wordpress安全_保持WordPress网站安全的48种方法
wordpress安全
This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.
本文是與SiteGround合作創建的系列文章的一部分。 感謝您支持使SitePoint成為可能的合作伙伴。
Hackers. Vulnerabilities. Brute-force. Malware. Denial of service. Man-in-the-middle. Phishing. All scary words. We live in a dangerous online world!
駭客。 漏洞。 蠻力。 惡意軟件。 拒絕服務。 中間人。 網絡釣魚。 所有可怕的話。 我們生活在一個危險的在線世界中!
Has your site been hacked? I have, and we’re not alone. In 2012 more than 70% of WordPress sites were vulnerable to attack, and not much has changed since. What have you done to protect ensure you have a secure WordPress site?
您的網站被黑客入侵了嗎? 我有,我們并不孤單。 2012年,超過70%的WordPress網站容易受到攻擊,此后變化不大。 為了保護您的WordPress網站安全,您做了什么保護?
In this article we’ve pulled together security tips from previous SitePoint articles, our own experience, and from around the web, and organized them in a way I hope you find useful and understandable. And most importantly, easy to act on.
在本文中,我們從以前的SitePoint文章,我們自己的經驗以及網絡中收集了安全提示,并以一種希望您覺得有用和易于理解的方式對它們進行了整理。 最重要的是,易于操作。
All-in-one WordPress security plugins are useful (and we’ll be covering them in our next article), but security requires more than just installing a plugin and walking away. It requires a careful strategy and constant vigilance. Be proactive, not reactive. In other words, don’t assume your site is safe—work out a security plan before you are hacked!
多合一WordPress安全插件很有用(我們將在下一篇文章中介紹它們),但是安全性不僅僅需要安裝插件并退出。 這需要謹慎的策略和持續的警惕。 要積極主動,不要被動。 換句話說,不要以為您的網站是安全的- 在被黑之前制定一份安全計劃!
That being said, there is no such thing as 100% security. What you can achieve is risk reduction, and find the balance (for you) between security and convenience.
話雖如此,不存在100%安全的問題。 您可以實現的是降低風險,并在安全性和便利性之間找到平衡點(對您而言)。
Security is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making yourself a target, subsequently getting hacked.” — codex.wordpress.org
安全不是關于完全安全的系統。 這樣的事情很可能是不切實際的,或者不可能找到和/或維護。 安全性是降低風險,而不是消除風險。 它是在合理范圍內使用所有可用的適當控件,使您能夠改善整體姿勢,減少使自己成為目標并隨后被黑客攻擊的幾率。” — codex.wordpress.org
Where should you focus your attention? In an article last year, WP White Security reported the following statistics about hacked websites:
您應該把注意力集中在哪里? 去年, WP White Security在一篇文章中報告了有關被黑網站的以下統計信息:
- 41% were hacked through a security vulnerability on their hosting platform 41%的用戶通過其托管平臺上的安全漏洞被黑客入侵
- 29% were hacked via a security issue in the WordPress Theme they were using 29%的人通過使用的WordPress主題中的安全問題被黑客入侵
- 22% were hacked via a security issue in the WordPress Plugins they were using 他們所使用的WordPress插件中有22%通過安全問題被黑客入侵
- 8% were hacked because they had a weak password 8%被黑客入侵,因為他們的密碼太弱
That’s where the holes are in your defence. Keep that in mind while you’re creating your security strategy.
那就是防守中的漏洞所在。 在創建安全策略時,請記住這一點。
OK. With all that in mind, here are 40 ways you can keep your WordPress site secure. Choose the ones that make sense for you and your site.
好。 考慮到所有這些,這里有40種方法可以確保WordPress網站的安全。 選擇對您和您的網站有意義的內容。
安全WordPress (Secure WordPress)
1.保持WordPress最新 (1. Keep WordPress Up to Date)
The latest of WordPress is most likely more secure than the last one, and has less vulnerabilities. So keep it up to date—it’s a one-click operation. Make sure you back up your site first!
最新的WordPress最有可能比最后一個更安全,并且漏洞更少。 因此,請保持最新狀態-這是一鍵式操作。 確保您首先備份您的網站!
WordPress updates rarely cause problems, but if you like to be careful, update it on a test server first. Or, if you’d just like WordPress to auto-update itself, apply the following code to your wp-config.php file:
WordPress更新很少會引起問題,但是如果您要小心,請首先在測試服務器上對其進行更新。 或者,如果您只是希望WordPress自動更新自身,請將以下代碼應用于wp-config.php文件:
#Enable all core updates, including minor and major: define ( 'WP_AUTO_UPDATE_CORE', true );If you don’t want to manually update your WordPress, consider a hosting provider like our partner SiteGround, which has a special auto-update tool available on all plans.
如果您不想手動更新WordPress,請考慮使用托管服務提供商,例如我們的合作伙伴SiteGround ,該提供商在所有計劃中都有一個特殊的自動更新工具。
2.定期備份您的網站 (2. Back Up Your Site Regularly)
Make sure you make regular backups of your WordPress site. A backup of WordPress data and files can play a crucial role in an emergency. If all else fails, you won’t have to start from scratch!
確保定期對WordPress網站進行備份。 WordPress數據和文件的備份在緊急情況下可以發揮關鍵作用。 如果所有其他方法都失敗了,則您無需從頭開始!
Schedule your backups so you won’t forget them, and do a test restore from time to time.
安排您的備份,使您不會忘記它們,并不時進行測試還原。
Further reading:
進一步閱讀:
5 WordPress Plugins for Backups and Migrations
5個用于備份和遷移的WordPress插件
The Best WordPress Backup Plugins Compared
最好的WordPress備份插件比較
How to Manually Backup Your WordPress Website
如何手動備份您的WordPress網站
Your Regular WordPress Maintenance Checklist
您的常規WordPress維護清單
3.為SSL數據安全啟用SSL (3. Enable SSL for WordPress Data Security)
Enable SSL to secure your WordPress site. A Secure Sockets Layer encrypts all information sent to and from your site, keeping it private and preventing man-in-the-middle attacks where a third party listens in or modifies the communication between the client and the server. As a bonus it can also boost your Google PageRank.
啟用S??SL以保護您的WordPress網站。 安全套接字層對發送到您的站點和從您的站點發送的所有信息進行加密,將其保密,并防止第三方偵聽或修改客戶端與服務器之間的通信的中間人攻擊。 作為獎勵,它還可以提高您的Google PageRank。
The address of an SSL-certified site will start with an?HTTPS, while a site that’s not SSL certified will begin with?HTTP. It’s best to activate HTTPS before installing WordPress, but it’s possible to update your WordPress settings if you add it later. Hosting providers like SiteGround offer free SSL certificates.
SSL認證的站點的地址將以HTTPS開頭,而未經SSL認證的站點的地址將以HTTP開頭。 最好在安裝WordPress之前激活HTTPS,但是如果以后添加它,可以更新WordPress設置。 像SiteGround這樣的托管提供商都提供免費的SSL證書。
Further reading:
進一步閱讀:
Secure WordPress with SSL
使用SSL保護WordPress
4.安全的wp-config.php (4. Secure wp-config.php)
Lock down wp-config.php—it’s one single location that contains a wealth of critical data regarding your database, username, and password. Only you should have access.
鎖定wp-config.php是一個單一位置,其中包含有關數據庫,用戶名和密碼的大量關鍵數據。 只有您應該有權訪問。
To deny access to this file, you should add the code below at the top of the .htaccess file:
要拒絕對此文件的訪問,您應該在.htaccess文件頂部添加以下代碼:
<files wp-config.php>order allow,denydeny from all</files>5.移動wp-config.php (5. Move wp-config.php)
Move the wp-config.php file into the folder above your WordPress installation. This will make it inaccessible to anyone using a browser, meaning a cracker has less chance of locating it.
將wp-config.php文件移動到WordPress安裝上方的文件夾中。 這將使使用瀏覽器的任何人都無法訪問它,這意味著破解者找到它的機會較小。
Further reading:
進一步閱讀:
The Easiest WordPress Security Tip Ever!
最簡單的WordPress安全提示!
6.隱藏WordPress版本號 (6. Hide the WordPress Version Number)
Some versions of WordPress have known vulnerabilities. Someone familiar with those vulnerabilities can discover which version you’re using because it’s shown in the HTML head of every page.
某些版本的WordPress已知漏洞。 熟悉這些漏洞的人可以發現您使用的版本,因為它顯示在每個頁面HTML頭中。
Remove that information by adding the following line to your theme’s functions.php file:
通過將以下行添加到主題的functions.php文件中,刪除該信息:
remove_action('wp_head', 'wp_generator');You should also remove the readme.html file, which also contains the WordPress version number.
您還應該刪除readme.html文件,該文件還包含WordPress版本號。
7.從主題中刪除WordPress參考 (7. Remove WordPress References from Your Theme)
Someone will only try to hack WordPress if they know you’re using it. So keep it a secret! Remove all references to WordPress from your theme files.
只有知道自己正在使用WordPress的人才能嘗試破解。 所以要保守秘密! 從主題文件中刪除所有對WordPress的引用。
Find and delete the references from the header.php that look like this:
從header.php查找并刪除引用,如下所示:
<meta name="generator" content="WordPress" />8.禁用PHP錯誤報告 (8. Disable PHP Error Reporting)
Hackers can use error messages to their advantage. For example, an error from a theme or plugin might display your server path.
黑客可以利用錯誤消息來發揮自己的優勢。 例如,主題或插件出現錯誤可能會顯示您的服務器路徑。
To disable error reporting, add the following code to your wp-config.php file:
要禁用錯誤報告,請將以下代碼添加到wp-config.php文件中:
error_reporting (0); @ini_set ('display_errors', 0);9.更改默認密鑰 (9. Change the Default Secret Keys)
When you install WordPress, four secret keys are written to your wp-config.php file. They improve encryption of information stored in the user’s cookies and make it harder to crack your password.
當您安裝WordPress時,會將四個秘密密鑰寫入wp-config.php文件。 它們改善了存儲在用戶Cookie中的信息的加密,并使得破解密碼更加困難。
Use WordPress’ Secret Code Generator to get some new keys, and copy them into your wp-config.php file.
使用WordPress的密碼生成器獲取一些新密鑰,并將其復制到wp-config.php文件中。
保護您的主題和插件 (Secure Your Themes and Plugins)
51% of hacked sites are because of security issues with themes and plugins. Give special consideration to this section!
51%的被黑網站是由于主題和插件的安全性問題。 請特別注意此部分!
10.保持主題和插件最新 (10. Keep Your Themes and Plugins Up to Date)
Don’t just update WordPress, make sure your themes and plugins are also up to date. Each one is a potential back door to your site, and each new version is likely to have less vulnerabilities.
不要只是更新WordPress,請確保您的主題和插件也是最新的。 每個版本都是您網站的潛在后門,每個新版本的漏洞都可能較少。
11.選擇活動維護且定期更新的主題和插件 (11. Choose Themes and Plugins that are Actively Maintained and Regularly Updated)
If there are security vulnerabilities found in a theme or plugin, you’d like it addressed as quickly as possible. That won’t happen with a theme or plugin that’s no longer maintained. Whenever possible, make sure the themes and plugins you use are actively maintained.
如果在主題或插件中發現安全漏洞,則希望盡快解決。 如果主題或插件不再維護,則不會發生這種情況。 盡可能確保您使用的主題和插件得到積極維護。
Further reading:
進一步閱讀:
How to Protect Yourself from Rogue WordPress Plugins
如何保護自己免受Rogue WordPress插件的侵害
12.刪除您不使用的主題和插件 (12. Delete Themes and Plugins You Don’t Use)
If every theme and plugin is a potential back door, reduce the risk as much as possible. If you’re not using it, remove it. Deactivating plugins isn’t enough—click “Delete”!
如果每個主題和插件都是潛在的后門,請盡可能降低風險。 如果您不使用它,請將其刪除。 僅激活插件是不夠的,請單擊“刪除”!
13.限制對插件目錄的訪問 (13. Restrict Access to Your Plugins Directory)
Restrict access to your WordPress plugins directory: www.your-domain.com/wp-content/plugins/. Otherwise, someone browsing the folder can see which plugins you’re using, explore them for potential vulnerabilities.
限制訪問WordPress插件目錄: www.your-domain.com/wp-content/plugins/ 。 否則,瀏覽該文件夾的人可以查看您正在使用的插件,并對其進行潛在漏洞的探索。
Deny access by uploading a blank index.html file to the directory. Alternatively add the following line at the start in your .htaccess file in the root folder:
通過將空白的index.html文件上傳到目錄來拒絕訪問。 或者,在根文件夾的.htaccess文件的開頭添加以下行:
Options –Indexes14.消除插件和主題編輯器 (14. Eliminate the Plugin and Theme Editor)
There’s a built-in plugin and theme editor on the WordPress dashboard. This editor can be used to bring down your entire site if one of your user accounts is hacked.
WordPress儀表板上有一個內置的插件和主題編輯器。 如果您的一個用戶帳戶被黑客入侵,則可以使用該編輯器關閉整個站點。
If you don’t regularly use the editor, it’s best to disable it. Insert the following into your wp-config.php file:
如果您不定期使用編輯器,則最好將其禁用。 將以下內容插入您的wp-config.php文件:
// Disallow file edit define( 'DISALLOW_FILE_EDIT', true );保護您的登錄 (Secure Your Logins)
8% of hacked sites are caused by weak passwords. Here are some techniques to improve the security of your login procedures.
8%的被黑網站是由密碼弱造成的。 以下是一些提高登錄過程安全性的技術。
15.更改管理員用戶名 (15. Change the Admin Username)
Avoid using the default admin username, or obvious names like ‘administrator’, the name of your site, or your own name. They’re too easy to guess, and a hacked admin account is more dangerous than an author account.
避免使用默認的管理員用戶名或明顯的名稱(例如“ administrator”),您的站點名稱或您自己的名稱。 他們太容易猜到了,被黑的管理員帳戶比作者帳戶更危險。
Choose an appropriate admin username when you’re setting WordPress. If your site is already using “admin”, then create a new admin user, then delete the old one, or alternatively use a plugin like Username Changer.
設置WordPress時,請選擇適當的管理員用戶名。 如果您的站點已經在使用“ admin”,則創建一個新的admin用戶,然后刪除舊的admin用戶,或者使用類似于Username Changer的插件。
16.使用安全密碼 (16. Use a Secure Password)
Choose a complex password comprised of letters, numbers and characters. Here are some hints:
選擇一個由字母,數字和字符組成的復雜密碼。 這里有一些提示:
- Don’t choose a password that’s similar to your username. 不要選擇與您的用戶名相似的密碼。
- Don’t choose a password that’s similar to your website name. 不要選擇與您的網站名稱相似的密碼。
- Don’t choose a password that’s a common word with a few simple changes. 不要選擇經過一些簡單更改的通用密碼。
- Avoid dictionary words. 避免字典單詞。
- Consider using a random string of characters. 考慮使用隨機字符串。
- Consider using a good password management tool to securely generate, store a complex password. 考慮使用良好的密碼管理工具來安全地生成,存儲復雜的密碼。
Here are some tools that can generate a secure password for you:
以下是一些可以為您生成安全密碼的工具:
Phonetic Password Generator
語音密碼生成器
Norton Password Generator
諾頓密碼生成器
Strong Password Generator
強大的密碼生成器
Finally, make sure you don’t use the same password as you use elsewhere. All passwords should be unique.
最后,請確保您使用的密碼與其他地方使用的密碼不同。 所有密碼應唯一。
17.強制所有用戶使用強密碼 (17. Force All Users to Have Strong Passwords)
It’s no good if you use a strong password, but the rest of the team aren’t so diligent. You don’t want any weak links in the chain.
如果您使用強密碼,那就不好了,但是團隊的其他成員卻沒有那么勤奮。 您不希望鏈中有任何薄弱環節。
You can ensure everyone uses a strong password by using a plugin like Force Strong Passwords.
通過使用諸如Force Strong Passwords之類的插件,可以確保每個人都使用強密碼 。
18.定期更改密碼 (18. Change Your Password Regularly)
The longer you use the same password, the more time you give hackers to crack it. Shorten the window of opportunity!
您使用相同密碼的時間越長,黑客就可以花更多的時間來破解它。 縮短機會之窗!
Change your password at least a few times a year. And encourage your other users to do the same.
每年至少更改幾次密碼。 并鼓勵您的其他用戶也這樣做。
19.使用兩要素驗證(2FA) (19. Use 2-Factor Authentication (2FA))
Two-factor authentication (2FA) increases security when logging in by requiring a unique code in addition to a username and password. The code is generated for one-time-use by an app, or and sent to a device/smartphone via SMS.
兩因素身份驗證(2FA)通過在用戶名和密碼之外還要求唯一的代碼來提高登錄時的安全性。 該代碼由應用程序一次性生成,或通過SMS發送到設備/智能手機。
Further reading:
進一步閱讀:
2-Step Verification for WordPress Using Google Authenticator
使用Google Authenticator對WordPress進行兩步驗證
20.限制登錄嘗試 (20. Limit Login Attempts)
Give hackers less opportunity to guess your password, and protect your site from brute-force attacks, by limiting the number of login attempts that are possible. This will automatically block the login screen after a configurable number of tries, and informs the administrator by email.
通過限制可能的登錄嘗試次數,使黑客更少機會猜測密碼,并保護您的網站免受暴力攻擊。 嘗試次數可配置后,這將自動阻止登錄屏幕,并通過電子郵件通知管理員。
You can limit login attempts by using one of these plugins:
您可以使用以下插件之一來限制登錄嘗試:
WP Limit Login Attempts
WP限制登錄嘗試
Login Lockdown
登錄鎖定
21.在您的登錄屏幕上使用CAPTCHA或reCAPTCHA (21. Use CAPTCHA or reCAPTCHA on Your Login Screen)
In addition to a username and password, use CAPTCHA or reCAPTCHA on your login screen. The user is asked to input what they see in an image as text, which is a useful way to stop botnets from attempting to log in by brute force.
除了用戶名和密碼,在登錄屏幕上使用CAPTCHA或reCAPTCHA。 要求用戶輸入他們在圖像中看到的內容作為文本,這是阻止僵尸網絡嘗試通過暴力登錄的一種有用方法。
Further reading:
進一步閱讀:
No CAPTCHA reCAPTCHA Integration with WordPress
沒有與WordPress的CAPTCHA reCAPTCHA集成
22.將安全性問題添加到您的登錄屏幕 (22. Add A Security Question to Your Login Screen)
Adding a security question to your WordPress login screen makes it harder for someone to gain unauthorized access. You can do this by installing the WP Security Questions plugin.
在您的WordPress登錄屏幕上添加安全問題,使他人更難獲得未經授權的訪問。 您可以通過安裝WP安全問題插件來做到這一點。
23.自動注銷空閑用戶 (23. Automatically Log Out Idle Users)
Users can sometimes wander away from the screen when they are logged in, posing a security risk—someone can hijacking their session, changing passwords, or making changes to their account.
用戶有時在登錄時可能會從屏幕上走開,從而帶來安全風險-有人可以劫持其會話,更改密碼或更改其帳戶。
You can automatically log inactive users out with the Idle User Logout plugin.
您可以使用空閑用戶注銷插件自動注銷不活動的用戶。
24.分配用戶盡可能低的角色 (24. Assign Users the Lowest Role Possible)
Users are the weakest point of any system. That weak point is most dangerous when they have administrator privileges.
用戶是任何系統的最薄弱環節。 當他們擁有管理員特權時,這一弱點是最危險的。
Few actually need administrative access. WordPress offers a range of alternate roles to choose from:
實際上很少需要管理權限。 WordPress提供了一系列替代角色供您選擇:
- Editor: someone who can publish and manage their own and other people’s posts 編輯:可以發布和管理自己和其他人的帖子的人
- Author: someone who can publish and manage their own posts 作者:可以發布和管理自己的帖子的人
- Contributor: someone who can write and manage their own posts but cannot publish them. 投稿人:可以撰寫和管理自己的帖子但不能發布的人。
25.對登錄使用強制SSL (25. Use Forced SSL for Logins)
Forced SSL is a relatively simple change which can make a huge difference. Even if you don’t encrypt your entire website, ensure your users have a secure login pages. You’ll need an up-to-date SSL certificate to ensure this.
強制SSL是一個相對簡單的更改,可以帶來很大的不同。 即使您不加密整個網站,也請確保您的用戶具有安全的登錄頁面。 您需要一個最新的SSL證書來確保這一點。
26.從您的登錄頁面中刪除錯誤消息 (26. Remove Error Messages from Your Login Page)
With every failed login attempt, error messages on your login page can give hackers clues. Remove them by adding the following line of code in your theme functions.php file:
每次嘗試登錄失敗時,登錄頁面上的錯誤消息都可以為黑客提供線索。 通過在主題functions.php文件中添加以下代碼行來刪除它們:
add_filter('login_errors',create_function('$a', "return null;"));27.更改您的WordPress登錄URL (27. Change Your WordPress Login URL)
Knowing that the WordPress admin URL is wp-admin, any hacker can easily get started with brute force attacking. Reduce the risk of getting attacked by changing that URL so hackers won’t be able to find it.
知道WordPress管理員URL是wp-admin ,任何黑客都可以輕松地開始進行蠻力攻擊。 通過更改該URL來降低遭受攻擊的風險,使黑客無法找到它。
WPS Hide Login is the simplest plugin for achieving that.
WPS隱藏登錄是實現此目的的最簡單插件。
28.隱藏作者用戶名 (28. Hide Author Usernames)
To log in to WordPress you need a username and a password. By default, WordPress makes it easy to discover your authors’ usernames. According to DreamHost, it’s a good idea to hide the author’s username to ensure you aren’t making the hacker’s job easier.
要登錄WordPress,您需要用戶名和密碼。 默認情況下,WordPress可以輕松發現作者的用戶名。 根據DreamHost的說法,最好隱藏作者的用戶名,以確保您不會使黑客的工作更加輕松。
To do that, copy and paste the following into your functions.php file:
為此,將以下內容復制并粘貼到functions.php文件中:
add_action(‘template_redirect’, ‘bwp_template_redirect’); function bwp_template_redirect() { if (is_author()) { wp_redirect( home_url() ); exit; } }29.密碼保護wp-login.php (29. Password Protect wp-login.php)
This one’s for advanced users. You can provide another layer of security by requiring a server-side login before the WordPress login screen is displayed.
這是給高級用戶的。 通過在顯示WordPress登錄屏幕之前要求服務器端登錄,可以提供另一層安全性。
Learn more here:
在此處了解更多信息:
Preventing Brute Force attacks against WordPress websites
防止針對WordPress網站的蠻力攻擊
30.保護wp-admin目錄 (30. Protect the wp-admin Directory)
If only you (or your authors, but not members or readers) need to log in, then restrict access to your /wp-admin/ folder or wp-login.php file.
如果僅您(或您的作者,而不是成員或讀者)需要登錄,則限制對/wp-admin/文件夾或wp-login.php文件的訪問。
If you only log in from your home computer, restrict the log in screen to only that computer. Grab your home IP address (using whatismyip.com or similar) and add these lines to the .htaccess file in your WordPress admin folder (replacing xx.xxx.xxx.xxx with your IP address):
如果僅從家用計算機登錄,則將登錄屏幕限制為僅該計算機。 獲取您的家庭IP地址(使用whatismyip.com或類似文件),并將這些行添加到WordPress admin文件夾中的.htaccess文件中(用您的IP地址替換xx.xxx.xxx.xxx):
<Files wp-login.php> order deny,allow Deny from all Allow from xx.xxx.xxx.xxx </Files>To allow access to multiple computers (office/home/laptop or user1/user2/user3), add another Allow from xx.xxx.xxx.xxx statement on a new line.
要允許訪問多臺計算機(辦公室/家庭/筆記本電腦或user1 / user2 / user3),請在新行上添加另一個允許來自xx.xxx.xxx.xxx的語句。
31.禁用XML-RPC (31. Disable XML-RPC)
XML-RPC allows users to connect to WordPress remotely via blogging clients, and is used for trackbacks and pingbacks. It has been enabled by default since WordPress 3.5.
XML-RPC允許用戶通過博客客戶端遠程連接到WordPress,并用于引用和pingback。 自WordPress 3.5起,默認情況下已啟用它。
Unfortunately, hackers can use it for DDoS attacks, so if you don’t use those features, consider disabling XML-RPC.
不幸的是,黑客可以將其用于DDoS攻擊,因此,如果您不使用這些功能,請考慮禁用XML-RPC。
This can be done with one of the following plugins:
可以使用以下插件之一完成此操作:
Disable XML-RPC Pingback
禁用XML-RPC Pingback
Disable XML-RPC
禁用XML-RPC
保護您的WordPress數據庫和文件 (Secure Your WordPress Database & Files)
32.使用強MySQL數據庫名稱 (32. Use Strong MySQL Database Names)
Avoid naming your database “wordpress” with a user ID of “user” and a password of “password.” You only set the database up once, so make them as complex as you like. If you forget them, you can check the details in wp-config.php.
避免使用用戶標識“ user”和密碼“ password”來命名數據庫“ wordpress”。 您只需設置一次數據庫,即可使它們盡可能復雜。 如果您忘記了它們,可以在wp-config.php查看詳細信息。
33.為數據庫設置強密碼 (33. Set Strong Passwords for Your Database)
Use a strong password for WordPress to access the database. See our password hints in #16 above.
為WordPress使用強密碼來訪問數據庫。 請參閱上面#16中的密碼提示。
34.更改WordPress數據庫表前綴 (34. Change the WordPress Database Table Prefix)
When you install WordPress, tables use table prefixes like Wp_ by default. Knowing this, hackers with automated tools can work out your database structure. Change the prefix so that it becomes more difficult to run SQL injection queries and other attacks.
當您安裝WordPress時,表默認使用表前綴,如Wp_ 。 知道了這一點,使用自動化工具的黑客可以確定您的數據庫結構。 更改前綴,使運行SQL注入查詢和其他攻擊變得更加困難。
35.使用SFTP連接到服務器 (35. Use SFTP to Connect to Your Server)
Use an SFTP (Secure FTP) connection when connecting to your server. This ensure the communication between your machine and the server is protected. Most hosts , like SiteGround, offer SFTP.
連接到服務器時,請使用SFTP(安全FTP)連接。 這樣可以確保您的機器與服務器之間的通信受到保護。 大多數主機(例如SiteGround)都提供SFTP。
Further reading:
進一步閱讀:
Explanation of the FTP and SFTP protocols
FTP和SFTP協議說明
36.限制文件權限 (36. Restrict File Permissions)
Protect the security of your site by setting your file permissions to the bare minimum:
將文件權限設置為最低限度,以保護網站的安全:
- Set the CHMOD value to 755 for folders. Only the owner will have write permissions, and others will have read and execute permissions. 將文件夾的CHMOD值設置為755。 僅所有者擁有寫權限,其他所有者具有讀和執行權限。
- Set the CHMOD value to 644 for files. Owners have the read and write permissions, and others can only read the files. 將文件的CHMOD值設置為644。 所有者具有讀寫權限,其他人只能讀取文件。
37.監控惡意軟件 (37. Monitor for Malware)
If a breach does happen, you don’t want to be serving malware to your visitors unaware. You need a solution in place that will scan regularly for infected files.
如果確實發生違規行為,則您不想在沒有意識到的情況下向訪問者提供惡意軟件。 您需要一個可以定期掃描受感染文件的解決方案。
There are several server-side scanning solutions, including Sucuri. Some hosting providers, like SiteGround, have it set up out of the box.
有幾種服務器端掃描解決方案,包括Sucuri 。 一些托管服務提供商(例如SiteGround )已將其設置為開箱即用。
選擇一個安全的托管服務提供商 (Choose a Secure Hosting Provider)
41% of hacked sites are because of security vulnerabilities on the hosting platform. So take special care when choosing or changing yuour hosting provider.
被黑客入侵的網站中有41%是由于托管平臺上的安全漏洞所致。 因此,在選擇或更改您的托管服務提供商時要格外小心。
38.選擇您可以負擔的最佳托管計劃 (38. Choose the Best Hosting Plan You Can Afford)
Your WordPress site is only as secure as your hosting account. If it’s running an old, vulnerable version of PHP, it won’t matter what you do to secure WordPress.
您的WordPress網站僅與托管帳戶一樣安全。 如果運行的是舊的易受攻擊PHP版本,那么保護WordPress的安全無所謂。
It’s essential that you choose a hosting provider that prioritises security. Some of the features that you should look for are:
選擇優先考慮安全性的托管服務提供商至關重要。 您應該尋找的一些功能是:
- Support for the latest PHP and MySQL versions 支持最新PHP和MySQL版本
- Account isolation 帳戶隔離
- Web Application Firewall Web應用防火墻
- Intrusion detecting system 入侵檢測系統
- Proactive updates and patches 主動更新和補丁
- Fast server monitoring 快速服務器監控
- Daily backups 每日備份
SiteGround, our preferred hosting provider, provides all of that and more.
我們首選的托管服務提供商 SiteGround 提供了所有這些以及更多功能。
Further Reading:
進一步閱讀:
The Ultimate Guide to Choosing a Hosting Provider
選擇托管服務提供商的終極指南
39.利用您的托管服務提供商的安全解決方案 (39. Take Advantage of Your Hosting Provider’s Security Solutions)
Several companies now offer secure, managed WordPress hosting with excellent security solutions, such as WP Engine, SiteGround and Media Temple. They spend time, effort and expertise configuring their tools for maximum effectiveness.
現在,多家公司提供了具有出色安全解決方案的安全,托管WordPress托管,例如WP Engine,SiteGround和Media Temple。 他們花費時間,精力和專業知識來配置其工具,以實現最大的效率。
For example, WP Engine will automatically update WordPress and key plugins, and disable plugins known to cause performance and security issues. They provide hardware based firewalls and configuration to ensure that Distributed Denial of Service (DDoS) attacks don’t bring your site down.
例如,WP Engine將自動更新WordPress和密鑰插件,并禁用已知會導致性能和安全問題的插件。 它們提供基于硬件的防火墻和配置,以確保分布式拒絕服務(DDoS)攻擊不會使您的站點癱瘓。
SiteGround provides automatic updates for the WordPress core and plugins, an efficient ch-root account isolation for all accounts on shared servers, and sophisticated systems that block malicious bots and attackers.
SiteGround為WordPress核心和插件提供自動更新,為共享服務器上的所有帳戶提供有效的ch-root帳戶隔離,以及阻止惡意bot和攻擊者的復雜系統。
安全插件 (Security Plugins)
40.安裝良好的安全性插件 (40. Install good security plugins)
We’ve focused on highly-rated plugins that cover a range of security features, rather than one-trick-wonders. If your hosting provider doesn’t already have a comprehensive security solution, installing one of these would be a great first step in your security strategy.
我們專注于涵蓋一系列安全功能而不是一招多得的高評價插件。 如果您的托管服務提供商還沒有全面的安全解決方案,那么安裝其中一個將是您安全策略的重要第一步。
Have we missed your favorite security plugin? Let us know in the comments.
我們錯過了您最喜歡的安全插件嗎? 讓我們在評論中知道。
41. WordFence (41. WordFence)
- Cost: Free, Premium from $99/year 費用:免費,高級版每年99美元起
- Active installs: 2+ million 有效安裝次數:2+百萬
- Rating: 4.8 out of 5 stars (3,048 reviews) 評分:4.8 / 5星(3,048條點評)
Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize.
Wordfence Security是100%免費和開源的。 我們還提供了高級API密鑰,可為您提供高級支持,國家/地區阻止,計劃掃描,密碼審核,威脅防御源的實時更新,兩因素身份驗證,甚至檢查您的網站IP地址是否用于垃圾廣告。
WordFence includes these security features:
WordFence包括以下安全功能:
Firewall. WAF with automatically updated firewall rules that block common WordPress security threats.
防火墻。 WAF具有自動更新的防火墻規則,可以阻止常見的WordPress安全威脅。
Blocking features. Real-time blocking of known attackers and malicious networks and other security threats.
阻止功能。 實時阻止已知攻擊者和惡意網絡以及其他安全威脅。
Login security. Two-factor authentication, enforced strong passwords, security to lock out brute force attacks.
登錄安全性。 兩因素身份驗證,強制使用強密碼,安全性可阻止暴力攻擊。
Security scanning. Scans core files, themes and plugins for malware and backdoors, and checks for files that have been changed.
安全掃描。 掃描核心文件,主題和插件中是否存在惡意軟件和后門,并檢查是否已更改文件。
Monitoring. Monitors traffic in real time including bots and reverse DNS, monitors for DNS changes and disk space.
監控。 實時監控流量,包括漫游器和反向DNS,監控DNS更改和磁盤空間。
42.多合一可濕性粉劑安全性和防火墻 (42. All In One WP Security & Firewall)
- Cost: Free 費用:免費
- Active installs: 500,000+ 有效安裝:500,000+
- Rating: 4.8 out of 5 stars (669 reviews) 評分:4.8 / 5星(669條點評)
A comprehensive, easy to use, stable and well supported security plugin… It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
一個全面,易于使用,穩定且得到良好支持的安全插件……它通過檢查漏洞以及實施和實施最新推薦的WordPress安全實踐和技術來降低安全風險。
All In One WP Security & Firewall includes these security features:
多合一WP安全性和防火墻包括以下安全功能:
User accounts security. Change the default admin username, check for user display names that are the same as usernames, password strength tool, stop user enumeration.
用戶帳戶安全性。 更改默認的管理員用戶名,檢查與用戶名,密碼強度工具相同的用戶顯示名稱,停止用戶枚舉。
User login security. Login lockdown (brute force protection), log out inctive users, view failed login attempts, whitelist IP addresses, see who’s logged in, CAPTCHA.
用戶登錄安全性。 登錄鎖定(強力保護),注銷吸引用戶,查看失敗的登錄嘗試,將IP地址列入白名單,查看誰登錄,CAPTCHA。
User registration security. Enable manual approval, CAPTCHA, Honeypot.
用戶注冊安全。 啟用手動批準,CAPTCHA,Honeypot。
Database security. Set the default WP prefix, schedule automatic backups.
數據庫安全性。 設置默認的WP前綴,安排自動備份。
File system security. Identify and fix insecure permissions, disable file editing from WP admin, monitor system logs.
文件系統安全性。 識別并修復不安全的權限,從WP管理員禁用文件編輯,監視系統日志。
htaccess and wp-config.php file backup and restore. Easily backup, restore and modify these important files.
htaccess和wp-config.php文件備份和還原。 輕松備份,還原和修改這些重要文件。
Blacklist functionality. Ban users based on IP address or range, or by specifying user agents.
黑名單功能。 根據IP地址或范圍或通過指定用戶代理來禁止用戶。
Firewall. Add firewall protection via htaccess, firewall rules that stop malicious scripts.
防火墻。 通過htaccess(阻止惡意腳本的防火墻規則)添加防火墻保護。
Brute force login and attack prevention. Cookie-based login prevention, CAPTCHA on login form, rename login form URL, Honeypot.
暴力登錄和攻擊防范。 基于Cookie的登錄預防,登錄表單上的CAPTCHA,重命名登錄表單URL,Honeypot。
Whois lookup. Get full details of a suspicous host.
Whois查找。 獲取可疑主機的完整詳細信息。
Security scanner. File change alerts, scan database tables for suspicious strings.
安全掃描儀。 文件更改警報,掃描數據庫表以查找可疑字符串。
Comment spam security. Block IP addresses of spammers, add CAPTCHA to comment form.
評論垃圾郵件的安全性。 阻止垃圾郵件發送者的IP地址,將CAPTCHA添加到評論表單。
Front-end text copy protection. Disables right click, text selection and the copy option.
前端文本復制保護。 禁用右鍵單擊,文本選擇和復制選項。
43. iThemes安全 (43. iThemes Security)
- Cost: Free, Pro: 2 sites $80/year, 10 sites $100/year, unlimited sites $150/year, Gold $297 lifetime. 費用:免費,專業版:2個站點$ 80 /年,10個站點$ 100 /年,無限制站點$ 150 /年,金牌終身$ 297。
- Previously called Better WP Security 以前稱為“更好的WP安全性”
- Active installs: 800,000+ 有效安裝:800,000+
- Rating: 4.7 out of 5 stars (3,812 reviews) 評分:4.7分,滿分5星(3,812條點評)
iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.
iThemes Security Pro消除了WordPress安全性的猜測。 您不必一定是安全專家才能使用安全插件,因此iThemes Security Pro可以輕松保護和保護WordPress網站。
The free version gives you some protection, but the Pro version includes these security features:
免費版本為您提供了一些保護,但是Pro版本包含以下安全功能:
Two-Factor Authentication. “Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.”
兩因素身份驗證。 “使用移動應用程序(例如Google Authenticator或Authy)來生成代碼或將生成的代碼通過電子郵件發送給您。”
WordPress Salts & Security Keys. “The iThemes Security plugin makes updating your WordPress keys and salts easy.”
WordPress鹽和安全密鑰。 “ iThemes安全性插件使更新WordPress密鑰和鹽變得容易。”
Malware Scan Scheduling. “Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.”
惡意軟件掃描計劃。 “每天自動為您的網站掃描惡意軟件。 如果發現問題,則會發送一封包含詳細信息的電子郵件。”
Password Security. “Generate strong passwords right from your profile screen.”
密碼安全性。 “直接在您的個人資料屏幕上生成強密碼。”
Password Expiration. “Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).”
密碼過期。 “設置密碼最長使用期限,并強制用戶選擇新密碼。 您還可以強制所有用戶立即選擇新密碼(如果需要)。”
Google reCAPTCHA. “Protect your site against spammers.”
Google reCAPTCHA。 “保護您的網站免受垃圾郵件發送者的侵害。”
User Action Logging. “Track when users edit content, login or logout.”
用戶操作日志記錄。 “跟蹤用戶何時編輯內容,登錄或注銷。”
Import/Export Settings. “Saves time setting up multiple WordPress sites.”
導入/導出設置。 “節省了設置多個WordPress網站的時間。”
Dashboard Widget. “Manage important tasks such as user banning and system scans right from the WordPress dashboard.”
儀表板小部件。 “直接從WordPress儀表板管理重要任務,例如用戶禁止和系統掃描。”
Online File Comparison. “When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.”
在線文件比較。 “檢測到文件更改后,它將掃描文件的來源,以確定更改是否是惡意的。 目前僅適用于WordPress核心,但插件和主題即將推出。”
Temporary Privilege Escalation. “Give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.”
臨時特權升級。 “授予承包商或其他人臨時管理員或編輯者對您的網站的訪問權限,該權限將自動重置。”
wp-cli Integration. “Manage your site’s security from the command line.”
wp-cli集成。 “從命令行管理站點的安全性。”
44. Sucuri安全 (44. Sucuri Security)
- Cost: Free, Basic $199/year, Pro $299/year, Business $499/year 費用:免費,基本版$ 199 /年,專業版$ 299 /年,企業版$ 499 /年
- Active installs: 300,000+ 有效安裝:300,000+
- Rating: 4.6 out of 5 stars (260 reviews) 評分:4.6 / 5星(260條點評)
We keep your website safe and hack-free! The Sucuri Platform is a suite of tools designed for complete website security. With no additional cost or hidden fees, the Sucuri Platform is affordable, easy to deploy, and supported by a team of professionals at your disposal.
我們確保您的網站安全無黑客! Sucuri平臺是一套旨在實現完整網站安全性的工具。 Sucuri平臺不收取任何額外費用或隱性費用,價格實惠,易于部署,并由您支配的專業團隊提供支持。
Sucuri forms part of the security solution of many quality hosting providers, including SiteGround. It’s a valuable tool for SiteGround to protect its clients’ sites from malware, because it scans every link that is accessible from the website homepage on a daily basis. It includes these security features:
Sucuri構成了許多優質托管服務提供商(包括SiteGround)安全解決方案的一部分。 這是SiteGround保護客戶網站免受惡意軟件侵害的寶貴工具,因為它每天都會掃描可從網站主頁訪問的每個鏈接。 它包括以下安全功能:
Clean and repair hacked websites. “Professional security incident response team available 24/7/365.”
清理和修復被黑的網站。 “專業安全事件響應團隊將于24/7/365提供服務。”
Attack and hack prevention. “A cloud-based WAF/IPS solution designed to stop hacks and attacks.”
攻擊和黑客防御。 “旨在阻止黑客和攻擊的基于云的WAF / IPS解決方案。”
Continuous monitoring. “Continuous monitoring and alerting of any security-related issues.”
持續監控。 “持續監視和警告任何與安全相關的問題。”
The free WordPress security plugin includes these features:
免費的WordPress安全插件包括以下功能:
- Security Activity Audit Logging 安全活動審核日志記錄
- File Integrity Monitoring 文件完整性監控
- Remote Malware Scanning 遠程惡意軟件掃描
- Blacklist Monitoring 黑名單監控
- Effective Security Hardening 有效的安全加固
- Post-Hack Security Actions 黑客入侵后的安全措施
- Security Notifications 安全通知
45. Jetpack ,現在包括VaultPress (45. Jetpack, which now includes VaultPress)
- Cost: Free, Personal ($39/year), Premium ($99/year), Professional ($299/year) 費用:免費,個人($ 39 /年),高級($ 99 /年),專業($ 299 /年)
- Active installs: 3+ million 有效安裝次數:3+百萬
- Rating: 4.1 out of 5 stars (1,330 reviews) 評分:4.1,滿分5星(1,330條點評)
Jetpack (by Automattic, who bring you WordPress) does more than just security. It basically brings the features of WordPress.com to the rest of us, which is appealing. For security and backup the paid plans includes VaultPress.
Jetpack(由Automattic帶來,它為您帶來了WordPress)所做的不僅僅是安全性。 它基本上將WordPress.com的功能帶給了我們其他人,這很有吸引力。 為了安全和備份,付費計劃包括VaultPress。
VaultPress is a real-time backup and security scanning service designed and built by Automattic, the same company that operates (and backs up!) millions of sites on WordPress.com.
VaultPress是由Automattic設計和構建的實時備份和安全掃描服務,該公司在WordPress.com上運營(并備份!)數百萬個網站。
VaultPress is now powered by Jetpack and effortlessly backs up every post, comment, media file, revision, and dashboard setting on your site to our servers. With VaultPress you’re protected against hackers, malware, accidental damage, and host outages.
VaultPress現在由Jetpack提供支持,可輕松將您網站上的所有帖子,評論,媒體文件,修訂和儀表板設置備份到我們的服務器。 使用VaultPress,您可以免受黑客,惡意軟件,意外損壞和主機中斷的影響。
VaultPress includes these security features:
VaultPress包括以下安全功能:
Backups. “Comprehensive daily or real-time automated backups stored in our offsite digital vault, optimized for WordPress and better than your host.”
備份。 “存儲在我們的異地數字保管庫中的全面的每日或實時自動備份,針對WordPress進行了優化,并且比您的主機更好。”
Restores. “Even during the most stressful moments we have your back. Restore your entire online presence quickly and easily without needing your host.”
恢復。 “即使在最緊張的時刻,我們也有支持。 無需主機即可快速輕松地恢復整個在線狀態。”
File scanning. “Automatically detect and eliminate viruses, malware, and other exploitable security problems that may be hiding in your website.”
文件掃描。 “自動檢測并消除可能隱藏在您網站中的病毒,惡意軟件和其他可利用的安全問題。”
Automated file repair. “Fix detected viruses, malware, and other dangerous threats with a single click.”
自動文件修復。 “單擊即可修復檢測到的病毒,惡意軟件和其他危險威脅。”
Spam defense. “Protect your SEO, readers, and brand reputation by automatically blocking all spammers.”
垃圾郵件防御。 “通過自動阻止所有垃圾郵件發送者來保護您的SEO,讀者和品牌聲譽。”
46. 防彈安全 (46. BulletProof Security)
- Cost: Free, Pro $59.95 (one time purchase) 費用:免費,專業版$ 59.95(一次性購買)
- Active installs: 100,000+ 有效安裝:100,000+
- Rating: 4.7 out of 5 stars (302 reviews) 評分:4.7分,滿分5星(302條評論)
BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 5+ years and is installed on over 30,000 websites worldwide. Not a single one of those 30,000+ websites in 5+ years have been hacked.
BulletProof Security Pro擁有出色的記錄。 BPS Pro已公開發布5年以上,并已在全球30,000多個網站上安裝。 在過去5年多的時間里,這30,000多個網站中沒有一個被黑客入侵。
100% hack free website guarantee. If your website is hacked after installing BPS Pro, we will clean up your hacked website for free. We can easily offer that awesome deal because your website will never be hacked if you have BPS Pro installed.
100%免費破解網站保證。 如果在安裝BPS Pro后您的網站被黑,我們將免費清理被黑的網站。 我們可以輕松地提供這項令人敬畏的交易,因為如果您安裝了BPS Pro,您的網站將永遠不會被黑客入侵。
The free version includes these security features:
免費版本包括以下安全功能:
- One-Click setup wizard 一鍵式安裝向導
- .htaccess website security protection (firewalls) .htaccess網站安全保護(防火墻)
- Hidden plugin folders / files cron (HPF) 隱藏的插件文件夾/文件cron(HPF)
- Login security & monitoring 登錄安全和監控
- Idle session logout (ISL) 空閑會話注銷(ISL)
- Auth cookie expiration (ACE) 身份驗證Cookie到期時間(ACE)
- DB backup: full/Partial, manual/scheduled, email/zip, cron delete old backups, logging 數據庫備份:完整/部分,手動/預定,電子郵件/ zip,cron刪除舊備份,日志記錄
- DB table prefix changer 數據庫表前綴更改器
- Security logging 安全記錄
- HTTP error logging HTTP錯誤記錄
The Pro version adds these features:
專業版增加了以下功能:
- AutoRestore Intrusion Detection & Prevention System (ARQ IDPS) 自動還原入侵檢測和防御系統(ARQ IDPS)
- Quarantine Intrusion Detection & Prevention System (ARQ IDPS) 隔離入侵檢測和防御系統(ARQ IDPS)
- Real-time file monitor (IDPS) 實時文件監控器(IDPS)
- DB Monitor Intrusion Detection System (IDS) DB Monitor入侵檢測系統(IDS)
- DB diff tool: data comparison tool DB diff工具:數據比較工具
- DB status & info 數據庫狀態和信息
- Plugin firewall (IP Firewall): automated whitelisting & IP address updating in real time 插件防火墻(IP防火墻):實時自動白名單和IP地址更新
- JTC anti-spam/anti-hacker JTC反垃圾郵件/反黑客
- Uploads folder anti-exploit guard (UAEG) 上傳文件夾反漏洞防護(UAEG)
- Custom php.ini website security 自定義php.ini網站安全
- F-Lock: read only file locking F-Lock:只讀文件鎖定
- Additional logging options 其他記錄選項
- S-Monitor: monitoring & alerting core S-Monitor:監視和警報核心
- Pro Tools: 16 mini-plugins Pro Tools:16個迷你插件
47. SecuPress (47. SecuPress)
- Cost: Free, 1 site $57.60/year, 3 sites $144/year, 10 sites $288/year, unlimited sites $479/year 費用:免費,1個站點$ 57.60 /年,3個站點$ 144 /年,10個站點$ 288 /年,無限制站點$ 479 /年
- Active installs: 5,000+ 有效安裝:5,000+
- Rating: 4.8 out of 5 stars (19 reviews) 評分:4.8 / 5星(19條評論)
Protect your WordPress with malware scans, block bots & suspicious IPs. Get a complete WordPress security toolkit for free or as a pro plugin.
通過惡意軟件掃描,阻止漫游器和可疑IP保護您的WordPress。 免費或作為專業插件獲得完整的WordPress安全工具包。
If you are proactive, our free WordPress security plugin is a great choice! No time to activate weekly scans? Then SecuPress pro is the way to go. Our plugin takes care of everything with automated tasks.
如果您積極主動,我們的免費WordPress安全插件是一個不錯的選擇! 沒有時間激活每周掃描? 然后,SecuPress pro是必經之路。 我們的插件可以自動完成所有任務。
SecuPress includes these features:
SecuPress包括以下功能:
- Anti brute force login 反暴力登錄
- Blocked IPs 封鎖的IP
- Firewall 防火墻功能
- Security alerts 安全警報
- Malware scan (Pro) 惡意軟件掃描(專業版)
- Block country by geolocation 按地理位置封鎖國家
- Protection of security keys 保護安全鑰匙
- Block visits from bad bots 阻止惡意機器人的訪問
- Vulnerable plugins & themes detection (Pro) 漏洞插件和主題檢測(Pro)
- Security reports in PDF format (Pro) PDF格式的安全報告(Pro)
48. 安全忍者 (48. Security Ninja)
- Cost: Single site $29 (1 year updates/support), multi site $79 (1 year updates/support), forever unlimited $199 費用:單站點29美元(1年更新/支持),多站點79美元(1年更新/支持),永久無限199美元
- Active installs: 6,000+ 有效安裝:6,000+
- Rating: 5 out of 5 stars (6 reviews) 評分:5,滿分5星(6條評論)
Security Ninja helps thousands to stay safe and prevent downtime due to security issues. 50+ tests will provide a comprehensive overview of your site’s security.
安全忍者可幫助數千人保持安全并防止由于安全問題而導致的停機。 50多個測試將全面概述您的站點的安全性。
The free version lets you achieve the following:
免費版本使您可以實現以下目標:
- Perform 50+ security tests including brute-force attacks. 執行50多種安全測試,包括蠻力攻擊。
- Check your site for security vulnerabilities and holes. 檢查您的站點是否存在安全漏洞和漏洞。
- Take preventive measures against attacks. 采取預防措施以防攻擊。
- Prevent 0-day exploit attacks. 防止零日漏洞攻擊。
- Use included code snippets for quick fixes. 使用隨附的代碼段進行快速修復。
- Brute-force attack on user accounts to test password strength. 對用戶帳戶的蠻力攻擊以測試密碼強度。
- Numerous installation parameters tests. 大量的安裝參數測試。
- File permissions. 文件權限。
- Version hiding. 版本隱藏。
- 0-day exploits tests. 0天漏洞利用測試。
- Debug and auto-update modes tests. 調試和自動更新模式測試。
- Database configuration tests. 數據庫配置測試。
- Apache and PHP related tests Apache和PHP相關測試
- WP options tests. WP選項測試。
You can even more protection using these Pro modules:
您可以使用以下Pro模塊提供更多保護:
Core scanner. “Easily monitor the state of your WP core files. Have a clear view of files that are modified but shouldn’t be and restore them with a single click.”
核心掃描儀。 “輕松監視WP核心文件的狀態。 清晰查看已修改但不應該修改的文件,只需單擊一下即可恢復它們。”
Malware scanner. “Powerful heuristic malware scanning algorithm will check all your themes, plugins, uploaded files and options table for suspicious content.”
惡意軟件掃描程序。 “強大的啟發式惡意軟件掃描算法將檢查您的所有主題,插件,上載的文件和選項表中的可疑內容。”
Auto fixer. “If you don’t like creating backups, editing files, messing with code and getting your hands dirty – Security Ninja PRO will do everything for you. Fix security issues with one click.”
自動修復。 “如果您不喜歡創建備份,編輯文件,弄亂代碼并弄臟手– Security Ninja PRO將為您做所有事情。 一鍵解決安全問題。”
Events logger. “Monitor, track and log more than 50 events on the site in great detail. From user actions, to post edits and widget changes – Events Logger sees everything.”
事件記錄器。 “非常詳細地監視,跟蹤和記錄網站上的50多個事件。 從用戶操作,到發布編輯和小部件更改-事件記錄器都能看到一切。”
Scheduled scanner. “Have Security Ninja do automatic, periodic scans of your sites, including scans of core files. If there are any changes you’ll be notified via email.”
預定的掃描儀。 “讓安全忍者對您的網站進行自動的定期掃描,包括對核心文件的掃描。 如果有任何更改,您將通過電子郵件收到通知。”
翻譯自: https://www.sitepoint.com/ways-to-keep-your-wordpress-site-secure/
wordpress安全
總結
以上是生活随笔為你收集整理的wordpress安全_保持WordPress网站安全的48种方法的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 安卓人脸识别笔记
- 下一篇: GUET网络渗透测试实验报告1