Kistn API Client

描述

Collects installed plugins, themes, and WordPress core, then pushes inventory to your Kistn server for centralized vulnerability monitoring.

Push flow:

  1. Preflight — asks the server which slugs need a fresh advisory check and which are known-private.
  2. Hash check — skips push if inventory unchanged.
  3. WPScan lookup — queries the WPScan vulnerability database only for stale, non-private slugs.
  4. Push — sends packages, vulnerability findings, advisory snapshots, and any newly-discovered private slugs.

Private packages (those absent from the WPScan database) are tracked server-side so subsequent runs never waste WPScan quota on them. When the server later confirms a package is public, the project owner is notified.

Configuration via Settings Kistn, or via constants in wp-config.php:

define( ‘KISTN_BASE_URL’, ‘https://your-server.example.com’ );
define( ‘KISTN_PROJECT_ID’, ‘your-project-uuid’ );
define( ‘KISTN_TOKEN’, ‘your-api-token’ );
define( ‘KISTN_WPSCAN_TOKEN’, ‘your-wpscan-api-token’ ); // optional, enables vulnerability lookups

External services

This plugin can connect to WPScan API to obtain latest security information about your installation. Use of this feature is optional. To use this feature, you need a WPScan account and your own API token.

When the feature is used, this plugin sends information about installed WordPress core, plugins and themes to retrieve latest security advisories about your installed components. The service is provided by “WPScan”: https://wpscan.com/terms/, https://automattic.com/privacy/.

安装

  1. In your WordPress admin, go to Plugins Add New, search for “Kistn API Client”, install and activate.
  2. Alternatively, upload the plugin ZIP via Plugins Add New Upload Plugin, then activate.
  3. Alternatively, via Composer: composer require kistn/wp-client, then activate as usual.
  4. Go to Settings Kistn and configure your API credentials.

评价

此插件暂无评价。

贡献者及开发者

「Kistn API Client」是开源软件。 以下人员对此插件做出了贡献。

贡献者

帮助将「Kistn API Client」翻译成简体中文。

对开发感兴趣吗?

您可以浏览代码,查看SVN仓库,或通过RSS订阅开发日志

更新日志

1.0.1

  • Fix: WPScan requests now pause until the next day (site timezone) after hitting the 429 rate limit, instead of retrying every remaining slug in the same run.
  • Change: The Push Interval field is now hidden when Schedule Mode is set to WP-CLI only (it doesn’t apply to that mode).
  • Change: Renamed the WP-CLI command from wp inventory push to wp kistn push.
  • Change: Added an example placeholder to the API Base URL field.
  • Docs: Documented WordPress-plugin-repository installation as the primary install method.
  • Change: The server-crontab hint under Settings Kistn now toggles live when Schedule Mode is switched, instead of only appearing after a save.
  • Docs: Documented Composer installation option (composer require kistn/wp-client) in README.md and readme.txt.

1.0.0

  • Initial release.