這個外掛並未在最新的 3 個 WordPress 主要版本上進行測試。開發者可能不再對這個外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。

CSP-ANTS&ST

描述

For a perfectly secured website, you have to avoid ‘unsafe-eval’ and ‘unsafe-inline’ in your content-security-policy header.
This plugin add nonces to script/style tags and add those nonces to the content-security-policy header, so your website will be more secure, even if there are other actions to perform in order to have a very strong protection.

Features

There are no settings, it’s a plug and play plugin.
This plugin automaticallly:
– add a nonce to each script and style tag and a sha256 hash to online events (onload / onclick)
– generate Content Security Policy header with all nonces and hashes + basics (base-uri ‘self’, google fonts, gravatar, maxcdn.bootstrapcdn…)

Tested / Works with no cache system, WP Rocket on Plesk (Nginx/Apache webserver) and Lscache (Openlitespeed/Litespeed webserver)
Should work elsewhere, just say me and I’ll add your setup to this list.

Requirements

  • WordPress 5.0 or higher.

安裝

  • Extract the zip file and just drop the contents in the wp-content/plugins/ directory of your WordPress installation or install it directly from your dashboard and then activate the plugin from Plugins page.
  • There’s not options page, simply install and activate.

常見問題

Is there something to do after install?

Yes, just activate it!

評價

2023年7月24日
I downloaded this plugin and modified it for my site. I would recommend doing that. The plugin hooks into the 'template_redirect' hook. At that point the source for the page has been generated by themes and plugins and is ready to be sent. The plugin looks through the generated source and makes nonces for all inline scripts and styles. It modifies the source so the inline scripts and styles have a nonce='some-nonce' statement in them. It creates a Content-Security-Policy which includes those nonces. However, each site has its own CSP needs, and so modifying the plugin to tailor the CSP to your site is not that difficult to do. That is what I have done.
2022年9月8日
The plugin works as advertised however, it does not let you modify the CSP header resulting in a less than ideal CSP header. The header this plugin serves provides no protection against clickjacking and allows all external scripts.
2022年7月14日
This is the most 'straight to the point' CSP tool that I've found. So far, so go.
閱讀全部4個評價

貢獻者及開發者

“CSP-ANTS&ST” 是一個開源的軟體。以下的人對這個外掛作出了貢獻。

貢獻者

將 CSP-ANTS&ST 外掛本地化為台灣繁體中文版。

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄

修改日誌

1.0

  • Initial release