该插件尚未通过WordPress的最新3个主要版本进行测试。 当与较新版本的WordPress一起使用时,可能不再受到维护或支持,并且可能会存在兼容性问题。

wp-security-txt

描述

The purpose of this project is to create a set-it-and-forget-it plugin that can be installed without much effort to get a WordPress site compliant with the current security.txt spec. It is therefore highly opinionated but built for configuration. It will automatically configure itself but you are encouraged to visit the plugin settings page after activating it.

security.txt is a draft “standard” which allows websites to define security policies. This “standard” sets clear guidelines for security researchers on how to report security issues, and allows bug bounty programs to define a scope. Security.txt is the equivalent of robots.txt, but for security issues.

There is a help page built into the plugin if you need help configuring it. For developers, there is documentation for wordpress-security-txt online, the source of which is in the docs/ directory. The most logical place to start are the docs for the WordPress_Security_Txt class.

Translations

The security.txt for WordPress plugin includes translations for the following 17 languages:

If you would like to contribute a new languge or you spotted in error in one of the translation files, please feel free to contribute directly to the public wordpress-security-txt POEditor project. Once accepted additions/modifications are automagically built by POEditor to PO/MO files and published to the wordpress-security-txt-translation repository.

The translations repository is included in builds submitted to the WordPress plugin directory. Users with the GitHub Updater Plugin don’t have to wait for builds to the WordPress plugin directory — they can get updated translations as soon as they’re published to the repository by POEditor.

Anonymous Statistics (Opt-in)

This plugin has an option — that is disabled by default and can only be enabled by explicilty opt-ing in on the security.txt Settings page — to collect anonymous statistics to help better understand how this plugin is used and how people are implementing their security.txt documents. The goal of collecting this data is to aid in research and design of the specification, the PHP library, the plugin itself, and to help us create a better experience for all users.

For example, one function of anonymous statistics is to send your security.txt document to our servers. This allows us to track what percent of users are implementing the specification according to the draft RFC, and how it might differ from the explicit definitions submitted to the Internet Engineering Task Force (IETF).

We respect your privacy and are happy to clarify on any aspect of the statistics collection and analysis. More importantly, you can verify this in the code for yourself on GitHub.

We do not track any personally-identifiable information and we are committed to protecting your privacy. With regards to performance, the tracking is implemented in such a way so as to not impact of your WordPress site at all.

Badges

All the badges!









屏幕截图

  • Easily control the declaratives of your security.txt document.
  • Generates valid security.txt documents for the latest spec.

安装

This section describes how to install wordpress-security-txt and get it working.

  1. Upload wordpress-security-txt to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Configure the plugin using the ‘settings.txt’ link under ‘Settings’.

常见问题

Installation Instructions

This section describes how to install wordpress-security-txt and get it working.

  1. Upload wordpress-security-txt to the /wp-content/plugins/ directory.
  2. Activate the plugin through the ‘Plugins’ menu in WordPress.
  3. Configure the plugin using the ‘settings.txt’ link under ‘Settings’.
Where should I report bugs I encounter?

Please report any issues you encounter via the GitHub issues tracker.

How can I contribute to the code base?

If you’d like to contribute to this plugin, pull requests are welcome. For more information please see CONTRIBUTING.md.

What version of the `security.txt` spec does this plugin implement?

This version of the plugin implements the security.txt specification found in the plugin folder. The specification the plugin implements is also available online or via the ‘settings.txt Help’ page in the WordPress admin.

Can I add more than one `Contact` directive?

While the specification explicitly allows for more than one Contact directive, this plugin currently only supports a single entry.

评价

2018年1月8日
Do exactly what it says. Clean code / clean UI... what else? Great plugin. Thanks for it.
阅读所有1条评价

贡献者及开发者

“wp-security-txt” 是开源软件。 以下人员对此插件做出了贡献。

贡献者

“wp-security-txt”插件已被翻译至12种本地话语言。 感谢所有译者为本插件所做的贡献。

将“wp-security-txt”翻译成您的语言。

对开发感兴趣吗?

您可以浏览代码,查看SVN仓库,或通过RSS订阅开发日志

更新日志

1.0.0

  • Initial release.