WordPress.org

Hong Kong 香港中文

  • 佈景主題
  • 外掛
  • News
  • Support
  • About
  • 重要通知
  • WordPress 常見問題
  • 團隊
  • 取得 WordPress
取得 WordPress
WordPress.org

Plugin Directory

Protection Against DDoS

  • Submit a plugin
  • My favorites
  • Log in
  • Submit a plugin
  • My favorites
  • Log in

這個外掛並未在最新的 3 個 WordPress 主要版本上進行測試。開發者可能不再對這個外掛進行維護或提供技術支援,並可能會與更新版本的 WordPress 產生使用上的相容性問題。

Protection Against DDoS

由WPChef
下載
  • 詳情
  • 評價
  • 開發
支援

描述

This plugin resolves performance issues caused by brute force attacks described in the WordPress Codex here: https://codex.wordpress.org/Brute_Force_Attacks

From WordPress Codex:

Due to the nature of these attacks, you may find your server’s memory goes through the roof, causing performance problems. This is because the number of http requests (that is the number of times someone visits your site) is so high that servers run out of memory.

A common attack point on WordPress is to hammer the wp-login.php file over and over until they get in or the server dies. You can do some things to protect yourself.

Protection Against DDoS plugin addresses these issues very well.

It also allows to deny access to common WordPress features that get frequently attacked, like xmlrpc or RSS feeds pages.

CloudFlare users can allow or deny access for visitors from specified countries.

All checks are done via the .htaccess file so that bogus requests can’t even reach your WordPress site and get bounced at the web server level. You can also specify exactly where they can be bounced to.

Compatibility

  • Doesn’t have any known conflicts with any other security plugins.
  • Fully compatible with WordPress multisites.

Advanced users can get more technical information on the FAQ page.

螢幕截圖

  • Settings page.

常見問題

How does the plugin work?

The plugin starts working right after you install it. It utilizes a very simple idea: when a real user accesses the login page, the plugin sets a validation cookie for this user. After the user submitted the log in form, the plugin checks if the cookie is there and correct. If so, the user is allowed to log in. Otherwise the user gets bounced off. Since malicious bots attack the WordPress login page directly, they don’t get the protection cookie and hence always get bounced off. Moreover validation happens at the server level BEFORE WordPress is even accessed (via .htaccess file) and hence no load is directed to the WordPress at all. The secure cookie is encrypted and unique for every site so the bots can’t falsify it. Simple and effective!

Can it protect against any DDoS attack?

This plugin protects against DDoS CAUSED by brute-force attacks ONLY. This is the most common cause for an operational WordPress site to be down though. If your site is under attack for other reasons (for example if you got a lot of traffic to one of your posts) this plugin will not help!

What are the system requirements?

This plugin only works on the servers that support .htaccess files. Most Linux servers do.

評價

This is absolutely the best DDoS Protection plugin available

Eli 2020年4月24日
Our site was being attacked heavily using exactly the technics for which this plugin was creating for. I cannot thank the creator enough for providing it to the public free of charge. Thank you so much for your contribution. My only concern is that it hasn’t been updated for quite sometime, I really hope it’s not abandoned. I’m surprised this product doesn’t have more reviews and more downloads, I guess it hasn’t had enough promotion. Thank you so much @WPChef, please keep it alive!

This Plugin Saved Me

kcwebguy 2019年9月9日 1 reply
I was having a major DDOS against a number of my websites… the attack was taking down my entire VPS and affecting my entire business. I deployed this plugin to all of my sites and saw immediate relief from the attack. I took a screenshot of my load graph with an arrow at the point in time I deployed this plugin. My thanks to this author for a clever and effective plugin.

Serious(ly) Lightweight Extra Security

Gahapati 2017年5月4日
When I first came across Protection Against DDoS, I was impressed by the simplicity of the idea and the effectiveness of its execution. Assuming that DDoS attacks will hardly be carried out by lone hackers armed with web browsers, it’s reasonably safe also to assume that accepting and returning cookies will be among the least of their concerns. In which case the attack is stopped dead in its track very early on, in fact before WordPress is even asked to start up its engine. When I first tested this plugin, unfortunately it was not compatible with WP Multisite, yet. But within days of pointing this out to the developer, Protection Against DDoS was updated accordingly! The plugin has earned a permanent resident status in my toolbox!

Works very well

2by2host 2016年9月3日
We use this when a WordPress site gets bombarded with bogus traffic and see the results within minutes. We can see how HTTP requests drop right after the plugin is installed. This plugin should be a must for any site.
閱讀全部5個評價

貢獻者及開發者

“Protection Against DDoS” 是一個開源的軟體。以下的人對這個外掛作出了貢獻。

貢獻者
  • WPChef

將 Protection Against DDoS 外掛本地化為台灣繁體中文版。

對開發相關資訊感興趣?

任何人均可瀏覽程式碼、查看 SVN 存放庫,或透過 RSS 訂閱開發記錄。

修改日誌

1.5.2

  • Added access control for autodiscover/autodiscover.xml and wpad.dat.

1.5.1

  • Can deny access to xmlrpc, RSS and certain countries now.

1.4.1

  • Multisite compatibility implemented.

1.3

  • Validation cookie is set via JavaScript now and encrypted.

1.2

  • Redirect POST-requests only for login page.

1.1

  • Set validation cookie for all GET-requests.
  • Use random cookie name for better security.

1.0

  • Initial release.

其它

  • Version 1.5.2
  • Last updated 5 年之前
  • Active installations 3,000+
  • WordPress version 3.5.2 or higher
  • Tested up to 5.4.16
  • Language
    English (US)
  • Tags
    Brute ForceddosloginPeformancesecurity
  • 進階顯示

評分

5 out of 5 stars.
  • 4 5-star reviews 5 stars 4
  • 0 4-star reviews 4 stars 0
  • 0 3-star reviews 3 stars 0
  • 0 2-star reviews 2 stars 0
  • 0 1-star reviews 1 star 0

Add my review

See all reviews

貢獻者

  • WPChef

支援

有話想說?需要協助?

檢視支援論壇

  • 關於我們
  • 最新消息
  • 寄存
  • 隱私權
  • 展示網站
  • 佈景主題
  • 外掛
  • 區塊版面配置
  • Learn
  • 技術支援
  • 開發者資源
  • WordPress.tv ↗
  • 共同參與
  • Events
  • Donate ↗
  • Five for the Future
  • WordPress.com ↗
  • Matt ↗
  • bbPress ↗
  • BuddyPress ↗
WordPress.org
WordPress.org

Hong Kong 香港中文

  • Visit our X (formerly Twitter) account
  • Visit our Bluesky account
  • Visit our Mastodon account
  • Visit our Threads account
  • 訪問我們的 Facebook 專頁
  • Visit our Instagram account
  • Visit our LinkedIn account
  • Visit our TikTok account
  • Visit our YouTube channel
  • Visit our Tumblr account
代碼就是詩歌。