{"id":160,"date":"2026-01-21T07:21:53","date_gmt":"2026-01-21T06:21:53","guid":{"rendered":"https:\/\/helloblog.io\/hr\/wp-cli-abilities-api-wordfence-sigurnost-iz-terminala\/"},"modified":"2026-01-21T07:36:48","modified_gmt":"2026-01-21T06:36:48","slug":"wp-cli-abilities-api-wordfence-sigurnost-iz-terminala","status":"publish","type":"post","link":"https:\/\/helloblog.io\/hr\/wp-cli-abilities-api-wordfence-sigurnost-iz-terminala\/","title":{"rendered":"WP-CLI i Abilities API za Wordfence: sigurnosni skenovi, WAF i automatizacija bez wp-admina"},"content":{"rendered":"\n<p>Wordfence je godinama standardni izbor za WAF (Web Application Firewall) i malware skeniranje na WordPressu, ali administracija kroz wp-admin brzo postane usko grlo kad ima\u0161 vi\u0161e siteova, staging\/production okru\u017eenja ili \u017eeli\u0161 automatizirati rutinske provjere. Upravo tu upada novi open-source plugin <strong>WP-CLI &#038; Abilities API for Wordfence<\/strong> koji Wordfence funkcije dovodi u terminal kroz <code>wp wfsec<\/code> namespace \u2013 i (jo\u0161 zanimljivije) me\u0111u prvima implementira <strong>WordPress Abilities API<\/strong> predstavljen u WordPressu 6.9.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u0160to ovaj plugin zapravo dodaje (wp wfsec)?<\/h2>\n\n\n\n<p>Nakon instalacije dobiva\u0161 novu WP-CLI komandu <code>wp wfsec<\/code> koja pokriva klju\u010dne Wordfence operacije: skeniranje, upravljanje firewallom, rad s detektiranim problemima i konfiguraciju. Ideja je da Wordfence mo\u017ee\u0161 koristiti bez otvaranja WordPress admina \u2013 \u0161to je prakti\u010dno za odr\u017eavanje, incident response i skriptiranje.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Security scanning (skeniranje sigurnosti)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Pokretanje quick ili full malware skeniranja<\/li>\n\n\n<li>Pra\u0107enje napretka skena u realnom vremenu<\/li>\n\n\n<li>Pregled povijesti skeniranja i detaljnih logova<\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Firewall management (WAF i blokiranja)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Blokiranje i odblokiranje IP adresa<\/li>\n\n\n<li>Postavljanje trajanja blokade i razloga (npr. brute force)<\/li>\n\n\n<li>Provjera je li odre\u0111eni IP blokiran<\/li>\n\n\n<li>Uklju\u010divanje ili isklju\u010divanje WAF za\u0161tite<\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3) Issue tracking (detektirani problemi i prijetnje)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Listanje svih detektiranih sigurnosnih issuea<\/li>\n\n\n<li>Filtriranje po statusu: new, ignored, resolved<\/li>\n\n\n<li>Brisanje ili upravljanje pojedina\u010dnim prijetnjama<\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Konfiguracija i licenca<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>\u010citanje i postavljanje Wordfence postavki<\/li>\n\n\n<li>Provjera statusa licence<\/li>\n\n\n<li>Export i import konfiguracije<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Brzi primjeri komandi (copy\/paste)<\/h2>\n\n\n\n<p>Ovo su tipi\u010dne komande koje \u0107e\u0161 koristiti kad \u017eeli\u0161 brzo dobiti stanje, pokrenuti sken ili reagirati na napad \u2013 sve iz terminala.<\/p>\n\n\n\n<div class=\"wp-block-kevinbatdorf-code-block-pro\" data-code-block-pro-font-family=\"Code-Pro-JetBrains-Mono\" style=\"font-size:.875rem;font-family:Code-Pro-JetBrains-Mono,ui-monospace,SFMono-Regular,Menlo,Monaco,Consolas,monospace;line-height:1.25rem;--cbp-tab-width:2;tab-size:var(--cbp-tab-width, 2)\"><span style=\"display:block;padding:16px 0 0 16px;margin-bottom:-1px;width:100%;text-align:left;background-color:#24292e\"><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"54\" height=\"14\" viewBox=\"0 0 54 14\"><g fill=\"none\" fill-rule=\"evenodd\" transform=\"translate(1 1)\"><circle cx=\"6\" cy=\"6\" r=\"6\" fill=\"#FF5F56\" stroke=\"#E0443E\" stroke-width=\".5\"><\/circle><circle cx=\"26\" cy=\"6\" r=\"6\" fill=\"#FFBD2E\" stroke=\"#DEA123\" stroke-width=\".5\"><\/circle><circle cx=\"46\" cy=\"6\" r=\"6\" fill=\"#27C93F\" stroke=\"#1AAB29\" stroke-width=\".5\"><\/circle><\/g><\/svg><\/span><span role=\"button\" tabindex=\"0\" style=\"color:#e1e4e8;display:none\" aria-label=\"Copy\" class=\"code-block-pro-copy-button\"><pre class=\"code-block-pro-copy-button-pre\" aria-hidden=\"true\"><textarea class=\"code-block-pro-copy-button-textarea\" tabindex=\"-1\" aria-hidden=\"true\" readonly># Provjeri op\u0107i Wordfence status\nwp wfsec status\n\n# Pokreni full security scan\nwp wfsec scan start --type=full\n\n# Prati napredak skeniranja\nwp wfsec scan status\n\n# Izlistaj sve sigurnosne issuee\nwp wfsec issues ls --status=all\n\n# Blokiraj IP na 24 sata (86400 sekundi)\nwp wfsec firewall block 192.168.1.100 --duration=86400 --reason=&quot;Brute force attempt&quot;\n\n# Provjeri status licence\nwp wfsec license status\n\n<\/textarea><\/pre><svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" style=\"width:24px;height:24px\" fill=\"none\" viewBox=\"0 0 24 24\" stroke=\"currentColor\" stroke-width=\"2\"><path class=\"with-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2m-6 9l2 2 4-4\"><\/path><path class=\"without-check\" stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M9 5H7a2 2 0 00-2 2v12a2 2 0 002 2h10a2 2 0 002-2V7a2 2 0 00-2-2h-2M9 5a2 2 0 002 2h2a2 2 0 002-2M9 5a2 2 0 012-2h2a2 2 0 012 2\"><\/path><\/svg><\/span><pre class=\"shiki github-dark\" style=\"background-color:#24292e;color:#e1e4e8\" tabindex=\"0\"><code><span class=\"line\"><span style=\"color:#6A737D\"># Provjeri op\u0107i Wordfence status<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> status<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># Pokreni full security scan<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> scan<\/span><span style=\"color:#9ECBFF\"> start<\/span><span style=\"color:#79B8FF\"> --type=full<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># Prati napredak skeniranja<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> scan<\/span><span style=\"color:#9ECBFF\"> status<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># Izlistaj sve sigurnosne issuee<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> issues<\/span><span style=\"color:#9ECBFF\"> ls<\/span><span style=\"color:#79B8FF\"> --status=all<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># Blokiraj IP na 24 sata (86400 sekundi)<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> firewall<\/span><span style=\"color:#9ECBFF\"> block<\/span><span style=\"color:#79B8FF\"> 192.168.1.100<\/span><span style=\"color:#79B8FF\"> --duration=86400<\/span><span style=\"color:#79B8FF\"> --reason=<\/span><span style=\"color:#9ECBFF\">\"Brute force attempt\"<\/span><\/span>\n<span class=\"line\"><\/span>\n<span class=\"line\"><span style=\"color:#6A737D\"># Provjeri status licence<\/span><\/span>\n<span class=\"line\"><span style=\"color:#B392F0\">wp<\/span><span style=\"color:#9ECBFF\"> wfsec<\/span><span style=\"color:#9ECBFF\"> license<\/span><span style=\"color:#9ECBFF\"> status<\/span><\/span>\n<span class=\"line\"><\/span><\/code><\/pre><\/div>\n\n\n\n<p>Sve komande podr\u017eavaju <code>--format=json<\/code>, \u0161to je posebno korisno kad rezultate \u017eeli\u0161 parsirati u skriptama, CI\/CD jobovima ili alatima za nadzor.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Abilities API (WordPress 6.9): Wordfence kao \u201cotkrivaju\u0107a\u201d funkcionalnost za AI agente<\/h2>\n\n\n\n<p>Najve\u0107a vrijednost ovog projekta nije samo WP-CLI sloj, nego \u010dinjenica da me\u0111u prvima implementira <strong>WordPress Abilities API<\/strong> u WordPressu 6.9. Abilities API je standardizirano su\u010delje koje omogu\u0107uje da automatizacijski alati i AI agenti <em>otkriju<\/em> koje sposobnosti (abilities) WordPress nudi \u2013 i da ih koriste kroz samoopisni (self-describing) i shemom-validiran API, bez pisanja custom integracijskog koda za svaku pojedinu funkciju.<\/p>\n\n\n\n<p>U praksi to zna\u010di da Wordfence operacije mo\u017ee\u0161 izlo\u017eiti automatizaciji: od periodi\u010dnog provjeravanja stanja skena, preko dohva\u0107anja liste problema i severity statistike, do programskog blokiranja IP adresa \u2013 sve kroz standardni mehanizam koji AI agent mo\u017ee prona\u0107i i koristiti.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Sedam core abilities koje plugin izla\u017ee<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>scan-status<\/strong> \u2013 dohvat trenutnog stanja skeniranja i progresa<\/li>\n\n\n<li><strong>scan-start<\/strong> \u2013 programatsko pokretanje sigurnosnih skenova<\/li>\n\n\n<li><strong>issues-list<\/strong> \u2013 dohvat detektiranih sigurnosnih issuea<\/li>\n\n\n<li><strong>issues-count<\/strong> \u2013 brojanje issuea po severity (ozbiljnosti)<\/li>\n\n\n<li><strong>firewall-status<\/strong> \u2013 provjera stanja WAF-a<\/li>\n\n\n<li><strong>firewall-block<\/strong> \u2013 blokiranje IP adresa preko API-ja<\/li>\n\n\n<li><strong>license-status<\/strong> \u2013 dohvat informacija o licenci<\/li>\n\n<\/ul>\n\n\n\n<p>Ovo otvara dosta konkretnih scenarija: AI-powered sigurnosni monitoring, integracija Wordfencea u interni dashboard, ili automatizacija rutinskih provjera (npr. daily scan + izvje\u0161taj) bez klikanja po wp-adminu.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Autentikacija: Application Passwords + Basic Auth<\/h3>\n\n\n\n<p>Za autentikaciju se koriste <strong>WordPress Application Passwords<\/strong> (aplikacijske lozinke) preko <strong>Basic Auth<\/strong> mehanizma. To je prakti\u010dan i ve\u0107 poznat model za integracije, posebno kad ti treba kontrolirani pristup prema WordPress API-ju iz eksternih alata.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Preduvjeti (requirements)<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>WordPress 6.9+<\/li>\n\n\n<li>PHP 8.0+<\/li>\n\n\n<li>WP-CLI 2.5+<\/li>\n\n\n<li>Wordfence Security plugin (free ili premium)<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Instalacija \/ preuzimanje<\/h2>\n\n\n\n<p>Najbr\u017ei na\u010din je preuzeti ZIP i uploadati ga u <code>\/wp-content\/plugins\/<\/code>, pa aktivirati plugin. Autor navodi i opciju instalacije preko <strong>Composer-a<\/strong> ako radi\u0161 u Bedrock-style setupu.<\/p>\n\n\n<a href=\"https:\/\/github.com\/trueqap\/wpcli-for-wordfence\/releases\/download\/v1.0.0\/wpcli-for-wordfence-1.0.0.zip\" class=\"download-card\" download>\n                <span class=\"download-icon\"><i class=\"fa-duotone fa-file-zipper\"><\/i><\/span>\n                <span class=\"download-info\">\n                    <span class=\"download-title\">Download WP CLI for Wordfence v1.0.0<\/span>\n                    <span class=\"download-meta\"><span class=\"download-filename\">wpcli-for-wordfence-1.0.0.zip<\/span><\/span>\n                <\/span>\n                <span class=\"download-action\"><i class=\"fa-duotone fa-arrow-down-to-line\"><\/i><\/span>\n            <\/a>\n\n\n<h2 class=\"wp-block-heading\">Sa\u017eetak: kada ovo ima najvi\u0161e smisla?<\/h2>\n\n\n\n<p>Ako odr\u017eava\u0161 vi\u0161e WordPress siteova, radi\u0161 infrastrukturu kroz skripte ili \u017eeli\u0161 standardizirani na\u010din da automatizacija (pa i AI agenti) upravlja Wordfence funkcijama, kombinacija <code>wp wfsec<\/code> komandi i Abilities API podr\u0161ke je vrlo prakti\u010dna. Dobiva\u0161 operativni Wordfence \u201ctooling\u201d u terminalu, plus moderni API sloj koji je u skladu s onim \u0161to WordPress 6.9 poku\u0161ava omogu\u0107iti za integracije.<\/p>\n\n\n<div class=\"references-section\">\n                <h2>Reference \/ Izvori<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/github.com\/trueqap\/wpcli-for-wordfence\" target=\"_blank\" rel=\"noopener noreferrer\">WP-CLI &amp; Abilities API for Wordfence: Manage Security from Terminal and AI Agents<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>Ako odr\u017eava\u0161 vi\u0161e WordPress instalacija ili ti je terminal prirodnije okru\u017eenje od wp-admina, ovaj open-source dodatak daje Wordfenceu kompletan WP-CLI set komandi i izla\u017ee ga kroz novi WordPress Abilities API.<\/p>\n","protected":false},"author":44,"featured_media":161,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[30,33,15,10,8],"class_list":["post-160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sigurnost","tag-api","tag-sigurnost","tag-wordfence","tag-wordpress","tag-wp-cli"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/posts\/160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/comments?post=160"}],"version-history":[{"count":1,"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/posts\/160\/revisions"}],"predecessor-version":[{"id":162,"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/posts\/160\/revisions\/162"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/media\/161"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/media?parent=160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/categories?post=160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/hr\/wp-json\/wp\/v2\/tags?post=160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}