Skip to main content
Manusで任意のスキルを実行
ワンクリックで
GitHub リポジトリ

wp-arsenal

wp-arsenal には rahlplx から収集した 30 個の skills があり、リポジトリ単位の職業カバレッジとサイト内 skill 詳細ページを表示します。

収集済み skills
30
Stars
1
更新
2026-06-16
Forks
0
職業カバレッジ
3 件の職業カテゴリ · 100% 分類済み
リポジトリエクスプローラー

このリポジトリの skills

wp-ci-deploy
ソフトウェア開発者

Deploy a theme, plugin, or wp-content subset to a WordPress server from a CI/CD pipeline, with automatic pre-deploy backup, post-deploy health check, and automatic rollback on failure. Designed for GitHub Actions, GitLab CI, or any pipeline that can run Python.

2026-06-16
wp-woo-audit
情報セキュリティアナリスト

Security and integrity audit for WooCommerce stores. Checks REST API key scope, payment gateway exposure, webhook HTTPS enforcement, suspicious $0 orders, exposed wc-logs (PII/payment data), and coupon abuse.

2026-06-16
wp-child-theme
ソフトウェア開発者

Scaffold and deploy a WordPress child theme via SSH. Generates style.css, functions.php (with correct parent style enqueueing), and index.php. Supports Kadence, Astra, GeneratePress, Hello Elementor, OceanWP, and any custom parent. Can activate the child theme immediately after creation.

2026-06-16
wp-theme-switch
ソフトウェア開発者

Safely switch WordPress themes via SSH with automatic rollback if the site goes down. Records the previous theme for instant rollback. Verifies HTTP 200 before and after the switch.

2026-06-16
wp-theme-audit
情報セキュリティアナリスト

Security audit of WordPress themes via SSH. Scans for PHP malware patterns, injected scripts, recently modified files, and unexpected file types. Also checks DB for customizer injections and Elementor postmeta payloads. Use after any attack or before going live with a new/inherited theme.

2026-06-16
elementor-guide
ソフトウェア開発者

Comprehensive guide to building, maintaining, and recovering Elementor-based WordPress sites. Covers the CSS pipeline, global styles (Kit), common post-attack failures and fixes, Pro vs Free features, and integration with Kadence and Hello Elementor themes.

2026-06-16
kadence-theme-guide
ソフトウェア開発者

Comprehensive guide to building and recovering Kadence-based WordPress sites. Covers global styles, Kadence Blocks, Header/Footer builder, template library, child theme best practices, and post-attack recovery sequences.

2026-06-16
wp-network-audit
情報セキュリティアナリスト

Security audit for WordPress Multisite Network installations. Lists all sub-sites, detects super-admins, checks network-activated plugins vs filesystem, flags spam/deleted sites, reviews registration settings, and checks dangerous upload filetypes at the network level.

2026-06-15
admin-guard
情報セキュリティアナリスト

MU-plugin that restricts wp-login.php and wp-admin/ to trusted IP ranges at the PHP level. Belt-and-suspenders alongside .htaccess whitelisting. Has a safety valve: if no trusted CIDRs are configured, all IPs are allowed (so you can't lock yourself out).

2026-06-15
rate-limiter
情報セキュリティアナリスト

MU-plugin that rate-limits WordPress login attempts — no plugin required. After N failed logins from the same IP within a rolling window, locks out that IP for a configurable duration and sends an email alert.

2026-06-15
security-headers
ソフトウェア開発者

MU-plugin that adds HTTP security headers to every WordPress response: X-Frame-Options, X-Content-Type-Options, HSTS, Referrer-Policy, Permissions-Policy, and optional Content-Security-Policy. Also removes WordPress version fingerprinting from HTML head.

2026-06-15
xmlrpc-kill
ソフトウェア開発者

MU-plugin that completely disables WordPress XML-RPC at the PHP level. Belt-and-suspenders alongside .htaccess blocking. Also removes pingback headers and self-pingbacks. Do not use if you run Jetpack.

2026-06-15
wp-digest
ソフトウェア開発者

Send a weekly multi-site security digest email aggregating all scan results. Reads JSON logs from wp-multisite sweeps, groups findings by site, and emails a colour-coded HTML digest with one-click attention flags. Use for agency weekly reporting or personal multi-site monitoring.

2026-06-15
wp-report
ソフトウェア開発者

Generate self-contained HTML or plain-text audit reports from WP-Arsenal JSON output. Combines results from multiple scripts into one colour-coded report. Use after any audit run to produce a shareable deliverable for clients or records.

2026-06-15
wp-db-audit
情報セキュリティアナリスト

WordPress database security audit via SSH + MySQL. Detects injected scripts, rogue admin users, plugin-filesystem mismatches, Rank Math redirect abuse, WP-cron tampering, and rogue option rows. Use early in incident response before any cleanup.

2026-06-15
wp-backup
ネットワーク・コンピュータシステム管理者

Full WordPress site backup via SSH — database dump + wp-content/ archive. Stores backup on server with rotation, optionally downloads locally. Use before any destructive operation or on a maintenance schedule.

2026-06-15
wp-multisite
ネットワーク・コンピュータシステム管理者

Run any WP-Arsenal script across all sites in config/sites/. Produces a pass/fail summary table per site. Use for weekly security sweeps, mass updates, or post-incident lateral movement checks across multiple sites.

2026-06-15
wp-restore-core
ネットワーク・コンピュータシステム管理者

Restore WordPress core files from a clean wordpress.org download. Overwrites core files only — preserves wp-content/ and wp-config.php. Use when core files have been tampered with or corrupted by malware.

2026-06-15
wp-update
ネットワーク・コンピュータシステム管理者

Check and apply WordPress core and plugin updates via SSH. Verifies site responds after each update. Skips premium/private plugins. Supports check-only mode to see what's outdated without applying changes.

2026-06-15
wp-user-audit
情報セキュリティアナリスト

WordPress user and role security audit via SSH + MySQL. Detects rogue admins, suspicious usernames, disposable emails, and active sessions. Can delete users, demote roles, and kill all sessions.

2026-06-15
wp-chmod-fix
ネットワーク・コンピュータシステム管理者

Fix WordPress file and directory permissions via SSH. Sets directories to 755, PHP files to 644, wp-config.php to 600. Detects world-writable files and PHP files with execute bit set. Use after malware cleanup or server misconfiguration.

2026-06-15
wp-attacker-profile
情報セキュリティアナリスト

Build an attacker IP/identity profile from WordPress forensic data. Extracts IPs from session_tokens, honeypot logs, login monitor alerts. Cross-references with a configurable ISP map or runs whois automatically. Output suitable for police reports and ISP abuse complaints. Works on any WP install.

2026-06-15
wp-forensics
情報セキュリティアナリスト

Collect forensic evidence from any compromised WordPress site. Preserves malware files, server logs, wp-config (redacted), crontab, processes, DB dumps of critical tables, and session tokens. Creates timestamped tar.gz. Always run before cleanup. Works on any host with SSH access.

2026-06-15
wp-elementor-fix
ソフトウェア開発者

Fix broken Elementor rendering on any WordPress site after malware cleanup, plugin restore, or migration. Bumps elementor_css_version, clears _elementor_css postmeta, removes missing plugins from active_plugins, and clears transients and file cache. Works on any host.

2026-06-15
wp-plugin-restore
ソフトウェア開発者

Restore deleted WordPress plugins from a sibling WP site on the same server (instant copy, no download) or from wordpress.org API. Then optionally reactivates them in the database. Works on any host, any WP installation.

2026-06-15
wp-deep-audit
情報セキュリティアナリスト

Comprehensive 8-domain WordPress security audit: filesystem, malware signatures, database, wp-config, plugins/themes, server/cron, network/DNS, and logs. Works on any host (IONOS, SiteGround, WP Engine, Kinsta, cPanel, etc.). Produces incident-quality report. Takes 3-8 minutes per site.

2026-06-15
wp-firewall
情報セキュリティアナリスト

WordPress IP/geo firewall via .htaccess for any Apache-based host. Block attacker IPs, protect wp-login.php with an allowlist, geo-block countries via Cloudflare CF-IPCountry or mod_geoip. Config-driven, never blocks your trusted CIDRs. Not needed on Nginx/WP Engine/Kinsta (use their WAF).

2026-06-15
wp-harden
情報セキュリティアナリスト

WordPress security hardening: adds security constants to wp-config.php, writes .htaccess protection rules (xmlrpc block, file browser disable, wp-includes protection), blocks PHP in uploads, disables pingbacks.

2026-06-15
wp-scan
情報セキュリティアナリスト

Fast WordPress malware scan for any site on any host. Detects known shell filenames, PHP in uploads, recently modified PHP, 14 malware signatures (eval/base64, c99, TFM/Nyx, assert, preg_replace/e), and .htaccess anomalies. Runs in under 60 seconds. Use as first triage on any suspect site.

2026-06-15
wp-shell-nuke
情報セキュリティアナリスト

Remove WordPress malware and shell files. Deletes known-bad filenames, PHP from uploads, rogue plugin directories, and /tmp staging files. Always run --dry-run first. Blocks PHP execution in uploads via .htaccess.

2026-06-15