3.0 – 2.11.0
Tests
- Manual Testing:
- WordPress 6.7 / PHP 8.4
- WordPress 6.6 / PHP 8.3
- WordPress 6.4 / PHP 8.2
- WordPress 6.1 / PHP 8.1
- WordPress 5.8 / PHP 8.0
- WordPress 5.5 / PHP 7.4
- WordPress 5.3 / PHP 7.3
- WordPress 4.9 / PHP 7.2
- WordPress 4.8 / PHP 7.1
- WordPress 4.6 / PHP 7.0
- WordPress 4.1 / PHP 5.6
- PHP Coding Standards: 3.10.3
- WordPress Coding Standards: 3.1.0
- Plugin Check (PCP): 1.1.0
- SonarCloud Code Review
Previous versions
Si voleu veure el registre complet de canvis, visiteu el fitxer changelog.txt