Description
Ensure your website’s security posture and configuration health with monitoring and recommendations. Requires an active Webfiable subscription (currently free).
The Webfiable Info plugin is a component of the Webfiable security service, designed to help you maintain a robust security posture for your WordPress website. By securely gathering information about your site’s plugins, themes, and WordPress version, the plugin enables the Webfiable service to perform in-depth analysis and provide weekly recommendations tailored to your specific configuration.
To verify the plugin’s functionality, users and reviewers can visit the /webfiable endpoint on their website after activation. This endpoint provides encrypted website configuration data for security monitoring. An example of this can be seen at:
- Live Example: https://webfiable.com/webfiable/
External Services
This plugin connects to the Webfiable API to:
1. Retrieve an RSA public key, which is required for encrypting website configuration data before making it available to the Webfiable service.
2. Expose encrypted website configuration data through the /webfiable endpoint, which is queried by app.webfiable.com to generate a security posture report.
Data Sent:
– Public Key Retrieval: No user-specific data is sent; only a request to retrieve the RSA public key.
– Configuration Data Transmission: The plugin encrypts and exposes the following website information at the /webfiable endpoint:
– Installed plugins (names, slugs, and versions).
– Installed themes (names, slugs, and versions).
– WordPress version.
When Data is Sent:
– Public Key Retrieval: Occurs when encryption is required for the /webfiable endpoint.
– Configuration Data Transmission: Happens when app.webfiable.com queries the /webfiable endpoint to fetch encrypted data for security posture reporting.
Service URL:
– https://app.webfiable.com/public-key.json (for RSA key retrieval)
Terms of Service:
– https://webfiable.com/terminos-de-servicio/
Privacy Policy:
– https://webfiable.com/politica-privacidad/
Features
- Simple and Reliable Design: Built with simplicity in mind, this plugin minimizes the risk of issues arising on your website and reduces the need for frequent updates, contributing to a stable and secure environment.
- Lightweight and Efficient: The plugin is designed to be very lightweight, executing its tasks within seconds, and running no more than once per day, ensuring no impact on your website’s performance.
- Secure Data Transmission: Utilizes advanced hybrid encryption (AES + RSA) to securely transmit data to the Webfiable service.
- Proactive Security Monitoring: Enables continuous monitoring of your site’s security posture and configuration health.
- Part of the Webfiable Service: Requires an active Webfiable subscription (currently free).
Security Features
Webfiable Info is built with security at its core, ensuring that your website’s data is protected at every stage:
- Hybrid Encryption: Combines AES and RSA encryption to safeguard your data. The plugin uses AES-256 to encrypt the collected data, and then securely transmits the AES key by encrypting it with RSA-2048.
- Initialization Vector (IV): Each data transmission uses a unique Initialization Vector (IV) to ensure that even identical data produces different ciphertexts, enhancing security.
- RSA Key Management: The RSA encryption ensures that only the Webfiable service can decrypt the transmitted data, using a private key that remains secure on the Webfiable infrastructure.
How to Verify Plugin Functionality
Once installed and activated, users can verify the functionality of the Webfiable Info plugin by:
- Checking the
/webfiableEndpoint: Visithttps://yourwebsite.com/webfiable/to confirm that the plugin is providing encrypted configuration data. - Comparing with an Example Site: You can see an example of the plugin’s functionality at:
- Ensuring Data Security: The data exposed at this endpoint is encrypted and can only be decrypted by the Webfiable service.
License
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.
Installation
- Download the
webfiable-info.zipfile to your computer. - Log in to your WordPress admin dashboard.
- Go to
Plugins > Add New. - Click the
Upload Pluginbutton at the top of the page. - Click
Choose Fileand select thewebfiable-info.zipfile you downloaded. - Click
Install Now. - Once the installation is complete, click
Activate Plugin.
FAQ
-
Do I need a Webfiable subscription to use this plugin?
-
Yes, an active Webfiable subscription is required for the plugin to function. The plugin sends encrypted data to the Webfiable service, where it is analyzed as part of your subscription.
-
How does the plugin ensure my data is secure?
-
The plugin uses a hybrid encryption method, combining AES-256 and RSA-2048, to securely encrypt and transmit your website’s data. This ensures that only the Webfiable service can decrypt and analyze the information.
-
What information does this plugin collect?
-
The plugin collects information about your installed plugins, themes, and the WordPress version. This data is used by the Webfiable service to assess your website’s security posture and provide recommendations.
Reviews
There are no reviews for this plugin.
Contributors & Developers
“Webfiable Info” is open source software. The following people have contributed to this plugin.
Contributors
Translate “Webfiable Info” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.4
- Initial release with enhanced security features, including AES-256 encryption and RSA-2048 for key transmission.