Zhangsir1724 Smart Shield

Zhangsir1724 智能盾牌

Contributors: zhangsir, zhangsir1724 Tags: security, firewall, waf, login protection, brute force, sql injection, xss protection Requires at least: 5.0 Tested up to: 6.9 Requires PHP: 7.4 Stable tag: 1.0.4 License: GPLv2 or later License URI: https://www.gnu.org/licenses/gpl-2.0.html

Battle-tested WordPress security plugin with 73%+ WAF interception rate, validated through continuous red team vs blue team exercises with 822 comprehensive penetration tests. 经过实战检验的 WordPress 安全插件，WAF 拦截率达 73%+，通过持续的红蓝对抗和 822 个综合渗透测试验证。

描述

Zhangsir1724 Smart Shield is a powerful security plugin designed to protect your WordPress site from various attacks. It provides multiple layers of protection including Web Application Firewall (WAF), login brute-force protection, file integrity monitoring, and dangerous PHP function detection. Zhangsir1724 Smart Shield 是一款强大的安全插件，旨在保护您的 WordPress 网站免受各种攻击。它提供多层防护，包括 Web 应用防火墙（WAF）、登录暴力破解防护、文件完整性监控和危险 PHP 函数检测。

Battle-Tested Security

实战检验的安全防护

This plugin has been rigorously tested through ongoing Red Team vs Blue Team exercises. Our WAF (Web Application Firewall) achieves a 73%+ interception rate against common attack vectors, validated through comprehensive penetration testing including 822 attack tests: 本插件通过持续的红蓝对抗演练进行了严格测试。我们的 WAF（Web 应用防火墙）对常见攻击向量实现了 73%+ 的拦截率，通过包含 822 个攻击测试的综合渗透测试验证：

• SQL Injection Protection – 76%+ interception rate (246 tests)

• SQL 注入防护 – 76%+ 拦截率（246 个测试）

• XSS Attack Protection – 80%+ interception rate (303 tests)

• XSS 攻击防护 – 80%+ 拦截率（303 个测试）

• Brute Force Protection – 88%+ interception rate (36 tests)

• 暴力破解防护 – 88%+ 拦截率（36 个测试）

• File Protection – 55%+ interception rate (225 tests)

• 文件保护 – 55%+ 拦截率（225 个测试）

We continuously conduct red-blue confrontation exercises to improve detection rules and enhance security capabilities, ensuring your website stays protected against evolving threats. 我们持续开展红蓝对抗演练以改进检测规则并增强安全能力，确保您的网站免受不断演变的威胁。

Key Features

核心功能

• Web Application Firewall (WAF) – 73%+ interception rate validated through red-blue team exercises with 822 comprehensive tests. Detects and blocks SQL injection (76%+), XSS (80%+), path traversal, LFI, RFI, and malicious scanners

• Web 应用防火墙（WAF） – 通过红蓝对抗验证的 73%+ 拦截率，包含 822 个综合测试。检测并拦截 SQL 注入（76%+）、XSS（80%+）、路径遍历、LFI、RFI 和恶意扫描器

• Login Protection – Prevents brute-force attacks with configurable attempt limits and lockout durations. Tracks failed login attempts and automatically locks suspicious IPs

• 登录保护 – 通过可配置的尝试限制和锁定时长防止暴力破解攻击。跟踪失败的登录尝试并自动锁定可疑 IP

• File Protection – Protects sensitive files (wp-config.php, .htaccess) and monitors file permissions. Blocks direct access to PHP files in uploads directory

• 文件保护 – 保护敏感文件（wp-config.php、.htaccess）并监控文件权限。阻止直接访问上传目录中的 PHP 文件

• Dangerous Functions Monitor – Scans installed plugins and themes for dangerous PHP functions (exec, eval, system, etc.) with risk level classification

• 危险函数监控 – 扫描已安装的插件和主题中的危险 PHP 函数（exec、eval、system 等），并进行风险等级分类

• Real-time Logging – Tracks all security events with detailed logs for forensic analysis

• 实时日志 – 跟踪所有安全事件，提供详细日志用于取证分析

• Easy Configuration – User-friendly admin interface with one-click enable/disable and security score dashboard

• 简单配置 – 用户友好的管理界面，支持一键启用/禁用和安全评分仪表板

Comprehensive Attack Detection

全面的攻击检测

• SQL Injection – 40+ detection patterns covering UNION-based, Boolean-based, Time-based, and Error-based SQLi

• SQL 注入 – 40+ 检测模式，覆盖基于 UNION、布尔、时间和错误的 SQL 注入

• Cross-Site Scripting (XSS) – 80+ patterns detecting script injection, event handlers, JavaScript protocol, and DOM-based XSS

• 跨站脚本攻击（XSS） – 80+ 模式检测脚本注入、事件处理器、JavaScript 协议和基于 DOM 的 XSS

• Local File Inclusion (LFI) – Path traversal detection including encoded variants (../, ..%2f, ..%5c)

• 本地文件包含（LFI） – 路径遍历检测，包括编码变体（../、..%2f、..%5c）

• Remote File Inclusion (RFI) – Detects remote file inclusion attempts and PHP stream wrappers

• 远程文件包含（RFI） – 检测远程文件包含尝试和 PHP 流包装器

• Remote Code Execution (RCE) – Command injection detection for Unix and Windows environments

• 远程代码执行（RCE） – Unix 和 Windows 环境的命令注入检测

• Malicious Scanners – Identifies vulnerability scanners and sensitive file access attempts

• 恶意扫描器 – 识别漏洞扫描器和敏感文件访问尝试

• Brute Force Protection – Configurable attempt limits with automatic IP lockout

• 暴力破解防护 – 可配置的尝试限制和自动 IP 锁定

Pro Version Available

Pro 版本可用

A Pro version is available with advanced features including enhanced WAF rules (96%+ interception rate), IP management, file integrity monitoring, and more. Learn More Pro 版本提供高级功能，包括增强的 WAF 规则（96%+ 拦截率）、IP 管理、文件完整性监控等。了解更多

安装

1. Upload the plugin files to the /wp-content/plugins/zhangsir1724-smart-shield directory, or install the plugin through the WordPress plugins screen directly.

2. 将插件文件上传到 /wp-content/plugins/zhangsir1724-smart-shield 目录，或通过 WordPress 插件屏幕直接安装插件。

3. Activate the plugin through the ‘Plugins’ screen in WordPress.

4. 在 WordPress 的”插件”屏幕中激活插件。

5. Go to the plugin settings page (Zhangsir1724 Smart Shield menu) to configure.

6. 进入插件设置页面（Zhangsir1724 Smart Shield 菜单）进行配置。

7. Enable the security features you need.

8. 启用您需要的安全功能。

常见问题

How effective is the WAF protection?

WAF 防护有多有效？

Our WAF achieves a 73%+ overall interception rate against common attack vectors, validated through continuous red-blue team exercises with 822 comprehensive penetration tests. Detailed results: SQL Injection 76%+ (246 tests), XSS 80%+ (303 tests), Brute Force 88%+ (36 tests), File Protection 55%+ (225 tests). We regularly update detection rules based on real-world attack patterns discovered during these security exercises. 我们的 WAF 对常见攻击向量实现了 73%+ 的总体拦截率，通过持续的红蓝对抗演练和 822 个综合渗透测试验证。详细结果：SQL 注入 76%+（246 个测试）、XSS 80%+（303 个测试）、暴力破解 88%+（36 个测试）、文件保护 55%+（225 个测试）。我们根据这些安全演练中发现的真实攻击模式定期更新检测规则。

Does this plugin work with caching plugins?

这个插件能与缓存插件一起工作吗？

Yes, Zhangsir1724 Smart Shield is compatible with most caching plugins. The WAF rules are executed before caching, ensuring all requests are properly scanned. 是的，Zhangsir1724 Smart Shield 与大多数缓存插件兼容。WAF 规则在缓存之前执行，确保所有请求都经过正确扫描。

Will this plugin slow down my site?

这个插件会拖慢我的网站吗？

The plugin is optimized for performance. Security checks are lightweight and only run when necessary. Pattern matching uses efficient regular expressions, and the impact on site performance is minimal. 该插件已针对性能进行优化。安全检查轻量级且仅在必要时运行。模式匹配使用高效的正则表达式，对网站性能的影响微乎其微。

Can I use this with other security plugins?

我可以与其他安全插件一起使用吗？

While you can use multiple security plugins, we recommend using Zhangsir1724 Smart Shield as your primary security solution to avoid conflicts and duplicate functionality. 虽然您可以使用多个安全插件，但我们建议将 Zhangsir1724 Smart Shield 作为主要安全解决方案，以避免冲突和功能重复。

How do you validate the security rules?

你们如何验证安全规则？

We conduct ongoing red team vs blue team exercises to test and improve our security rules. This real-world testing ensures our detection patterns remain effective against current attack techniques. 我们持续开展红蓝对抗演练来测试和改进安全规则。这种真实世界的测试确保我们的检测模式对当前攻击技术保持有效。

How do I report a security issue?

如何报告安全问题？

Please report any security vulnerabilities to our security team at 1601800014@qq.com. We take security seriously and will respond promptly. 请通过 1601800014@qq.com 向我们的安全团队报告任何安全漏洞。我们重视安全并将及时响应。

屏幕截图

1. Dashboard overview showing security score and protection status

2. 仪表板概览，显示安全评分和保护状态

3. File protection settings and permission monitoring

4. 文件保护设置和权限监控

5. Login protection configuration with attempt tracking

6. 登录保护配置，显示尝试跟踪

7. WAF firewall settings with attack statistics and blocked requests

8. WAF 防火墙设置，显示攻击统计和拦截请求

9. Dangerous functions scanner with risk classification

10. 危险函数扫描器，显示风险分类

11. Plugin settings and configuration options

12. 插件设置和配置选项

13. Security test report showing red-blue team exercise results

14. 安全测试报告，显示红蓝对抗演练结果

更新日志

1.0.4

• Enhanced WAF detection rules based on red-blue team exercise findings with 822 comprehensive tests

• 基于红蓝对抗演练发现增强 WAF 检测规则，包含 822 个综合测试

• Improved SQL injection detection patterns (40+ patterns, 76%+ interception rate)

• 改进 SQL 注入检测模式（40+ 模式，76%+ 拦截率）

• Expanded XSS protection coverage (80+ patterns, 80%+ interception rate)

• 扩展 XSS 防护覆盖范围（80+ 模式，80%+ 拦截率）

• Enhanced brute force protection (88%+ interception rate)

• 增强暴力破解防护（88%+ 拦截率）

• Added malicious scanner detection rules

• 添加恶意扫描器检测规则

• Optimized performance for high-traffic websites

• 针对高流量网站优化性能

• Bug fixes and security improvements

• 错误修复和安全改进

1.0.3

• Initial release

• 初始发布

• Web Application Firewall with multiple attack pattern detection

• 具有多种攻击模式检测的 Web 应用防火墙

• Login brute-force protection

• 登录暴力破解防护

• File protection and integrity monitoring

• 文件保护和完整性监控

• Dangerous PHP functions monitoring

• 危险 PHP 函数监控

• Admin dashboard with security score

• 带安全评分的管理仪表板

• Real-time logging and statistics

• 实时日志和统计

升级提示

1.0.4

Enhanced WAF detection rules and improved performance with 73%+ interception rate validated by 822 comprehensive tests. Recommended update for all users. 增强的 WAF 检测规则和改进的性能，通过 822 个综合测试验证的 73%+ 拦截率。推荐所有用户更新。

1.0.3

Initial release of Zhangsir1724 Smart Shield. Zhangsir1724 Smart Shield 初始发布。

Additional Info

附加信息

Privacy Policy

隐私政策

This plugin does not collect or transmit any user data to external servers. All security logs are stored locally in your WordPress database. 本插件不收集或传输任何用户数据到外部服务器。所有安全日志存储在您的 WordPress 数据库中。

Data Storage

数据存储

The plugin stores the following data in your WordPress database: 插件在您的 WordPress 数据库中存储以下数据：

• Security settings (wp_options table)

• 安全设置（wp_options 表）

• Blocked request logs (wp_options table)

• 拦截请求日志（wp_options 表）

• Login attempt records (custom table)

• 登录尝试记录（自定义表）

• Locked IP addresses (transients)

• 锁定的 IP 地址（transients）

All data can be removed by deactivating and deleting the plugin. 所有数据可以通过停用和删除插件来移除。

License

许可证

This plugin is licensed under the GNU General Public License v2.0 or later. You are free to use, modify, and distribute this software under the terms of this license. 本插件根据 GNU 通用公共许可证 v2.0 或更高版本授权。您可以根据该许可证的条款自由使用、修改和分发本软件。