Ensure your website’s security posture and configuration health with monitoring and recommendations. Requires an active Webfiable subscription (currently free).
The Webfiable Info plugin is a component of the Webfiable security service, designed to help you maintain a robust security posture for your WordPress website. By securely gathering information about your site’s plugins, themes, and WordPress version, the plugin enables the Webfiable service to perform in-depth analysis and provide weekly recommendations tailored to your specific configuration.
To verify the plugin’s functionality, users and reviewers can visit the /webfiable
endpoint on their website after activation. This endpoint provides encrypted website configuration data for security monitoring. An example of this can be seen at:
- Live Example: https://webfiable.com/webfiable/
External Services
This plugin connects to the Webfiable API to:
1. Retrieve an RSA public key, which is required for encrypting website configuration data before making it available to the Webfiable service.
2. Expose encrypted website configuration data through the /webfiable
endpoint, which is queried by app.webfiable.com
to generate a security posture report.
Data Sent:
– Public Key Retrieval: No user-specific data is sent; only a request to retrieve the RSA public key.
– Configuration Data Transmission: The plugin encrypts and exposes the following website information at the /webfiable
endpoint:
– Installed plugins (names, slugs, and versions).
– Installed themes (names, slugs, and versions).
– WordPress version.
When Data is Sent:
– Public Key Retrieval: Occurs when encryption is required for the /webfiable
endpoint.
– Configuration Data Transmission: Happens when app.webfiable.com
queries the /webfiable
endpoint to fetch encrypted data for security posture reporting.
Service URL:
– https://app.webfiable.com/public-key.json (for RSA key retrieval)
Terms of Service:
– https://webfiable.com/terminos-de-servicio/
Privacy Policy:
– https://webfiable.com/politica-privacidad/
Features
- Simple and Reliable Design: Built with simplicity in mind, this plugin minimizes the risk of issues arising on your website and reduces the need for frequent updates, contributing to a stable and secure environment.
- Lightweight and Efficient: The plugin is designed to be very lightweight, executing its tasks within seconds, and running no more than once per day, ensuring no impact on your website’s performance.
- Secure Data Transmission: Utilizes advanced hybrid encryption (AES + RSA) to securely transmit data to the Webfiable service.
- Proactive Security Monitoring: Enables continuous monitoring of your site’s security posture and configuration health.
- Part of the Webfiable Service: Requires an active Webfiable subscription (currently free).
Security Features
Webfiable Info is built with security at its core, ensuring that your website’s data is protected at every stage:
- Hybrid Encryption: Combines AES and RSA encryption to safeguard your data. The plugin uses AES-256 to encrypt the collected data, and then securely transmits the AES key by encrypting it with RSA-2048.
- Initialization Vector (IV): Each data transmission uses a unique Initialization Vector (IV) to ensure that even identical data produces different ciphertexts, enhancing security.
- RSA Key Management: The RSA encryption ensures that only the Webfiable service can decrypt the transmitted data, using a private key that remains secure on the Webfiable infrastructure.
How to Verify Plugin Functionality
Once installed and activated, users can verify the functionality of the Webfiable Info plugin by:
- Checking the
/webfiable
Endpoint: Visithttps://yourwebsite.com/webfiable/
to confirm that the plugin is providing encrypted configuration data. - Comparing with an Example Site: You can see an example of the plugin’s functionality at:
- Ensuring Data Security: The data exposed at this endpoint is encrypted and can only be decrypted by the Webfiable service.
License
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version.