當(dāng)前位置：首頁 > 编程资源 > 编程问答 >内容正文

编程问答

wordpress安全_保持WordPress网站安全的48种方法

發(fā)布時間：2023/12/20 编程问答 31 豆豆

生活随笔收集整理的這篇文章主要介紹了 wordpress安全_保持WordPress网站安全的48种方法小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.

wordpress安全

This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.

本文是與SiteGround合作創(chuàng)建的系列文章的一部分。感謝您支持使SitePoint成為可能的合作伙伴。

Hackers. Vulnerabilities. Brute-force. Malware. Denial of service. Man-in-the-middle. Phishing. All scary words. We live in a dangerous online world!

駭客。漏洞。蠻力。惡意軟件。拒絕服務(wù)。中間人。網(wǎng)絡(luò)釣魚。所有可怕的話。我們生活在一個危險的在線世界中！

Has your site been hacked? I have, and we’re not alone. In 2012 more than 70% of WordPress sites were vulnerable to attack, and not much has changed since. What have you done to protect ensure you have a secure WordPress site?

您的網(wǎng)站被黑客入侵了嗎？我有，我們并不孤單。 2012年，超過70％的WordPress網(wǎng)站容易受到攻擊，此后變化不大。為了保護(hù)您的WordPress網(wǎng)站安全，您做了什么保護(hù)？

In this article we’ve pulled together security tips from previous SitePoint articles, our own experience, and from around the web, and organized them in a way I hope you find useful and understandable. And most importantly, easy to act on.

在本文中，我們從以前的SitePoint文章，我們自己的經(jīng)驗(yàn)以及網(wǎng)絡(luò)中收集了安全提示，并以一種希望您覺得有用和易于理解的方式對它們進(jìn)行了整理。最重要的是，易于操作。

All-in-one WordPress security plugins are useful (and we’ll be covering them in our next article), but security requires more than just installing a plugin and walking away. It requires a careful strategy and constant vigilance. Be proactive, not reactive. In other words, don’t assume your site is safe—work out a security plan before you are hacked!

多合一WordPress安全插件很有用(我們將在下一篇文章中介紹它們)，但是安全性不僅僅需要安裝插件并退出。這需要謹(jǐn)慎的策略和持續(xù)的警惕。要積極主動，不要被動。換句話說，不要以為您的網(wǎng)站是安全的- 在被黑之前制定一份安全計劃！

That being said, there is no such thing as 100% security. What you can achieve is risk reduction, and find the balance (for you) between security and convenience.

話雖如此，不存在100％安全的問題。您可以實(shí)現(xiàn)的是降低風(fēng)險，并在安全性和便利性之間找到平衡點(diǎn)(對您而言)。

Security is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making yourself a target, subsequently getting hacked.” — codex.wordpress.org

安全不是關(guān)于完全安全的系統(tǒng)。這樣的事情很可能是不切實(shí)際的，或者不可能找到和/或維護(hù)。安全性是降低風(fēng)險，而不是消除風(fēng)險。它是在合理范圍內(nèi)使用所有可用的適當(dāng)控件，使您能夠改善整體姿勢，減少使自己成為目標(biāo)并隨后被黑客攻擊的幾率。” — codex.wordpress.org

Where should you focus your attention? In an article last year, WP White Security reported the following statistics about hacked websites:

您應(yīng)該把注意力集中在哪里？去年， WP White Security在一篇文章中報告了有關(guān)被黑網(wǎng)站的以下統(tǒng)計信息：

41% were hacked through a security vulnerability on their hosting platform
41％的用戶通過其托管平臺上的安全漏洞被黑客入侵
29% were hacked via a security issue in the WordPress Theme they were using
29％的人通過使用的WordPress主題中的安全問題被黑客入侵
22% were hacked via a security issue in the WordPress Plugins they were using
他們所使用的WordPress插件中有22％通過安全問題被黑客入侵
8% were hacked because they had a weak password
8％被黑客入侵，因?yàn)樗麄兊拿艽a太弱

That’s where the holes are in your defence. Keep that in mind while you’re creating your security strategy.

那就是防守中的漏洞所在。在創(chuàng)建安全策略時，請記住這一點(diǎn)。

OK. With all that in mind, here are 40 ways you can keep your WordPress site secure. Choose the ones that make sense for you and your site.

好。考慮到所有這些，這里有40種方法可以確保WordPress網(wǎng)站的安全。選擇對您和您的網(wǎng)站有意義的內(nèi)容。

安全WordPress (Secure WordPress)

1.保持WordPress最新 (1. Keep WordPress Up to Date)

The latest of WordPress is most likely more secure than the last one, and has less vulnerabilities. So keep it up to date—it’s a one-click operation. Make sure you back up your site first!

最新的WordPress最有可能比最后一個更安全，并且漏洞更少。因此，請保持最新狀態(tài)-這是一鍵式操作。確保您首先備份您的網(wǎng)站！

WordPress updates rarely cause problems, but if you like to be careful, update it on a test server first. Or, if you’d just like WordPress to auto-update itself, apply the following code to your wp-config.php file:

WordPress更新很少會引起問題，但是如果您要小心，請首先在測試服務(wù)器上對其進(jìn)行更新。或者，如果您只是希望WordPress自動更新自身，請將以下代碼應(yīng)用于wp-config.php文件：

#Enable all core updates, including minor and major: define ( 'WP_AUTO_UPDATE_CORE', true );

If you don’t want to manually update your WordPress, consider a hosting provider like our partner SiteGround, which has a special auto-update tool available on all plans.

如果您不想手動更新WordPress，請考慮使用托管服務(wù)提供商，例如我們的合作伙伴SiteGround ，該提供商在所有計劃中都有一個特殊的自動更新工具。

2.定期備份您的網(wǎng)站 (2. Back Up Your Site Regularly)

Make sure you make regular backups of your WordPress site. A backup of WordPress data and files can play a crucial role in an emergency. If all else fails, you won’t have to start from scratch!

確保定期對WordPress網(wǎng)站進(jìn)行備份。 WordPress數(shù)據(jù)和文件的備份在緊急情況下可以發(fā)揮關(guān)鍵作用。如果所有其他方法都失敗了，則您無需從頭開始！

Schedule your backups so you won’t forget them, and do a test restore from time to time.

安排您的備份，使您不會忘記它們，并不時進(jìn)行測試還原。

Further reading:

進(jìn)一步閱讀：

5 WordPress Plugins for Backups and Migrations
5個用于備份和遷移的WordPress插件
The Best WordPress Backup Plugins Compared
最好的WordPress備份插件比較
How to Manually Backup Your WordPress Website
如何手動備份您的WordPress網(wǎng)站
Your Regular WordPress Maintenance Checklist
您的常規(guī)WordPress維護(hù)清單

3.為SSL數(shù)據(jù)安全啟用SSL (3. Enable SSL for WordPress Data Security)

Enable SSL to secure your WordPress site. A Secure Sockets Layer encrypts all information sent to and from your site, keeping it private and preventing man-in-the-middle attacks where a third party listens in or modifies the communication between the client and the server. As a bonus it can also boost your Google PageRank.

啟用S??SL以保護(hù)您的WordPress網(wǎng)站。安全套接字層對發(fā)送到您的站點(diǎn)和從您的站點(diǎn)發(fā)送的所有信息進(jìn)行加密，將其保密，并防止第三方偵聽或修改客戶端與服務(wù)器之間的通信的中間人攻擊。作為獎勵，它還可以提高您的Google PageRank。

The address of an SSL-certified site will start with an?HTTPS, while a site that’s not SSL certified will begin with?HTTP. It’s best to activate HTTPS before installing WordPress, but it’s possible to update your WordPress settings if you add it later. Hosting providers like SiteGround offer free SSL certificates.

SSL認(rèn)證的站點(diǎn)的地址將以HTTPS開頭，而未經(jīng)SSL認(rèn)證的站點(diǎn)的地址將以HTTP開頭。最好在安裝WordPress之前激活HTTPS，但是如果以后添加它，可以更新WordPress設(shè)置。像SiteGround這樣的托管提供商都提供免費(fèi)的SSL證書。

Further reading:

進(jìn)一步閱讀：

Secure WordPress with SSL
使用SSL保護(hù)WordPress

4.安全的wp-config.php (4. Secure wp-config.php)

Lock down wp-config.php—it’s one single location that contains a wealth of critical data regarding your database, username, and password. Only you should have access.

鎖定wp-config.php是一個單一位置，其中包含有關(guān)數(shù)據(jù)庫，用戶名和密碼的大量關(guān)鍵數(shù)據(jù)。只有您應(yīng)該有權(quán)訪問。

To deny access to this file, you should add the code below at the top of the .htaccess file:

要拒絕對此文件的訪問，您應(yīng)該在.htaccess文件頂部添加以下代碼：

<files wp-config.php>order allow,denydeny from all</files>

5.移動wp-config.php (5. Move wp-config.php)

Move the wp-config.php file into the folder above your WordPress installation. This will make it inaccessible to anyone using a browser, meaning a cracker has less chance of locating it.

將wp-config.php文件移動到WordPress安裝上方的文件夾中。這將使使用瀏覽器的任何人都無法訪問它，這意味著破解者找到它的機(jī)會較小。

Further reading:

進(jìn)一步閱讀：

The Easiest WordPress Security Tip Ever!
最簡單的WordPress安全提示！

6.隱藏WordPress版本號 (6. Hide the WordPress Version Number)

Some versions of WordPress have known vulnerabilities. Someone familiar with those vulnerabilities can discover which version you’re using because it’s shown in the HTML head of every page.

某些版本的WordPress已知漏洞。熟悉這些漏洞的人可以發(fā)現(xiàn)您使用的版本，因?yàn)樗@示在每個頁面HTML頭中。

Remove that information by adding the following line to your theme’s functions.php file:

通過將以下行添加到主題的functions.php文件中，刪除該信息：

remove_action('wp_head', 'wp_generator');

You should also remove the readme.html file, which also contains the WordPress version number.

您還應(yīng)該刪除readme.html文件，該文件還包含WordPress版本號。

7.從主題中刪除WordPress參考 (7. Remove WordPress References from Your Theme)

Someone will only try to hack WordPress if they know you’re using it. So keep it a secret! Remove all references to WordPress from your theme files.

只有知道自己正在使用WordPress的人才能嘗試破解。所以要保守秘密！從主題文件中刪除所有對WordPress的引用。

Find and delete the references from the header.php that look like this:

從header.php查找并刪除引用，如下所示：

8.禁用PHP錯誤報告 (8. Disable PHP Error Reporting)

Hackers can use error messages to their advantage. For example, an error from a theme or plugin might display your server path.

黑客可以利用錯誤消息來發(fā)揮自己的優(yōu)勢。例如，主題或插件出現(xiàn)錯誤可能會顯示您的服務(wù)器路徑。

To disable error reporting, add the following code to your wp-config.php file:

要禁用錯誤報告，請將以下代碼添加到wp-config.php文件中：

error_reporting (0); @ini_set ('display_errors', 0);

9.更改默認(rèn)密鑰 (9. Change the Default Secret Keys)

When you install WordPress, four secret keys are written to your wp-config.php file. They improve encryption of information stored in the user’s cookies and make it harder to crack your password.

當(dāng)您安裝WordPress時，會將四個秘密密鑰寫入wp-config.php文件。它們改善了存儲在用戶Cookie中的信息的加密，并使得破解密碼更加困難。

Use WordPress’ Secret Code Generator to get some new keys, and copy them into your wp-config.php file.

使用WordPress的密碼生成器獲取一些新密鑰，并將其復(fù)制到wp-config.php文件中。

保護(hù)您的主題和插件 (Secure Your Themes and Plugins)

51% of hacked sites are because of security issues with themes and plugins. Give special consideration to this section!

51％的被黑網(wǎng)站是由于主題和插件的安全性問題。請?zhí)貏e注意此部分！

10.保持主題和插件最新 (10. Keep Your Themes and Plugins Up to Date)

Don’t just update WordPress, make sure your themes and plugins are also up to date. Each one is a potential back door to your site, and each new version is likely to have less vulnerabilities.

不要只是更新WordPress，請確保您的主題和插件也是最新的。每個版本都是您網(wǎng)站的潛在后門，每個新版本的漏洞都可能較少。

11.選擇活動維護(hù)且定期更新的主題和插件 (11. Choose Themes and Plugins that are Actively Maintained and Regularly Updated)

If there are security vulnerabilities found in a theme or plugin, you’d like it addressed as quickly as possible. That won’t happen with a theme or plugin that’s no longer maintained. Whenever possible, make sure the themes and plugins you use are actively maintained.

如果在主題或插件中發(fā)現(xiàn)安全漏洞，則希望盡快解決。如果主題或插件不再維護(hù)，則不會發(fā)生這種情況。盡可能確保您使用的主題和插件得到積極維護(hù)。

Further reading:

進(jìn)一步閱讀：

How to Protect Yourself from Rogue WordPress Plugins
如何保護(hù)自己免受Rogue WordPress插件的侵害

12.刪除您不使用的主題和插件 (12. Delete Themes and Plugins You Don’t Use)

If every theme and plugin is a potential back door, reduce the risk as much as possible. If you’re not using it, remove it. Deactivating plugins isn’t enough—click “Delete”!

如果每個主題和插件都是潛在的后門，請盡可能降低風(fēng)險。如果您不使用它，請將其刪除。僅激活插件是不夠的，請單擊“刪除”！

13.限制對插件目錄的訪問 (13. Restrict Access to Your Plugins Directory)

Restrict access to your WordPress plugins directory: www.your-domain.com/wp-content/plugins/. Otherwise, someone browsing the folder can see which plugins you’re using, explore them for potential vulnerabilities.

限制訪問WordPress插件目錄： www.your-domain.com/wp-content/plugins/ 。否則，瀏覽該文件夾的人可以查看您正在使用的插件，并對其進(jìn)行潛在漏洞的探索。

Deny access by uploading a blank index.html file to the directory. Alternatively add the following line at the start in your .htaccess file in the root folder:

通過將空白的index.html文件上傳到目錄來拒絕訪問。或者，在根文件夾的.htaccess文件的開頭添加以下行：

Options –Indexes

14.消除插件和主題編輯器 (14. Eliminate the Plugin and Theme Editor)

There’s a built-in plugin and theme editor on the WordPress dashboard. This editor can be used to bring down your entire site if one of your user accounts is hacked.

WordPress儀表板上有一個內(nèi)置的插件和主題編輯器。如果您的一個用戶帳戶被黑客入侵，則可以使用該編輯器關(guān)閉整個站點(diǎn)。

If you don’t regularly use the editor, it’s best to disable it. Insert the following into your wp-config.php file:

如果您不定期使用編輯器，則最好將其禁用。將以下內(nèi)容插入您的wp-config.php文件：

// Disallow file edit define( 'DISALLOW_FILE_EDIT', true );

保護(hù)您的登錄 (Secure Your Logins)

8% of hacked sites are caused by weak passwords. Here are some techniques to improve the security of your login procedures.

8％的被黑網(wǎng)站是由密碼弱造成的。以下是一些提高登錄過程安全性的技術(shù)。

15.更改管理員用戶名 (15. Change the Admin Username)

Avoid using the default admin username, or obvious names like ‘a(chǎn)dministrator’, the name of your site, or your own name. They’re too easy to guess, and a hacked admin account is more dangerous than an author account.

避免使用默認(rèn)的管理員用戶名或明顯的名稱(例如“ administrator”)，您的站點(diǎn)名稱或您自己的名稱。他們太容易猜到了，被黑的管理員帳戶比作者帳戶更危險。

Choose an appropriate admin username when you’re setting WordPress. If your site is already using “admin”, then create a new admin user, then delete the old one, or alternatively use a plugin like Username Changer.

設(shè)置WordPress時，請選擇適當(dāng)?shù)墓芾韱T用戶名。如果您的站點(diǎn)已經(jīng)在使用“ admin”，則創(chuàng)建一個新的admin用戶，然后刪除舊的admin用戶，或者使用類似于Username Changer的插件。

16.使用安全密碼 (16. Use a Secure Password)

Choose a complex password comprised of letters, numbers and characters. Here are some hints:

選擇一個由字母，數(shù)字和字符組成的復(fù)雜密碼。這里有一些提示：

Don’t choose a password that’s similar to your username.
不要選擇與您的用戶名相似的密碼。
Don’t choose a password that’s similar to your website name.
不要選擇與您的網(wǎng)站名稱相似的密碼。
Don’t choose a password that’s a common word with a few simple changes.
不要選擇經(jīng)過一些簡單更改的通用密碼。
Avoid dictionary words.
避免字典單詞。
Consider using a random string of characters.
考慮使用隨機(jī)字符串。
Consider using a good password management tool to securely generate, store a complex password.
考慮使用良好的密碼管理工具來安全地生成，存儲復(fù)雜的密碼。

Here are some tools that can generate a secure password for you:

以下是一些可以為您生成安全密碼的工具：

Phonetic Password Generator
語音密碼生成器
Norton Password Generator
諾頓密碼生成器
Strong Password Generator
強(qiáng)大的密碼生成器

Finally, make sure you don’t use the same password as you use elsewhere. All passwords should be unique.

最后，請確保您使用的密碼與其他地方使用的密碼不同。所有密碼應(yīng)唯一。

17.強(qiáng)制所有用戶使用強(qiáng)密碼 (17. Force All Users to Have Strong Passwords)

It’s no good if you use a strong password, but the rest of the team aren’t so diligent. You don’t want any weak links in the chain.

如果您使用強(qiáng)密碼，那就不好了，但是團(tuán)隊(duì)的其他成員卻沒有那么勤奮。您不希望鏈中有任何薄弱環(huán)節(jié)。

You can ensure everyone uses a strong password by using a plugin like Force Strong Passwords.

通過使用諸如Force Strong Passwords之類的插件，可以確保每個人都使用強(qiáng)密碼。

18.定期更改密碼 (18. Change Your Password Regularly)

The longer you use the same password, the more time you give hackers to crack it. Shorten the window of opportunity!

您使用相同密碼的時間越長，黑客就可以花更多的時間來破解它。縮短機(jī)會之窗！

Change your password at least a few times a year. And encourage your other users to do the same.

每年至少更改幾次密碼。并鼓勵您的其他用戶也這樣做。

19.使用兩要素驗(yàn)證(2FA) (19. Use 2-Factor Authentication (2FA))

Two-factor authentication (2FA) increases security when logging in by requiring a unique code in addition to a username and password. The code is generated for one-time-use by an app, or and sent to a device/smartphone via SMS.

兩因素身份驗(yàn)證(2FA)通過在用戶名和密碼之外還要求唯一的代碼來提高登錄時的安全性。該代碼由應(yīng)用程序一次性生成，或通過SMS發(fā)送到設(shè)備/智能手機(jī)。

Further reading:

進(jìn)一步閱讀：

2-Step Verification for WordPress Using Google Authenticator
使用Google Authenticator對WordPress進(jìn)行兩步驗(yàn)證

20.限制登錄嘗試 (20. Limit Login Attempts)

Give hackers less opportunity to guess your password, and protect your site from brute-force attacks, by limiting the number of login attempts that are possible. This will automatically block the login screen after a configurable number of tries, and informs the administrator by email.

通過限制可能的登錄嘗試次數(shù)，使黑客更少機(jī)會猜測密碼，并保護(hù)您的網(wǎng)站免受暴力攻擊。嘗試次數(shù)可配置后，這將自動阻止登錄屏幕，并通過電子郵件通知管理員。

You can limit login attempts by using one of these plugins:

您可以使用以下插件之一來限制登錄嘗試：

WP Limit Login Attempts
WP限制登錄嘗試
Login Lockdown
登錄鎖定

21.在您的登錄屏幕上使用CAPTCHA或reCAPTCHA (21. Use CAPTCHA or reCAPTCHA on Your Login Screen)

In addition to a username and password, use CAPTCHA or reCAPTCHA on your login screen. The user is asked to input what they see in an image as text, which is a useful way to stop botnets from attempting to log in by brute force.

除了用戶名和密碼，在登錄屏幕上使用CAPTCHA或reCAPTCHA。要求用戶輸入他們在圖像中看到的內(nèi)容作為文本，這是阻止僵尸網(wǎng)絡(luò)嘗試通過暴力登錄的一種有用方法。

Further reading:

進(jìn)一步閱讀：

No CAPTCHA reCAPTCHA Integration with WordPress
沒有與WordPress的CAPTCHA reCAPTCHA集成

22.將安全性問題添加到您的登錄屏幕 (22. Add A Security Question to Your Login Screen)

Adding a security question to your WordPress login screen makes it harder for someone to gain unauthorized access. You can do this by installing the WP Security Questions plugin.

在您的WordPress登錄屏幕上添加安全問題，使他人更難獲得未經(jīng)授權(quán)的訪問。您可以通過安裝WP安全問題插件來做到這一點(diǎn)。

23.自動注銷空閑用戶 (23. Automatically Log Out Idle Users)

Users can sometimes wander away from the screen when they are logged in, posing a security risk—someone can hijacking their session, changing passwords, or making changes to their account.

用戶有時在登錄時可能會從屏幕上走開，從而帶來安全風(fēng)險-有人可以劫持其會話，更改密碼或更改其帳戶。

You can automatically log inactive users out with the Idle User Logout plugin.

您可以使用空閑用戶注銷插件自動注銷不活動的用戶。

24.分配用戶盡可能低的角色 (24. Assign Users the Lowest Role Possible)

Users are the weakest point of any system. That weak point is most dangerous when they have administrator privileges.

用戶是任何系統(tǒng)的最薄弱環(huán)節(jié)。當(dāng)他們擁有管理員特權(quán)時，這一弱點(diǎn)是最危險的。

Few actually need administrative access. WordPress offers a range of alternate roles to choose from:

實(shí)際上很少需要管理權(quán)限。 WordPress提供了一系列替代角色供您選擇：

Editor: someone who can publish and manage their own and other people’s posts
編輯：可以發(fā)布和管理自己和其他人的帖子的人
Author: someone who can publish and manage their own posts
作者：可以發(fā)布和管理自己的帖子的人
Contributor: someone who can write and manage their own posts but cannot publish them.
投稿人：可以撰寫和管理自己的帖子但不能發(fā)布的人。

25.對登錄使用強(qiáng)制SSL (25. Use Forced SSL for Logins)

Forced SSL is a relatively simple change which can make a huge difference. Even if you don’t encrypt your entire website, ensure your users have a secure login pages. You’ll need an up-to-date SSL certificate to ensure this.

強(qiáng)制SSL是一個相對簡單的更改，可以帶來很大的不同。即使您不加密整個網(wǎng)站，也請確保您的用戶具有安全的登錄頁面。您需要一個最新的SSL證書來確保這一點(diǎn)。

26.從您的登錄頁面中刪除錯誤消息 (26. Remove Error Messages from Your Login Page)

With every failed login attempt, error messages on your login page can give hackers clues. Remove them by adding the following line of code in your theme functions.php file:

每次嘗試登錄失敗時，登錄頁面上的錯誤消息都可以為黑客提供線索。通過在主題functions.php文件中添加以下代碼行來刪除它們：

add_filter('login_errors',create_function('$a', "return null;"));

27.更改您的WordPress登錄URL (27. Change Your WordPress Login URL)

Knowing that the WordPress admin URL is wp-admin, any hacker can easily get started with brute force attacking. Reduce the risk of getting attacked by changing that URL so hackers won’t be able to find it.

知道WordPress管理員URL是wp-admin ，任何黑客都可以輕松地開始進(jìn)行蠻力攻擊。通過更改該URL來降低遭受攻擊的風(fēng)險，使黑客無法找到它。

WPS Hide Login is the simplest plugin for achieving that.

WPS隱藏登錄是實(shí)現(xiàn)此目的的最簡單插件。

28.隱藏作者用戶名 (28. Hide Author Usernames)

To log in to WordPress you need a username and a password. By default, WordPress makes it easy to discover your authors’ usernames. According to DreamHost, it’s a good idea to hide the author’s username to ensure you aren’t making the hacker’s job easier.

要登錄WordPress，您需要用戶名和密碼。默認(rèn)情況下，WordPress可以輕松發(fā)現(xiàn)作者的用戶名。根據(jù)DreamHost的說法，最好隱藏作者的用戶名，以確保您不會使黑客的工作更加輕松。

To do that, copy and paste the following into your functions.php file:

為此，將以下內(nèi)容復(fù)制并粘貼到functions.php文件中：

add_action(‘template_redirect’, ‘bwp_template_redirect’); function bwp_template_redirect() { if (is_author()) { wp_redirect( home_url() ); exit; } }

29.密碼保護(hù)wp-login.php (29. Password Protect wp-login.php)

This one’s for advanced users. You can provide another layer of security by requiring a server-side login before the WordPress login screen is displayed.

這是給高級用戶的。通過在顯示W(wǎng)ordPress登錄屏幕之前要求服務(wù)器端登錄，可以提供另一層安全性。

Learn more here:

在此處了解更多信息：

Preventing Brute Force attacks against WordPress websites
防止針對WordPress網(wǎng)站的蠻力攻擊

30.保護(hù)wp-admin目錄 (30. Protect the wp-admin Directory)

If only you (or your authors, but not members or readers) need to log in, then restrict access to your /wp-admin/ folder or wp-login.php file.

如果僅您(或您的作者，而不是成員或讀者)需要登錄，則限制對/wp-admin/文件夾或wp-login.php文件的訪問。

If you only log in from your home computer, restrict the log in screen to only that computer. Grab your home IP address (using whatismyip.com or similar) and add these lines to the .htaccess file in your WordPress admin folder (replacing xx.xxx.xxx.xxx with your IP address):

如果僅從家用計算機(jī)登錄，則將登錄屏幕限制為僅該計算機(jī)。獲取您的家庭IP地址(使用whatismyip.com或類似文件)，并將這些行添加到WordPress admin文件夾中的.htaccess文件中(用您的IP地址替換xx.xxx.xxx.xxx)：

<Files wp-login.php> order deny,allow Deny from all Allow from xx.xxx.xxx.xxx </Files>

To allow access to multiple computers (office/home/laptop or user1/user2/user3), add another Allow from xx.xxx.xxx.xxx statement on a new line.

要允許訪問多臺計算機(jī)(辦公室/家庭/筆記本電腦或user1 / user2 / user3)，請?jiān)谛滦猩咸砑恿硪粋€允許來自xx.xxx.xxx.xxx的語句。

31.禁用XML-RPC (31. Disable XML-RPC)

XML-RPC allows users to connect to WordPress remotely via blogging clients, and is used for trackbacks and pingbacks. It has been enabled by default since WordPress 3.5.

XML-RPC允許用戶通過博客客戶端遠(yuǎn)程連接到WordPress，并用于引用和pingback。自WordPress 3.5起，默認(rèn)情況下已啟用它。

Unfortunately, hackers can use it for DDoS attacks, so if you don’t use those features, consider disabling XML-RPC.

不幸的是，黑客可以將其用于DDoS攻擊，因此，如果您不使用這些功能，請考慮禁用XML-RPC。

This can be done with one of the following plugins:

可以使用以下插件之一完成此操作：

Disable XML-RPC Pingback
禁用XML-RPC Pingback
Disable XML-RPC
禁用XML-RPC

保護(hù)您的WordPress數(shù)據(jù)庫和文件 (Secure Your WordPress Database & Files)

32.使用強(qiáng)MySQL數(shù)據(jù)庫名稱 (32. Use Strong MySQL Database Names)

Avoid naming your database “wordpress” with a user ID of “user” and a password of “password.” You only set the database up once, so make them as complex as you like. If you forget them, you can check the details in wp-config.php.

避免使用用戶標(biāo)識“ user”和密碼“ password”來命名數(shù)據(jù)庫“ wordpress”。您只需設(shè)置一次數(shù)據(jù)庫，即可使它們盡可能復(fù)雜。如果您忘記了它們，可以在wp-config.php查看詳細(xì)信息。

33.為數(shù)據(jù)庫設(shè)置強(qiáng)密碼 (33. Set Strong Passwords for Your Database)

Use a strong password for WordPress to access the database. See our password hints in #16 above.

為WordPress使用強(qiáng)密碼來訪問數(shù)據(jù)庫。請參閱上面＃16中的密碼提示。

34.更改WordPress數(shù)據(jù)庫表前綴 (34. Change the WordPress Database Table Prefix)

When you install WordPress, tables use table prefixes like Wp_ by default. Knowing this, hackers with automated tools can work out your database structure. Change the prefix so that it becomes more difficult to run SQL injection queries and other attacks.

當(dāng)您安裝WordPress時，表默認(rèn)使用表前綴，如Wp_ 。知道了這一點(diǎn)，使用自動化工具的黑客可以確定您的數(shù)據(jù)庫結(jié)構(gòu)。更改前綴，使運(yùn)行SQL注入查詢和其他攻擊變得更加困難。

35.使用SFTP連接到服務(wù)器 (35. Use SFTP to Connect to Your Server)

Use an SFTP (Secure FTP) connection when connecting to your server. This ensure the communication between your machine and the server is protected. Most hosts , like SiteGround, offer SFTP.

連接到服務(wù)器時，請使用SFTP(安全FTP)連接。這樣可以確保您的機(jī)器與服務(wù)器之間的通信受到保護(hù)。大多數(shù)主機(jī)(例如SiteGround)都提供SFTP。

Further reading:

進(jìn)一步閱讀：

Explanation of the FTP and SFTP protocols
FTP和SFTP協(xié)議說明

36.限制文件權(quán)限 (36. Restrict File Permissions)

Protect the security of your site by setting your file permissions to the bare minimum:

將文件權(quán)限設(shè)置為最低限度，以保護(hù)網(wǎng)站的安全：

Set the CHMOD value to 755 for folders. Only the owner will have write permissions, and others will have read and execute permissions.
將文件夾的CHMOD值設(shè)置為755。僅所有者擁有寫權(quán)限，其他所有者具有讀和執(zhí)行權(quán)限。
Set the CHMOD value to 644 for files. Owners have the read and write permissions, and others can only read the files.
將文件的CHMOD值設(shè)置為644。所有者具有讀寫權(quán)限，其他人只能讀取文件。

37.監(jiān)控惡意軟件 (37. Monitor for Malware)

If a breach does happen, you don’t want to be serving malware to your visitors unaware. You need a solution in place that will scan regularly for infected files.

如果確實(shí)發(fā)生違規(guī)行為，則您不想在沒有意識到的情況下向訪問者提供惡意軟件。您需要一個可以定期掃描受感染文件的解決方案。

There are several server-side scanning solutions, including Sucuri. Some hosting providers, like SiteGround, have it set up out of the box.

有幾種服務(wù)器端掃描解決方案，包括Sucuri 。一些托管服務(wù)提供商(例如SiteGround )已將其設(shè)置為開箱即用。

選擇一個安全的托管服務(wù)提供商 (Choose a Secure Hosting Provider)

41% of hacked sites are because of security vulnerabilities on the hosting platform. So take special care when choosing or changing yuour hosting provider.

被黑客入侵的網(wǎng)站中有41％是由于托管平臺上的安全漏洞所致。因此，在選擇或更改您的托管服務(wù)提供商時要格外小心。

38.選擇您可以負(fù)擔(dān)的最佳托管計劃 (38. Choose the Best Hosting Plan You Can Afford)

Your WordPress site is only as secure as your hosting account. If it’s running an old, vulnerable version of PHP, it won’t matter what you do to secure WordPress.

您的WordPress網(wǎng)站僅與托管帳戶一樣安全。如果運(yùn)行的是舊的易受攻擊PHP版本，那么保護(hù)WordPress的安全無所謂。

It’s essential that you choose a hosting provider that prioritises security. Some of the features that you should look for are:

選擇優(yōu)先考慮安全性的托管服務(wù)提供商至關(guān)重要。您應(yīng)該尋找的一些功能是：

Support for the latest PHP and MySQL versions
支持最新PHP和MySQL版本
Account isolation
帳戶隔離
Web Application Firewall
Web應(yīng)用防火墻
Intrusion detecting system
入侵檢測系統(tǒng)
Proactive updates and patches
主動更新和補(bǔ)丁
Fast server monitoring
快速服務(wù)器監(jiān)控
Daily backups
每日備份

SiteGround, our preferred hosting provider, provides all of that and more.

我們首選的托管服務(wù)提供商 SiteGround 提供了所有這些以及更多功能。

39.利用您的托管服務(wù)提供商的安全解決方案 (39. Take Advantage of Your Hosting Provider’s Security Solutions)

Several companies now offer secure, managed WordPress hosting with excellent security solutions, such as WP Engine, SiteGround and Media Temple. They spend time, effort and expertise configuring their tools for maximum effectiveness.

現(xiàn)在，多家公司提供了具有出色安全解決方案的安全，托管WordPress托管，例如WP Engine，SiteGround和Media Temple。他們花費(fèi)時間，精力和專業(yè)知識來配置其工具，以實(shí)現(xiàn)最大的效率。

For example, WP Engine will automatically update WordPress and key plugins, and disable plugins known to cause performance and security issues. They provide hardware based firewalls and configuration to ensure that Distributed Denial of Service (DDoS) attacks don’t bring your site down.

例如，WP Engine將自動更新WordPress和密鑰插件，并禁用已知會導(dǎo)致性能和安全問題的插件。它們提供基于硬件的防火墻和配置，以確保分布式拒絕服務(wù)(DDoS)攻擊不會使您的站點(diǎn)癱瘓。

SiteGround provides automatic updates for the WordPress core and plugins, an efficient ch-root account isolation for all accounts on shared servers, and sophisticated systems that block malicious bots and attackers.

SiteGround為WordPress核心和插件提供自動更新，為共享服務(wù)器上的所有帳戶提供有效的ch-root帳戶隔離，以及阻止惡意bot和攻擊者的復(fù)雜系統(tǒng)。

安全插件 (Security Plugins)

40.安裝良好的安全性插件 (40. Install good security plugins)

We’ve focused on highly-rated plugins that cover a range of security features, rather than one-trick-wonders. If your hosting provider doesn’t already have a comprehensive security solution, installing one of these would be a great first step in your security strategy.

我們專注于涵蓋一系列安全功能而不是一招多得的高評價插件。如果您的托管服務(wù)提供商還沒有全面的安全解決方案，那么安裝其中一個將是您安全策略的重要第一步。

Have we missed your favorite security plugin? Let us know in the comments.

我們錯過了您最喜歡的安全插件嗎？讓我們在評論中知道。

41. WordFence (41. WordFence)

Cost: Free, Premium from $99/year
費(fèi)用：免費(fèi)，高級版每年99美元起
Active installs: 2+ million
有效安裝次數(shù)：2+百萬
Rating: 4.8 out of 5 stars (3,048 reviews)
評分：4.8 / 5星(3,048條點(diǎn)評)

Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize.

Wordfence Security是100％免費(fèi)和開源的。我們還提供了高級API密鑰，可為您提供高級支持，國家/地區(qū)阻止，計劃掃描，密碼審核，威脅防御源的實(shí)時更新，兩因素身份驗(yàn)證，甚至檢查您的網(wǎng)站IP地址是否用于垃圾廣告。

WordFence includes these security features:

WordFence包括以下安全功能：

Firewall. WAF with automatically updated firewall rules that block common WordPress security threats.
防火墻。 WAF具有自動更新的防火墻規(guī)則，可以阻止常見的WordPress安全威脅。
Blocking features. Real-time blocking of known attackers and malicious networks and other security threats.
阻止功能。 實(shí)時阻止已知攻擊者和惡意網(wǎng)絡(luò)以及其他安全威脅。
Login security. Two-factor authentication, enforced strong passwords, security to lock out brute force attacks.
登錄安全性。 兩因素身份驗(yàn)證，強(qiáng)制使用強(qiáng)密碼，安全性可阻止暴力攻擊。
Security scanning. Scans core files, themes and plugins for malware and backdoors, and checks for files that have been changed.
安全掃描。 掃描核心文件，主題和插件中是否存在惡意軟件和后門，并檢查是否已更改文件。
Monitoring. Monitors traffic in real time including bots and reverse DNS, monitors for DNS changes and disk space.
監(jiān)控。 實(shí)時監(jiān)控流量，包括漫游器和反向DNS，監(jiān)控DNS更改和磁盤空間。

42.多合一可濕性粉劑安全性和防火墻 (42. All In One WP Security & Firewall)

Cost: Free
費(fèi)用：免費(fèi)
Active installs: 500,000+
有效安裝：500,000+
Rating: 4.8 out of 5 stars (669 reviews)
評分：4.8 / 5星(669條點(diǎn)評)

A comprehensive, easy to use, stable and well supported security plugin… It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.

一個全面，易于使用，穩(wěn)定且得到良好支持的安全插件……它通過檢查漏洞以及實(shí)施和實(shí)施最新推薦的WordPress安全實(shí)踐和技術(shù)來降低安全風(fēng)險。

All In One WP Security & Firewall includes these security features:

多合一WP安全性和防火墻包括以下安全功能：

User accounts security. Change the default admin username, check for user display names that are the same as usernames, password strength tool, stop user enumeration.
用戶帳戶安全性。 更改默認(rèn)的管理員用戶名，檢查與用戶名，密碼強(qiáng)度工具相同的用戶顯示名稱，停止用戶枚舉。
User login security. Login lockdown (brute force protection), log out inctive users, view failed login attempts, whitelist IP addresses, see who’s logged in, CAPTCHA.
用戶登錄安全性。 登錄鎖定(強(qiáng)力保護(hù))，注銷吸引用戶，查看失敗的登錄嘗試，將IP地址列入白名單，查看誰登錄，CAPTCHA。
User registration security. Enable manual approval, CAPTCHA, Honeypot.
用戶注冊安全。 啟用手動批準(zhǔn)，CAPTCHA，Honeypot。
Database security. Set the default WP prefix, schedule automatic backups.
數(shù)據(jù)庫安全性。 設(shè)置默認(rèn)的WP前綴，安排自動備份。
File system security. Identify and fix insecure permissions, disable file editing from WP admin, monitor system logs.
文件系統(tǒng)安全性。 識別并修復(fù)不安全的權(quán)限，從WP管理員禁用文件編輯，監(jiān)視系統(tǒng)日志。
htaccess and wp-config.php file backup and restore. Easily backup, restore and modify these important files.
htaccess和wp-config.php文件備份和還原。 輕松備份，還原和修改這些重要文件。
Blacklist functionality. Ban users based on IP address or range, or by specifying user agents.
黑名單功能。 根據(jù)IP地址或范圍或通過指定用戶代理來禁止用戶。
Firewall. Add firewall protection via htaccess, firewall rules that stop malicious scripts.
防火墻。 通過htaccess(阻止惡意腳本的防火墻規(guī)則)添加防火墻保護(hù)。
Brute force login and attack prevention. Cookie-based login prevention, CAPTCHA on login form, rename login form URL, Honeypot.
暴力登錄和攻擊防范。 基于Cookie的登錄預(yù)防，登錄表單上的CAPTCHA，重命名登錄表單URL，Honeypot。
Whois lookup. Get full details of a suspicous host.
Whois查找。 獲取可疑主機(jī)的完整詳細(xì)信息。
Security scanner. File change alerts, scan database tables for suspicious strings.
安全掃描儀。 文件更改警報，掃描數(shù)據(jù)庫表以查找可疑字符串。
Comment spam security. Block IP addresses of spammers, add CAPTCHA to comment form.
評論垃圾郵件的安全性。 阻止垃圾郵件發(fā)送者的IP地址，將CAPTCHA添加到評論表單。
Front-end text copy protection. Disables right click, text selection and the copy option.
前端文本復(fù)制保護(hù)。 禁用右鍵單擊，文本選擇和復(fù)制選項(xiàng)。

43. iThemes安全 (43. iThemes Security)

Cost: Free, Pro: 2 sites $80/year, 10 sites $100/year, unlimited sites $150/year, Gold $297 lifetime.
費(fèi)用：免費(fèi)，專業(yè)版：2個站點(diǎn)$ 80 /年，10個站點(diǎn)$ 100 /年，無限制站點(diǎn)$ 150 /年，金牌終身$ 297。
Previously called Better WP Security
以前稱為“更好的WP安全性”
Active installs: 800,000+
有效安裝：800,000+
Rating: 4.7 out of 5 stars (3,812 reviews)
評分：4.7分，滿分5星(3,812條點(diǎn)評)

iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.

iThemes Security Pro消除了WordPress安全性的猜測。您不必一定是安全專家才能使用安全插件，因此iThemes Security Pro可以輕松保護(hù)和保護(hù)WordPress網(wǎng)站。

The free version gives you some protection, but the Pro version includes these security features:

免費(fèi)版本為您提供了一些保護(hù)，但是Pro版本包含以下安全功能：

Two-Factor Authentication. “Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.”
兩因素身份驗(yàn)證。 “使用移動應(yīng)用程序(例如Google Authenticator或Authy)來生成代碼或?qū)⑸傻拇a通過電子郵件發(fā)送給您。”
WordPress Salts & Security Keys. “The iThemes Security plugin makes updating your WordPress keys and salts easy.”
WordPress鹽和安全密鑰。 “ iThemes安全性插件使更新WordPress密鑰和鹽變得容易。”
Malware Scan Scheduling. “Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.”
惡意軟件掃描計劃。 “每天自動為您的網(wǎng)站掃描惡意軟件。如果發(fā)現(xiàn)問題，則會發(fā)送一封包含詳細(xì)信息的電子郵件。”
Password Security. “Generate strong passwords right from your profile screen.”
密碼安全性。 “直接在您的個人資料屏幕上生成強(qiáng)密碼。”
Password Expiration. “Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).”
密碼過期。 “設(shè)置密碼最長使用期限，并強(qiáng)制用戶選擇新密碼。您還可以強(qiáng)制所有用戶立即選擇新密碼(如果需要)。”
Google reCAPTCHA. “Protect your site against spammers.”
Google reCAPTCHA。 “保護(hù)您的網(wǎng)站免受垃圾郵件發(fā)送者的侵害。”
User Action Logging. “Track when users edit content, login or logout.”
用戶操作日志記錄。 “跟蹤用戶何時編輯內(nèi)容，登錄或注銷。”
Import/Export Settings. “Saves time setting up multiple WordPress sites.”
導(dǎo)入/導(dǎo)出設(shè)置。 “節(jié)省了設(shè)置多個WordPress網(wǎng)站的時間。”
Dashboard Widget. “Manage important tasks such as user banning and system scans right from the WordPress dashboard.”
儀表板小部件。 “直接從WordPress儀表板管理重要任務(wù)，例如用戶禁止和系統(tǒng)掃描。”
Online File Comparison. “When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.”
在線文件比較。 “檢測到文件更改后，它將掃描文件的來源，以確定更改是否是惡意的。目前僅適用于WordPress核心，但插件和主題即將推出。”
Temporary Privilege Escalation. “Give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.”
臨時特權(quán)升級。 “授予承包商或其他人臨時管理員或編輯者對您的網(wǎng)站的訪問權(quán)限，該權(quán)限將自動重置。”
wp-cli Integration. “Manage your site’s security from the command line.”
wp-cli集成。 “從命令行管理站點(diǎn)的安全性。”

44. Sucuri安全 (44. Sucuri Security)

Cost: Free, Basic $199/year, Pro $299/year, Business $499/year
費(fèi)用：免費(fèi)，基本版$ 199 /年，專業(yè)版$ 299 /年，企業(yè)版$ 499 /年
Active installs: 300,000+
有效安裝：300,000+
Rating: 4.6 out of 5 stars (260 reviews)
評分：4.6 / 5星(260條點(diǎn)評)

We keep your website safe and hack-free! The Sucuri Platform is a suite of tools designed for complete website security. With no additional cost or hidden fees, the Sucuri Platform is affordable, easy to deploy, and supported by a team of professionals at your disposal.

我們確保您的網(wǎng)站安全無黑客！ Sucuri平臺是一套旨在實(shí)現(xiàn)完整網(wǎng)站安全性的工具。 Sucuri平臺不收取任何額外費(fèi)用或隱性費(fèi)用，價格實(shí)惠，易于部署，并由您支配的專業(yè)團(tuán)隊(duì)提供支持。

Sucuri forms part of the security solution of many quality hosting providers, including SiteGround. It’s a valuable tool for SiteGround to protect its clients’ sites from malware, because it scans every link that is accessible from the website homepage on a daily basis. It includes these security features:

Sucuri構(gòu)成了許多優(yōu)質(zhì)托管服務(wù)提供商(包括SiteGround)安全解決方案的一部分。這是SiteGround保護(hù)客戶網(wǎng)站免受惡意軟件侵害的寶貴工具，因?yàn)樗刻於紩呙杩蓮木W(wǎng)站主頁訪問的每個鏈接。它包括以下安全功能：

Clean and repair hacked websites. “Professional security incident response team available 24/7/365.”
清理和修復(fù)被黑的網(wǎng)站。 “專業(yè)安全事件響應(yīng)團(tuán)隊(duì)將于24/7/365提供服務(wù)。”
Attack and hack prevention. “A cloud-based WAF/IPS solution designed to stop hacks and attacks.”
攻擊和黑客防御。 “旨在阻止黑客和攻擊的基于云的WAF / IPS解決方案。”
Continuous monitoring. “Continuous monitoring and alerting of any security-related issues.”
持續(xù)監(jiān)控。 “持續(xù)監(jiān)視和警告任何與安全相關(guān)的問題。”

The free WordPress security plugin includes these features:

免費(fèi)的WordPress安全插件包括以下功能：

Security Activity Audit Logging
安全活動審核日志記錄
File Integrity Monitoring
文件完整性監(jiān)控
Remote Malware Scanning
遠(yuǎn)程惡意軟件掃描
Blacklist Monitoring
黑名單監(jiān)控
Effective Security Hardening
有效的安全加固
Post-Hack Security Actions
黑客入侵后的安全措施
Security Notifications
安全通知

45. Jetpack ，現(xiàn)在包括VaultPress (45. Jetpack, which now includes VaultPress)

Cost: Free, Personal ($39/year), Premium ($99/year), Professional ($299/year)
費(fèi)用：免費(fèi)，個人($ 39 /年)，高級($ 99 /年)，專業(yè)($ 299 /年)
Active installs: 3+ million
有效安裝次數(shù)：3+百萬
Rating: 4.1 out of 5 stars (1,330 reviews)
評分：4.1，滿分5星(1,330條點(diǎn)評)

Jetpack (by Automattic, who bring you WordPress) does more than just security. It basically brings the features of WordPress.com to the rest of us, which is appealing. For security and backup the paid plans includes VaultPress.

Jetpack(由Automattic帶來，它為您帶來了WordPress)所做的不僅僅是安全性。它基本上將WordPress.com的功能帶給了我們其他人，這很有吸引力。為了安全和備份，付費(fèi)計劃包括VaultPress。

VaultPress is a real-time backup and security scanning service designed and built by Automattic, the same company that operates (and backs up!) millions of sites on WordPress.com.

VaultPress是由Automattic設(shè)計和構(gòu)建的實(shí)時備份和安全掃描服務(wù)，該公司在WordPress.com上運(yùn)營(并備份！)數(shù)百萬個網(wǎng)站。

VaultPress is now powered by Jetpack and effortlessly backs up every post, comment, media file, revision, and dashboard setting on your site to our servers. With VaultPress you’re protected against hackers, malware, accidental damage, and host outages.

VaultPress現(xiàn)在由Jetpack提供支持，可輕松將您網(wǎng)站上的所有帖子，評論，媒體文件，修訂和儀表板設(shè)置備份到我們的服務(wù)器。使用VaultPress，您可以免受黑客，惡意軟件，意外損壞和主機(jī)中斷的影響。

VaultPress includes these security features:

VaultPress包括以下安全功能：

Backups. “Comprehensive daily or real-time automated backups stored in our offsite digital vault, optimized for WordPress and better than your host.”
備份。 “存儲在我們的異地數(shù)字保管庫中的全面的每日或?qū)崟r自動備份，針對WordPress進(jìn)行了優(yōu)化，并且比您的主機(jī)更好。”
Restores. “Even during the most stressful moments we have your back. Restore your entire online presence quickly and easily without needing your host.”
恢復(fù)。 “即使在最緊張的時刻，我們也有支持。無需主機(jī)即可快速輕松地恢復(fù)整個在線狀態(tài)。”
File scanning. “Automatically detect and eliminate viruses, malware, and other exploitable security problems that may be hiding in your website.”
文件掃描。 “自動檢測并消除可能隱藏在您網(wǎng)站中的病毒，惡意軟件和其他可利用的安全問題。”
Automated file repair. “Fix detected viruses, malware, and other dangerous threats with a single click.”
自動文件修復(fù)。 “單擊即可修復(fù)檢測到的病毒，惡意軟件和其他危險威脅。”
Spam defense. “Protect your SEO, readers, and brand reputation by automatically blocking all spammers.”
垃圾郵件防御。 “通過自動阻止所有垃圾郵件發(fā)送者來保護(hù)您的SEO，讀者和品牌聲譽(yù)。”

46. 防彈安全 (46. BulletProof Security)

Cost: Free, Pro $59.95 (one time purchase)
費(fèi)用：免費(fèi)，專業(yè)版$ 59.95(一次性購買)
Active installs: 100,000+
有效安裝：100,000+
Rating: 4.7 out of 5 stars (302 reviews)
評分：4.7分，滿分5星(302條評論)

BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 5+ years and is installed on over 30,000 websites worldwide. Not a single one of those 30,000+ websites in 5+ years have been hacked.

BulletProof Security Pro擁有出色的記錄。 BPS Pro已公開發(fā)布5年以上，并已在全球30,000多個網(wǎng)站上安裝。在過去5年多的時間里，這30,000多個網(wǎng)站中沒有一個被黑客入侵。

100% hack free website guarantee. If your website is hacked after installing BPS Pro, we will clean up your hacked website for free. We can easily offer that awesome deal because your website will never be hacked if you have BPS Pro installed.

100％免費(fèi)破解網(wǎng)站保證。如果在安裝BPS Pro后您的網(wǎng)站被黑，我們將免費(fèi)清理被黑的網(wǎng)站。我們可以輕松地提供這項(xiàng)令人敬畏的交易，因?yàn)槿绻惭b了BPS Pro，您的網(wǎng)站將永遠(yuǎn)不會被黑客入侵。

The free version includes these security features:

免費(fèi)版本包括以下安全功能：

One-Click setup wizard
一鍵式安裝向?qū)?
.htaccess website security protection (firewalls)
.htaccess網(wǎng)站安全保護(hù)(防火墻)
Hidden plugin folders / files cron (HPF)
隱藏的插件文件夾/文件cron(HPF)
Login security & monitoring
登錄安全和監(jiān)控
Idle session logout (ISL)
空閑會話注銷(ISL)
Auth cookie expiration (ACE)
身份驗(yàn)證Cookie到期時間(ACE)
DB backup: full/Partial, manual/scheduled, email/zip, cron delete old backups, logging
數(shù)據(jù)庫備份：完整/部分，手動/預(yù)定，電子郵件/ zip，cron刪除舊備份，日志記錄
DB table prefix changer
數(shù)據(jù)庫表前綴更改器
Security logging
安全記錄
HTTP error logging
HTTP錯誤記錄

The Pro version adds these features:

專業(yè)版增加了以下功能：

AutoRestore Intrusion Detection & Prevention System (ARQ IDPS)
自動還原入侵檢測和防御系統(tǒng)(ARQ IDPS)
Quarantine Intrusion Detection & Prevention System (ARQ IDPS)
隔離入侵檢測和防御系統(tǒng)(ARQ IDPS)
Real-time file monitor (IDPS)
實(shí)時文件監(jiān)控器(IDPS)
DB Monitor Intrusion Detection System (IDS)
DB Monitor入侵檢測系統(tǒng)(IDS)
DB diff tool: data comparison tool
DB diff工具：數(shù)據(jù)比較工具
DB status & info
數(shù)據(jù)庫狀態(tài)和信息
Plugin firewall (IP Firewall): automated whitelisting & IP address updating in real time
插件防火墻(IP防火墻)：實(shí)時自動白名單和IP地址更新
JTC anti-spam/anti-hacker
JTC反垃圾郵件/反黑客
Uploads folder anti-exploit guard (UAEG)
上傳文件夾反漏洞防護(hù)(UAEG)
Custom php.ini website security
自定義php.ini網(wǎng)站安全
F-Lock: read only file locking
F-Lock：只讀文件鎖定
Additional logging options
其他記錄選項(xiàng)
S-Monitor: monitoring & alerting core
S-Monitor：監(jiān)視和警報核心
Pro Tools: 16 mini-plugins
Pro Tools：16個迷你插件

47. SecuPress (47. SecuPress)

Cost: Free, 1 site $57.60/year, 3 sites $144/year, 10 sites $288/year, unlimited sites $479/year
費(fèi)用：免費(fèi)，1個站點(diǎn)$ 57.60 /年，3個站點(diǎn)$ 144 /年，10個站點(diǎn)$ 288 /年，無限制站點(diǎn)$ 479 /年
Active installs: 5,000+
有效安裝：5,000+
Rating: 4.8 out of 5 stars (19 reviews)
評分：4.8 / 5星(19條評論)

Protect your WordPress with malware scans, block bots & suspicious IPs. Get a complete WordPress security toolkit for free or as a pro plugin.

通過惡意軟件掃描，阻止漫游器和可疑IP保護(hù)您的WordPress。免費(fèi)或作為專業(yè)插件獲得完整的WordPress安全工具包。

If you are proactive, our free WordPress security plugin is a great choice! No time to activate weekly scans? Then SecuPress pro is the way to go. Our plugin takes care of everything with automated tasks.

如果您積極主動，我們的免費(fèi)WordPress安全插件是一個不錯的選擇！沒有時間激活每周掃描？然后，SecuPress pro是必經(jīng)之路。我們的插件可以自動完成所有任務(wù)。

SecuPress includes these features:

SecuPress包括以下功能：

Anti brute force login
反暴力登錄
Blocked IPs
封鎖的IP
Firewall
防火墻功能
Security alerts
安全警報
Malware scan (Pro)
惡意軟件掃描(專業(yè)版)
Block country by geolocation
按地理位置封鎖國家
Protection of security keys
保護(hù)安全鑰匙
Block visits from bad bots
阻止惡意機(jī)器人的訪問
Vulnerable plugins & themes detection (Pro)
漏洞插件和主題檢測(Pro)
Security reports in PDF format (Pro)
PDF格式的安全報告(Pro)

48. 安全忍者 (48. Security Ninja)

Cost: Single site $29 (1 year updates/support), multi site $79 (1 year updates/support), forever unlimited $199
費(fèi)用：單站點(diǎn)29美元(1年更新/支持)，多站點(diǎn)79美元(1年更新/支持)，永久無限199美元
Active installs: 6,000+
有效安裝：6,000+
Rating: 5 out of 5 stars (6 reviews)
評分：5，滿分5星(6條評論)

Security Ninja helps thousands to stay safe and prevent downtime due to security issues. 50+ tests will provide a comprehensive overview of your site’s security.

安全忍者可幫助數(shù)千人保持安全并防止由于安全問題而導(dǎo)致的停機(jī)。 50多個測試將全面概述您的站點(diǎn)的安全性。

The free version lets you achieve the following:

免費(fèi)版本使您可以實(shí)現(xiàn)以下目標(biāo)：

Perform 50+ security tests including brute-force attacks.
執(zhí)行50多種安全測試，包括蠻力攻擊。
Check your site for security vulnerabilities and holes.
檢查您的站點(diǎn)是否存在安全漏洞和漏洞。
Take preventive measures against attacks.
采取預(yù)防措施以防攻擊。
Prevent 0-day exploit attacks.
防止零日漏洞攻擊。
Use included code snippets for quick fixes.
使用隨附的代碼段進(jìn)行快速修復(fù)。
Brute-force attack on user accounts to test password strength.
對用戶帳戶的蠻力攻擊以測試密碼強(qiáng)度。
Numerous installation parameters tests.
大量的安裝參數(shù)測試。
File permissions.
文件權(quán)限。
Version hiding.
版本隱藏。
0-day exploits tests.
0天漏洞利用測試。
Debug and auto-update modes tests.
調(diào)試和自動更新模式測試。
Database configuration tests.
數(shù)據(jù)庫配置測試。
Apache and PHP related tests
Apache和PHP相關(guān)測試
WP options tests.
WP選項(xiàng)測試。

You can even more protection using these Pro modules:

您可以使用以下Pro模塊提供更多保護(hù)：

Core scanner. “Easily monitor the state of your WP core files. Have a clear view of files that are modified but shouldn’t be and restore them with a single click.”
核心掃描儀。 “輕松監(jiān)視WP核心文件的狀態(tài)。清晰查看已修改但不應(yīng)該修改的文件，只需單擊一下即可恢復(fù)它們。”
Malware scanner. “Powerful heuristic malware scanning algorithm will check all your themes, plugins, uploaded files and options table for suspicious content.”
惡意軟件掃描程序。 “強(qiáng)大的啟發(fā)式惡意軟件掃描算法將檢查您的所有主題，插件，上載的文件和選項(xiàng)表中的可疑內(nèi)容。”
Auto fixer. “If you don’t like creating backups, editing files, messing with code and getting your hands dirty – Security Ninja PRO will do everything for you. Fix security issues with one click.”
自動修復(fù)。 “如果您不喜歡創(chuàng)建備份，編輯文件，弄亂代碼并弄臟手– Security Ninja PRO將為您做所有事情。一鍵解決安全問題。”
Events logger. “Monitor, track and log more than 50 events on the site in great detail. From user actions, to post edits and widget changes – Events Logger sees everything.”
事件記錄器。 “非常詳細(xì)地監(jiān)視，跟蹤和記錄網(wǎng)站上的50多個事件。從用戶操作，到發(fā)布編輯和小部件更改-事件記錄器都能看到一切。”
Scheduled scanner. “Have Security Ninja do automatic, periodic scans of your sites, including scans of core files. If there are any changes you’ll be notified via email.”
預(yù)定的掃描儀。 “讓安全忍者對您的網(wǎng)站進(jìn)行自動的定期掃描，包括對核心文件的掃描。如果有任何更改，您將通過電子郵件收到通知。”

翻譯自: https://www.sitepoint.com/ways-to-keep-your-wordpress-site-secure/

wordpress安全

總結(jié)

以上是生活随笔為你收集整理的wordpress安全_保持WordPress网站安全的48种方法的全部內(nèi)容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網(wǎng)站內(nèi)容還不錯，歡迎將生活随笔推薦給好友。