WordPress.org
Get WordPress

Plugin Directory

Changeset 3389958


Ignore:
Timestamp:
11/04/2025 08:36:45 PM (4 months ago)
Author:
basecloud
Message:

Update to version 1.0.18 from GitHub

Location:
basecloud-security-manager
Files:
4 edited
1 copied

Legend:

Unmodified
Added
Removed

  • basecloud-security-manager/tags/1.0.18/basecloud-security-manager-bc.php

    r3367376 r3389958  
    22/**
    33 * Plugin Name:       BaseCloud Security Manager
    4  * Description:       Manage WordPress security headers and settings to harden your site based on security best practices.
    5  * Version:           1.0.17
     4 * Description:       Enterprise-grade WordPress security headers including modern Cross-Origin policies (COEP/COOP) to harden your site against advanced threats.
     5 * Version:           1.0.18
    66 * Author:            BaseCloud Team
    77 * Author URI:        https://www.basecloudglobal.com/
     
    216216        ]);
    217217        add_settings_field('permissions_policy', 'Permissions-Policy', array($this, 'render_textarea_field'), $this->settings_page_slug, 'basecloud_headers_section', ['name' => 'permissions_policy', 'desc' => 'Controls which browser features can be used (e.g., camera, microphone, geolocation).']);
     218        add_settings_field('coep_header', 'Cross-Origin-Embedder-Policy (COEP)', array($this, 'render_select_field'), $this->settings_page_slug, 'basecloud_headers_section', [
     219            'name' => 'coep_header',
     220            'desc' => 'Modern security header that isolates your site from cross-origin resources. Required for advanced browser features like SharedArrayBuffer.',
     221            'options' => [
     222                '' => 'Disabled',
     223                'unsafe-none' => 'unsafe-none (Default - allows cross-origin resources)',
     224                'require-corp' => 'require-corp (Strict - blocks cross-origin resources without CORP header)'
     225            ]
     226        ]);
     227        add_settings_field('coop_header', 'Cross-Origin-Opener-Policy (COOP)', array($this, 'render_select_field'), $this->settings_page_slug, 'basecloud_headers_section', [
     228            'name' => 'coop_header',
     229            'desc' => 'Prevents malicious websites from accessing your site through window.opener. Enhances security against cross-origin attacks.',
     230            'options' => [
     231                '' => 'Disabled',
     232                'unsafe-none' => 'unsafe-none (Default - allows cross-origin access)',
     233                'same-origin-allow-popups' => 'same-origin-allow-popups (Balanced - allows same-origin popups)',
     234                'same-origin' => 'same-origin (Strict - blocks all cross-origin window access)'
     235            ]
     236        ]);
    218237        add_settings_field('secure_cookies', 'Secure Cookies', array($this, 'render_checkbox_field'), $this->settings_page_slug, 'basecloud_headers_section', ['name' => 'secure_cookies', 'label' => 'Set HttpOnly and Secure flags on session cookies to mitigate XSS and network sniffing.']);
    219238        add_settings_field('remove_server_info', 'Remove Server Info', array($this, 'render_checkbox_field'), $this->settings_page_slug, 'basecloud_headers_section', ['name' => 'remove_server_info', 'label' => 'Attempt to remove server signature (e.g., "nginx") and PHP version from headers to prevent fingerprinting. (May not work on all hosts).']);
     
    425444        }
    426445
     446        // Cross-Origin-Embedder-Policy Header (Modern security for isolation)
     447        if (!empty($options['coep_header'])) {
     448            header('Cross-Origin-Embedder-Policy: ' . $options['coep_header']);
     449        }
     450
     451        // Cross-Origin-Opener-Policy Header (Prevents malicious cross-origin interactions)
     452        if (!empty($options['coop_header'])) {
     453            header('Cross-Origin-Opener-Policy: ' . $options['coop_header']);
     454        }
     455
    427456        // Attempt to remove server info headers
    428457        if (!empty($options['remove_server_info'])) {

  • basecloud-security-manager/tags/1.0.18/readme.txt

    r3367376 r3389958  
    44Requires at least: 5.8
    55Tested up to: 6.8
    6 Stable tag: 1.0.17
     6Stable tag: 1.0.18
    77Requires PHP: 7.4
    88License: GPLv2 or later
     
    191191
    192192== Changelog ==
     193
     194= 1.0.18 =
     195**Modern Cross-Origin Security Enhancement**
     196
     197• Added Cross-Origin-Embedder-Policy (COEP) header support for advanced browser isolation
     198• Added Cross-Origin-Opener-Policy (COOP) header protection against cross-origin attacks
     199• Enhanced security against modern web vulnerabilities and cross-origin exploits
     200• New admin interface options for configuring COEP and COOP policies
     201• Improved plugin description highlighting enterprise-grade security features
     202• Compliance with latest web security standards and browser requirements
    193203
    194204= 1.0.17 =

  • basecloud-security-manager/trunk/basecloud-security-manager-bc.php

    r3367376 r3389958  
    22/**
    33 * Plugin Name:       BaseCloud Security Manager
    4  * Description:       Manage WordPress security headers and settings to harden your site based on security best practices.
    5  * Version:           1.0.17
     4 * Description:       Enterprise-grade WordPress security headers including modern Cross-Origin policies (COEP/COOP) to harden your site against advanced threats.
     5 * Version:           1.0.18
    66 * Author:            BaseCloud Team
    77 * Author URI:        https://www.basecloudglobal.com/
     
    216216        ]);
    217217        add_settings_field('permissions_policy', 'Permissions-Policy', array($this, 'render_textarea_field'), $this->settings_page_slug, 'basecloud_headers_section', ['name' => 'permissions_policy', 'desc' => 'Controls which browser features can be used (e.g., camera, microphone, geolocation).']);
     218        add_settings_field('coep_header', 'Cross-Origin-Embedder-Policy (COEP)', array($this, 'render_select_field'), $this->settings_page_slug, 'basecloud_headers_section', [
     219            'name' => 'coep_header',
     220            'desc' => 'Modern security header that isolates your site from cross-origin resources. Required for advanced browser features like SharedArrayBuffer.',
     221            'options' => [
     222                '' => 'Disabled',
     223                'unsafe-none' => 'unsafe-none (Default - allows cross-origin resources)',
     224                'require-corp' => 'require-corp (Strict - blocks cross-origin resources without CORP header)'
     225            ]
     226        ]);
     227        add_settings_field('coop_header', 'Cross-Origin-Opener-Policy (COOP)', array($this, 'render_select_field'), $this->settings_page_slug, 'basecloud_headers_section', [
     228            'name' => 'coop_header',
     229            'desc' => 'Prevents malicious websites from accessing your site through window.opener. Enhances security against cross-origin attacks.',
     230            'options' => [
     231                '' => 'Disabled',
     232                'unsafe-none' => 'unsafe-none (Default - allows cross-origin access)',
     233                'same-origin-allow-popups' => 'same-origin-allow-popups (Balanced - allows same-origin popups)',
     234                'same-origin' => 'same-origin (Strict - blocks all cross-origin window access)'
     235            ]
     236        ]);
    218237        add_settings_field('secure_cookies', 'Secure Cookies', array($this, 'render_checkbox_field'), $this->settings_page_slug, 'basecloud_headers_section', ['name' => 'secure_cookies', 'label' => 'Set HttpOnly and Secure flags on session cookies to mitigate XSS and network sniffing.']);
    219238        add_settings_field('remove_server_info', 'Remove Server Info', array($this, 'render_checkbox_field'), $this->settings_page_slug, 'basecloud_headers_section', ['name' => 'remove_server_info', 'label' => 'Attempt to remove server signature (e.g., "nginx") and PHP version from headers to prevent fingerprinting. (May not work on all hosts).']);
     
    425444        }
    426445
     446        // Cross-Origin-Embedder-Policy Header (Modern security for isolation)
     447        if (!empty($options['coep_header'])) {
     448            header('Cross-Origin-Embedder-Policy: ' . $options['coep_header']);
     449        }
     450
     451        // Cross-Origin-Opener-Policy Header (Prevents malicious cross-origin interactions)
     452        if (!empty($options['coop_header'])) {
     453            header('Cross-Origin-Opener-Policy: ' . $options['coop_header']);
     454        }
     455
    427456        // Attempt to remove server info headers
    428457        if (!empty($options['remove_server_info'])) {

  • basecloud-security-manager/trunk/readme.txt

    r3367376 r3389958  
    44Requires at least: 5.8
    55Tested up to: 6.8
    6 Stable tag: 1.0.17
     6Stable tag: 1.0.18
    77Requires PHP: 7.4
    88License: GPLv2 or later
     
    191191
    192192== Changelog ==
     193
     194= 1.0.18 =
     195**Modern Cross-Origin Security Enhancement**
     196
     197• Added Cross-Origin-Embedder-Policy (COEP) header support for advanced browser isolation
     198• Added Cross-Origin-Opener-Policy (COOP) header protection against cross-origin attacks
     199• Enhanced security against modern web vulnerabilities and cross-origin exploits
     200• New admin interface options for configuring COEP and COOP policies
     201• Improved plugin description highlighting enterprise-grade security features
     202• Compliance with latest web security standards and browser requirements
    193203
    194204= 1.0.17 =
Note: See TracChangeset for help on using the changeset viewer.