Title: Gauntlet Security Author: Cornelius Bergen Published: 2014년 9월 13일 Last modified: 2016년 7월 19일 --- 플러그인 검색 이 플러그인은 **최근 3개의 주요 워드프레스 출시와 시험 되지 않았습니다**. 워드프레스의 좀 더 최근 버전으로 이용할 때 더 이상 관리되지 않고 지원되지 않고 호환성 문제가 있을 수 있습니다. ![](https://ps.w.org/gauntlet-security/assets/icon-256x256.png?rev=988768) # Gauntlet Security 작성자: [Cornelius Bergen](https://profiles.wordpress.org/cbergen/) [다운로드](https://downloads.wordpress.org/plugin/gauntlet-security.zip) * [세부사항](https://ko.wordpress.org/plugins/gauntlet-security/#description) * [평가](https://ko.wordpress.org/plugins/gauntlet-security/#reviews) * [설치](https://ko.wordpress.org/plugins/gauntlet-security/#installation) * [개발](https://ko.wordpress.org/plugins/gauntlet-security/#developers) [지원](https://wordpress.org/support/plugin/gauntlet-security/) ## 설명 Gauntlet Security can find opportunities for improving the security of your site. It checks many aspects of the site’s configuration including file permissions, server software, PHP, database, plugins, themes, and user accounts. The plugin will give each check a pass, warning, or fail and explain in clear language how you can fix the issue. How you ultimately choose to patch these issues is up to you but whatever method you use, this plugin should always provide an accurate report. It does not make changes to your database or to any of your files and it should be compatible with all other security plugins. Checks and recommendations include: * Set correct file and directory permissions * Turn off directory indexing * Prevent code execution in the uploads directory * Block files in the includes directory * Prevent access to stray files which could be useful to attackers * Keep PHP up-to-date * Disable dangerous PHP functions * Disable allow_url_include and allow_url_fopen PHP flags * Turn off the display of PHP errors * Don’t advertise the PHP version you are running * Use a strong database password * Change the default database table prefix * Keep WordPress up-to-date * Turn off file editing in the control panel * Set security keys in WP-Config file * Don’t advertise the WordPress version you are running * Turn off self-registration * Force SSL when accessing the admin area * Review the development activity and reputation of all plugins * Remove unused themes from the server * Rename the plugin directory * Move the active theme to an alternate location * Do not use TimThumb * Do not use common user names (such as “admin”) * Do not use weak passwords * Do not have a user with an ID = 1 * Minimize the number of admin users * Users should not display their login usernames publicly * Prevent username enumeration through standard author URLs * …more tests planned Check the [screenshots](https://ko.wordpress.org/plugins/gauntlet-security/screenshots?output_format=md) for more detail on some of the above features. Many of these security checks are based on recommendations from the WordPress codex: https://codex.wordpress.org/Hardening_WordPress. #### Disclaimer Some of the tips included in this plugin only require making small changes to configuration files (.htaccess, php.ini, wp-config.php, functions.php). Others require more in- depth changes to the filesystem or database. Before attempting any of these fixes, you should be comfortable experimenting and know how to undo any change you make. That includes making backups and knowing how restore your site from those backups. I can’t guarantee that the recommendations or sample code provided in this plugin will not break your site or that they will prevent it from being hacked. #### Requirements * Apache web server * WordPress 3.4 minimum * PHP 5.2.7 minimum ## 스크린샷 * [[ * The main page. * [[ * All checks include a detailed explanation and instructions on how to fix the issue. * [[ * Not all issues need to be fixed. Less important tests are included for the paranoid. * [[ * The plugin check will raise red flags if plugins aren’t being maintained or haven’t been updated ## 설치 #### Using The WordPress Dashboard 1. Navigate to the ‘Add New’ in the plugins dashboard 2. Search for ‘gauntlet security’ 3. Click ‘Install Now’ 4. Activate the plugin on the Plugin dashboard #### 멀티사이트 1. Navigate to ‘Network Admin’ > ‘Plugins’ in the top toolbar (must be logged in as a Super Admin) 2. Click ‘Add New’ in the plugins dashboard 3. Search for ‘gauntlet security’ 4. Click ‘Install Now’ 5. Click ‘Network Activate’ on the Plugin dashboard. Only Super Admin users can access and use the plugin. #### Uploading in WordPress Dashboard 1. Navigate to the ‘Add New’ in the plugins dashboard 2. Navigate to the ‘Upload’ area 3. Select ‘gauntlet-security.zip’ from your computer 4. Click ‘Install Now’ 5. Activate the plugin in the Plugin dashboard #### Using FTP 1. Download ‘gauntlet-security.zip’ 2. Extract the ‘gauntlet-security’ directory to your computer 3. Upload the ‘gauntlet-security’ directory to the ‘/wp-content/plugins/’ directory 4. Activate the plugin in the Plugin dashboard ## FAQ Why doesn’t this plugin make these changes automatically? Most of this plugin’s recommendations are server configurations or WordPress configurations that only need to be set once. My belief is that plugins should not be making permanent changes to your site’s configuration. Any change a plugin makes, it should be able to undo. Other plugins can automate a few of these hardening techniques for you, but if something breaks it’s not always easy to figure out what the plugin did and how to revert it. ## 후기 ![](https://secure.gravatar.com/avatar/9a3f5b68ae320356b075494ee666482bb7693ce0bd1766239ea044f9bebbc124? s=60&d=retro&r=g) ### 󠀁[Highly recommend](https://wordpress.org/support/topic/highly-recommend-49/)󠁿 [Antony Booker](https://profiles.wordpress.org/antonynz/) 2017년 9월 27일 Can’t recommend this plugin enough for ensuring a site is locked down. Particularly useful is the plugin scanner feature which I run on every site. Very clear design and instructions. ![](https://secure.gravatar.com/avatar/a889b2bb03d09a9a362b494bb139430e6a6b732309c46b8f5c7681a074bdba84? s=60&d=retro&r=g) ### 󠀁[Bravo pour cette extension !](https://wordpress.org/support/topic/bravo-pour-cette-extension/)󠁿 [cret32](https://profiles.wordpress.org/cret32/) 2016년 9월 3일 Extension indispensable même si on utilise une extension de sécurité type WP security. Elle scanne l’installation Wordress, identifie les failles et – cerise sur le gâteau– donne les solutions pour les combler. Merci. ![](https://secure.gravatar.com/avatar/2901096ad7d14a489e77e41bdf718a9d57f0c1f12f13c15287973c025d264aac? s=60&d=retro&r=g) ### 󠀁[5 stars!](https://wordpress.org/support/topic/5-stars-159/)󠁿 [trigenium](https://profiles.wordpress.org/trigenium/) 2016년 9월 3일 Nice piece of code and very, very usefull. Thanks. [ 모든 8 평가 읽기 ](https://wordpress.org/support/plugin/gauntlet-security/reviews/) ## 기여자 & 개발자 “Gauntlet Security”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에 기여하였습니다. 기여자 * [ Cornelius Bergen ](https://profiles.wordpress.org/cbergen/) [자국어로 “Gauntlet Security”(을)를 번역하세요.](https://translate.wordpress.org/projects/wp-plugins/gauntlet-security) ### 개발에 관심이 있으십니까? [코드 탐색하기](https://plugins.trac.wordpress.org/browser/gauntlet-security/)는, [SVN 저장소](https://plugins.svn.wordpress.org/gauntlet-security/)를 확인하시거나, [개발 기록](https://plugins.trac.wordpress.org/log/gauntlet-security/)을 [RSS](https://plugins.trac.wordpress.org/log/gauntlet-security/?limit=100&mode=stop_on_copy&format=rss) 로 구독하세요. ## 변경이력 #### 1.4.1 * New test: Move the active theme to an alternate location * Enhancement: Now prepared for localization! * Enhancement: Highlight the importance of changing the plugin directory name * Enhancement: Update the PHP version check (5.5 is no longer supported) * Enhancement: Provide caveats for the user ID = 1 check * Tested on WordPress 4.6 #### 1.4.0 * New test: Keep PHP up-to-date * New test: Don’t advertise the PHP version you are running * Enhancement: Remove deprecated WordPress function, force_ssl_login * Enhancement: Improve colour-coding on plugin check * Enhancement: Add stray file check for “error_log” files * Tested on WordPress 4.5 #### 1.3.0 * Enhancement: Add compatibility with WordPress Multisite installs * Tested on WordPress 4.3.1 #### 1.2.2 * Fix: Stray file test failing on PHP versions less than 5.3.6 * Enhancement: Account for multilingual WordPress installs when testing for salts * Enhancement: Plugin version check only triggers warning if plugin is older than current * Tested on WordPress 4.1.1 #### 1.2.1 * Tested on WordPress 4.1 * Fix: Test for user ID #1 #### 1.2.0 * New test: Prevent access to stray non-Wordpress files which could be useful to attackers * Remove test: Shellshock test (not an ongoing concern) * Enhancement: User enumeration test checks users with posts * Enhancement: Increase reliabilty if site is using a self-signed TLS certificate * Enhancement: Added common usernames (thanks to Viktor Szépe & Simon Fredsted) * Enhancement: Allowance for overriding requirements check #### 1.1.2 * Fix: Remove PHP short tags * Enhancement: File Permissions check includes more “why” and less “how” * Enhancement: Shellshock check uses a more reliable method #### 1.1.1 * Fix: Plugin “PHP Fatal error” #### 1.1.0 * New test: Check for Shellshock bug * Enhancement: Add reference links to many tests for more information * Enhancement: Improve PHP display errors check * Enhancement: Improve TimThumb check #### 1.0.1 * Fix: TimThumb test * Enhancement: Link to support forum and donation button * Enhancement: Run less code on non-plugin admin pages * Enhancement: Text tweaks #### 1.0.0 * 초기 릴리즈 ## 기초 * 버전 **1.4.1** * 최근 업데이트: **10년 전** * 활성화된 설치 **60+** * 워드프레스 버전 ** 3.4 또는 그 이상 ** * 다음까지 시험됨: **4.6.30** * 언어 * [English (US)](https://wordpress.org/plugins/gauntlet-security/) * 태그: * [exploit](https://ko.wordpress.org/plugins/tags/exploit/)[Hacks](https://ko.wordpress.org/plugins/tags/hacks/) [secure](https://ko.wordpress.org/plugins/tags/secure/)[security](https://ko.wordpress.org/plugins/tags/security/) [vulnerability](https://ko.wordpress.org/plugins/tags/vulnerability/) * [고급 보기](https://ko.wordpress.org/plugins/gauntlet-security/advanced/) ## 평점 별 5점 만점에 5점. * [ 8/5-별점 후기 ](https://wordpress.org/support/plugin/gauntlet-security/reviews/?filter=5) * [ 0/4-별점 후기 ](https://wordpress.org/support/plugin/gauntlet-security/reviews/?filter=4) * [ 0/3-별점 후기 ](https://wordpress.org/support/plugin/gauntlet-security/reviews/?filter=3) * [ 0/2-별점 후기 ](https://wordpress.org/support/plugin/gauntlet-security/reviews/?filter=2) * [ 0/1-별점 후기 ](https://wordpress.org/support/plugin/gauntlet-security/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/gauntlet-security/reviews/#new-post) [모든 리뷰 보기](https://wordpress.org/support/plugin/gauntlet-security/reviews/) ## 기여자 * [ Cornelius Bergen ](https://profiles.wordpress.org/cbergen/) ## 지원 할 말 있으신가요? 도움이 필요하신가요? [지원 포럼 보기](https://wordpress.org/support/plugin/gauntlet-security/) ## 기부 이 플러그인이 발전하도록 도우시겠습니까? [ 이 플러그인에 기부하기 ](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=RGTZ39B4M83SA)