该插件尚未通过WordPress的最新3个主要版本进行测试。 当与较新版本的WordPress一起使用时,可能不再受到维护或支持,并且可能会存在兼容性问题。

DGXPCO

描述

DGXPCO (Digital Guarantees for eXplicitly Permitted Core Operations) is a proof-of-concept cryptographic signature verification utility for WordPress software updates. The plugin will source manual (offline) signatures for WordPress core updates and prevent the application from updating unless the contents of the update payload are verified with a remote signature.

This provides a second source of truth for the integrity of WordPress updates beyond the MD5 content hash supplied in the header from the WordPress update server. If that server were ever breached, it’s unlikely the server hosting the signatures of the files was also breached. If the signatures ever fail to validate, you can know your site was protected from an attack.

安装

Manual Installation

  1. Upload the entire /dgxpco directory to the /wp-content/plugins/ directory.
  2. Activate DGXPCO through the ‘Plugins’ menu in WordPress.

常见问题

Installation Instructions

Manual Installation

  1. Upload the entire /dgxpco directory to the /wp-content/plugins/ directory.
  2. Activate DGXPCO through the ‘Plugins’ menu in WordPress.
Who is responsible for the signatures

At the moment, Eric Mann will personally verify and sign every new update payload once it’s released by the core team. The signatures of each core file are hosted in a separate GitHub repository, with every commit signed by Eric’s GPG private key for redundant verification.

评价

此插件暂无评价。

贡献者及开发者

“DGXPCO” 是开源软件。 以下人员对此插件做出了贡献。

贡献者

“DGXPCO”插件已被翻译至1种本地话语言。 感谢所有译者为本插件所做的贡献。

将“DGXPCO”翻译成您的语言。

对开发感兴趣吗?

您可以浏览代码,查看SVN仓库,或通过RSS订阅开发日志

更新日志

1.2.0

  • Filter the upgrade cache to avoid prompting core upgrades with missing signatures.

1.1.0

  • Introduce integration test for full core compatibility guarantees.

1.0.0

  • First release