wordpress安全
This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.
本文是与SiteGround合作创建的系列文章的一部分。 感谢您支持使SitePoint成为可能的合作伙伴。
Hackers. Vulnerabilities. Brute-force. Malware. Denial of service. Man-in-the-middle. Phishing. All scary words. We live in a dangerous online world!
骇客。 漏洞。 蛮力。 恶意软件。 拒绝服务。 中间人。 网络钓鱼。 所有可怕的话。 我们生活在一个危险的在线世界中!
Has your site been hacked? I have, and we’re not alone. In 2012 more than 70% of WordPress sites were vulnerable to attack, and not much has changed since. What have you done to protect ensure you have a secure WordPress site?
您的网站被黑客入侵了吗? 我有,我们并不孤单。 2012年,超过70%的WordPress网站容易受到攻击,此后变化不大。 为了保护您的WordPress网站安全,您做了什么保护?
In this article we’ve pulled together security tips from previous SitePoint articles, our own experience, and from around the web, and organized them in a way I hope you find useful and understandable. And most importantly, easy to act on.
在本文中,我们从以前的SitePoint文章,我们自己的经验以及网络中收集了安全提示,并以一种希望您觉得有用和易于理解的方式对它们进行了整理。 最重要的是,易于操作。
All-in-one WordPress security plugins are useful (and we’ll be covering them in our next article), but security requires more than just installing a plugin and walking away. It requires a careful strategy and constant vigilance. Be proactive, not reactive. In other words, don’t assume your site is safe—work out a security plan before you are hacked!
多合一WordPress安全插件很有用(我们将在下一篇文章中介绍它们),但是安全性不仅仅需要安装插件并退出。 这需要谨慎的策略和持续的警惕。 要积极主动,不要被动。 换句话说,不要以为您的网站是安全的- 在被黑之前制定一份安全计划!
That being said, there is no such thing as 100% security. What you can achieve is risk reduction, and find the balance (for you) between security and convenience.
话虽如此,不存在100%安全的问题。 您可以实现的是降低风险,并在安全性和便利性之间找到平衡点(对您而言)。
Security is not about perfectly secure systems. Such a thing might well be impractical, or impossible to find and/or maintain. What security is though is risk reduction, not risk elimination. It’s about employing all the appropriate controls available to you, within reason, that allow you to improve your overall posture reducing the odds of making yourself a target, subsequently getting hacked.” — codex.wordpress.org
安全不是关于完全安全的系统。 这样的事情很可能是不切实际的,或者不可能找到和/或维护。 安全性是降低风险,而不是消除风险。 它是在合理范围内使用所有可用的适当控件,使您能够改善整体姿势,减少使自己成为目标并随后被黑客攻击的几率。” — codex.wordpress.org
Where should you focus your attention? In an article last year, WP White Security reported the following statistics about hacked websites:
您应该把注意力集中在哪里? 去年, WP White Security在一篇文章中报告了有关被黑网站的以下统计信息:
- 41% were hacked through a security vulnerability on their hosting platform 41%的用户通过其托管平台上的安全漏洞被黑客入侵
- 29% were hacked via a security issue in the WordPress Theme they were using 29%的人通过使用的WordPress主题中的安全问题被黑客入侵
- 22% were hacked via a security issue in the WordPress Plugins they were using 他们所使用的WordPress插件中有22%通过安全问题被黑客入侵
- 8% were hacked because they had a weak password 8%被黑客入侵,因为他们的密码太弱
That’s where the holes are in your defence. Keep that in mind while you’re creating your security strategy.
那就是防守中的漏洞所在。 在创建安全策略时,请记住这一点。
OK. With all that in mind, here are 40 ways you can keep your WordPress site secure. Choose the ones that make sense for you and your site.
好。 考虑到所有这些,这里有40种方法可以确保WordPress网站的安全。 选择对您和您的网站有意义的内容。
安全WordPress (Secure WordPress)
1.保持WordPress最新 (1. Keep WordPress Up to Date)
The latest of WordPress is most likely more secure than the last one, and has less vulnerabilities. So keep it up to date—it’s a one-click operation. Make sure you back up your site first!
最新的WordPress最有可能比最后一个更安全,并且漏洞更少。 因此,请保持最新状态-这是一键式操作。 确保您首先备份您的网站!
WordPress updates rarely cause problems, but if you like to be careful, update it on a test server first. Or, if you’d just like WordPress to auto-update itself, apply the following code to your wp-config.php file:
WordPress更新很少会引起问题,但是如果您要小心,请首先在测试服务器上对其进行更新。 或者,如果您只是希望WordPress自动更新自身,请将以下代码应用于wp-config.php文件:
#Enable all core updates, including minor and major:
define ( 'WP_AUTO_UPDATE_CORE', true );If you don’t want to manually update your WordPress, consider a hosting provider like our partner SiteGround, which has a special auto-update tool available on all plans.
如果您不想手动更新WordPress,请考虑使用托管服务提供商,例如我们的合作伙伴SiteGround ,该提供商在所有计划中都有一个特殊的自动更新工具。
2.定期备份您的网站 (2. Back Up Your Site Regularly)
Make sure you make regular backups of your WordPress site. A backup of WordPress data and files can play a crucial role in an emergency. If all else fails, you won’t have to start from scratch!
确保定期对WordPress网站进行备份。 WordPress数据和文件的备份在紧急情况下可以发挥关键作用。 如果所有其他方法都失败了,则您无需从头开始!
Schedule your backups so you won’t forget them, and do a test restore from time to time.
安排您的备份,使您不会忘记它们,并不时进行测试还原。
Further reading:
进一步阅读:
3.为SSL数据安全启用SSL (3. Enable SSL for WordPress Data Security)
Enable SSL to secure your WordPress site. A Secure Sockets Layer encrypts all information sent to and from your site, keeping it private and preventing man-in-the-middle attacks where a third party listens in or modifies the communication between the client and the server. As a bonus it can also boost your Google PageRank.
启用SSL以保护您的WordPress网站。 安全套接字层对发送到您的站点和从您的站点发送的所有信息进行加密,将其保密,并防止第三方侦听或修改客户端与服务器之间的通信的中间人攻击。 作为奖励,它还可以提高您的Google PageRank。
The address of an SSL-certified site will start with an HTTPS, while a site that’s not SSL certified will begin with HTTP. It’s best to activate HTTPS before installing WordPress, but it’s possible to update your WordPress settings if you add it later. Hosting providers like SiteGround offer free SSL certificates.
SSL认证的站点的地址将以HTTPS开头,而未经SSL认证的站点的地址将以HTTP开头。 最好在安装WordPress之前激活HTTPS,但是如果以后添加它,可以更新WordPress设置。 像SiteGround这样的托管提供商都提供免费的SSL证书。
Further reading:
进一步阅读:
4.安全的wp-config.php (4. Secure wp-config.php)
Lock down wp-config.php—it’s one single location that contains a wealth of critical data regarding your database, username, and password. Only you should have access.
锁定wp-config.php是一个单一位置,其中包含有关数据库,用户名和密码的大量关键数据。 只有您应该有权访问。
To deny access to this file, you should add the code below at the top of the .htaccess file:
要拒绝对此文件的访问,您应该在.htaccess文件顶部添加以下代码:
<files wp-config.php>
order allow,deny
deny from all
</files>5.移动wp-config.php (5. Move wp-config.php)
Move the wp-config.php file into the folder above your WordPress installation. This will make it inaccessible to anyone using a browser, meaning a cracker has less chance of locating it.
将wp-config.php文件移动到WordPress安装上方的文件夹中。 这将使使用浏览器的任何人都无法访问它,这意味着破解者找到它的机会较小。
Further reading:
进一步阅读:
6.隐藏WordPress版本号 (6. Hide the WordPress Version Number)
Some versions of WordPress have known vulnerabilities. Someone familiar with those vulnerabilities can discover which version you’re using because it’s shown in the HTML head of every page.
某些版本的WordPress已知漏洞。 熟悉这些漏洞的人可以发现您使用的版本,因为它显示在每个页面HTML头中。
Remove that information by adding the following line to your theme’s functions.php file:
通过将以下行添加到主题的functions.php文件中,删除该信息:
remove_action('wp_head', 'wp_generator');You should also remove the readme.html file, which also contains the WordPress version number.
您还应该删除readme.html文件,该文件还包含WordPress版本号。
7.从主题中删除WordPress参考 (7. Remove WordPress References from Your Theme)
Someone will only try to hack WordPress if they know you’re using it. So keep it a secret! Remove all references to WordPress from your theme files.
只有知道自己正在使用WordPress的人才能尝试破解。 所以要保守秘密! 从主题文件中删除所有对WordPress的引用。
Find and delete the references from the header.php that look like this:
从header.php查找并删除引用,如下所示:
<meta name="generator" content="WordPress" />8.禁用PHP错误报告 (8. Disable PHP Error Reporting)
Hackers can use error messages to their advantage. For example, an error from a theme or plugin might display your server path.
黑客可以利用错误消息来发挥自己的优势。 例如,主题或插件出现错误可能会显示您的服务器路径。
To disable error reporting, add the following code to your wp-config.php file:
要禁用错误报告,请将以下代码添加到wp-config.php文件中:
error_reporting (0);
@ini_set ('display_errors', 0);9.更改默认密钥 (9. Change the Default Secret Keys)
When you install WordPress, four secret keys are written to your wp-config.php file. They improve encryption of information stored in the user’s cookies and make it harder to crack your password.
当您安装WordPress时,会将四个秘密密钥写入wp-config.php文件。 它们改善了存储在用户Cookie中的信息的加密,并使得破解密码更加困难。
Use WordPress’ Secret Code Generator to get some new keys, and copy them into your wp-config.php file.
使用WordPress的密码生成器获取一些新密钥,并将其复制到wp-config.php文件中。
保护您的主题和插件 (Secure Your Themes and Plugins)
51% of hacked sites are because of security issues with themes and plugins. Give special consideration to this section!
51%的被黑网站是由于主题和插件的安全性问题。 请特别注意此部分!
10.保持主题和插件最新 (10. Keep Your Themes and Plugins Up to Date)
Don’t just update WordPress, make sure your themes and plugins are also up to date. Each one is a potential back door to your site, and each new version is likely to have less vulnerabilities.
不要只是更新WordPress,请确保您的主题和插件也是最新的。 每个版本都是您网站的潜在后门,每个新版本的漏洞都可能较少。
11.选择活动维护且定期更新的主题和插件 (11. Choose Themes and Plugins that are Actively Maintained and Regularly Updated)
If there are security vulnerabilities found in a theme or plugin, you’d like it addressed as quickly as possible. That won’t happen with a theme or plugin that’s no longer maintained. Whenever possible, make sure the themes and plugins you use are actively maintained.
如果在主题或插件中发现安全漏洞,则希望尽快解决。 如果主题或插件不再维护,则不会发生这种情况。 尽可能确保您使用的主题和插件得到积极维护。
Further reading:
进一步阅读:
12.删除您不使用的主题和插件 (12. Delete Themes and Plugins You Don’t Use)
If every theme and plugin is a potential back door, reduce the risk as much as possible. If you’re not using it, remove it. Deactivating plugins isn’t enough—click “Delete”!
如果每个主题和插件都是潜在的后门,请尽可能降低风险。 如果您不使用它,请将其删除。 仅激活插件是不够的,请单击“删除”!
13.限制对插件目录的访问 (13. Restrict Access to Your Plugins Directory)
Restrict access to your WordPress plugins directory: www.your-domain.com/wp-content/plugins/. Otherwise, someone browsing the folder can see which plugins you’re using, explore them for potential vulnerabilities.
限制访问WordPress插件目录: www.your-domain.com/wp-content/plugins/ 。 否则,浏览该文件夹的人可以查看您正在使用的插件,并对其进行潜在漏洞的探索。
Deny access by uploading a blank index.html file to the directory. Alternatively add the following line at the start in your .htaccess file in the root folder:
通过将空白的index.html文件上传到目录来拒绝访问。 或者,在根文件夹的.htaccess文件的开头添加以下行:
Options –Indexes14.消除插件和主题编辑器 (14. Eliminate the Plugin and Theme Editor)
There’s a built-in plugin and theme editor on the WordPress dashboard. This editor can be used to bring down your entire site if one of your user accounts is hacked.
WordPress仪表板上有一个内置的插件和主题编辑器。 如果您的一个用户帐户被黑客入侵,则可以使用该编辑器关闭整个站点。
If you don’t regularly use the editor, it’s best to disable it. Insert the following into your wp-config.php file:
如果您不定期使用编辑器,则最好将其禁用。 将以下内容插入您的wp-config.php文件:
// Disallow file edit
define( 'DISALLOW_FILE_EDIT', true );保护您的登录 (Secure Your Logins)
8% of hacked sites are caused by weak passwords. Here are some techniques to improve the security of your login procedures.
8%的被黑网站是由密码弱造成的。 以下是一些提高登录过程安全性的技术。
15.更改管理员用户名 (15. Change the Admin Username)
Avoid using the default admin username, or obvious names like ‘administrator’, the name of your site, or your own name. They’re too easy to guess, and a hacked admin account is more dangerous than an author account.
避免使用默认的管理员用户名或明显的名称(例如“ administrator”),您的站点名称或您自己的名称。 他们太容易猜到了,被黑的管理员帐户比作者帐户更危险。
Choose an appropriate admin username when you’re setting WordPress. If your site is already using “admin”, then create a new admin user, then delete the old one, or alternatively use a plugin like Username Changer.
设置WordPress时,请选择适当的管理员用户名。 如果您的站点已经在使用“ admin”,则创建一个新的admin用户,然后删除旧的admin用户,或者使用类似于Username Changer的插件。
16.使用安全密码 (16. Use a Secure Password)
Choose a complex password comprised of letters, numbers and characters. Here are some hints:
选择一个由字母,数字和字符组成的复杂密码。 这里有一些提示:
- Don’t choose a password that’s similar to your username. 不要选择与您的用户名相似的密码。
- Don’t choose a password that’s similar to your website name. 不要选择与您的网站名称相似的密码。
- Don’t choose a password that’s a common word with a few simple changes. 不要选择经过一些简单更改的通用密码。
- Avoid dictionary words. 避免字典单词。
- Consider using a random string of characters. 考虑使用随机字符串。
- Consider using a good password management tool to securely generate, store a complex password. 考虑使用良好的密码管理工具来安全地生成,存储复杂的密码。
Here are some tools that can generate a secure password for you:
以下是一些可以为您生成安全密码的工具:
Finally, make sure you don’t use the same password as you use elsewhere. All passwords should be unique.
最后,请确保您使用的密码与其他地方使用的密码不同。 所有密码应唯一。
17.强制所有用户使用强密码 (17. Force All Users to Have Strong Passwords)
It’s no good if you use a strong password, but the rest of the team aren’t so diligent. You don’t want any weak links in the chain.
如果您使用强密码,那就不好了,但是团队的其他成员却没有那么勤奋。 您不希望链中有任何薄弱环节。
You can ensure everyone uses a strong password by using a plugin like Force Strong Passwords.
通过使用诸如Force Strong Passwords之类的插件,可以确保每个人都使用强密码 。
18.定期更改密码 (18. Change Your Password Regularly)
The longer you use the same password, the more time you give hackers to crack it. Shorten the window of opportunity!
您使用相同密码的时间越长,黑客就可以花更多的时间来破解它。 缩短机会之窗!
Change your password at least a few times a year. And encourage your other users to do the same.
每年至少更改几次密码。 并鼓励您的其他用户也这样做。
19.使用两要素验证(2FA) (19. Use 2-Factor Authentication (2FA))
Two-factor authentication (2FA) increases security when logging in by requiring a unique code in addition to a username and password. The code is generated for one-time-use by an app, or and sent to a device/smartphone via SMS.
两因素身份验证(2FA)通过在用户名和密码之外还要求唯一的代码来提高登录时的安全性。 该代码由应用程序一次性生成,或通过SMS发送到设备/智能手机。
Further reading:
进一步阅读:
20.限制登录尝试 (20. Limit Login Attempts)
Give hackers less opportunity to guess your password, and protect your site from brute-force attacks, by limiting the number of login attempts that are possible. This will automatically block the login screen after a configurable number of tries, and informs the administrator by email.
通过限制可能的登录尝试次数,使黑客更少机会猜测密码,并保护您的网站免受暴力攻击。 尝试次数可配置后,这将自动阻止登录屏幕,并通过电子邮件通知管理员。
You can limit login attempts by using one of these plugins:
您可以使用以下插件之一来限制登录尝试:
21.在您的登录屏幕上使用CAPTCHA或reCAPTCHA (21. Use CAPTCHA or reCAPTCHA on Your Login Screen)
In addition to a username and password, use CAPTCHA or reCAPTCHA on your login screen. The user is asked to input what they see in an image as text, which is a useful way to stop botnets from attempting to log in by brute force.
除了用户名和密码,在登录屏幕上使用CAPTCHA或reCAPTCHA。 要求用户输入他们在图像中看到的内容作为文本,这是阻止僵尸网络尝试通过暴力登录的一种有用方法。
Further reading:
进一步阅读:
22.将安全性问题添加到您的登录屏幕 (22. Add A Security Question to Your Login Screen)
Adding a security question to your WordPress login screen makes it harder for someone to gain unauthorized access. You can do this by installing the WP Security Questions plugin.
在您的WordPress登录屏幕上添加安全问题,使他人更难获得未经授权的访问。 您可以通过安装WP安全问题插件来做到这一点。
23.自动注销空闲用户 (23. Automatically Log Out Idle Users)
Users can sometimes wander away from the screen when they are logged in, posing a security risk—someone can hijacking their session, changing passwords, or making changes to their account.
用户有时在登录时可能会从屏幕上走开,从而带来安全风险-有人可以劫持其会话,更改密码或更改其帐户。
You can automatically log inactive users out with the Idle User Logout plugin.
您可以使用空闲用户注销插件自动注销不活动的用户。
24.分配用户尽可能低的角色 (24. Assign Users the Lowest Role Possible)
Users are the weakest point of any system. That weak point is most dangerous when they have administrator privileges.
用户是任何系统的最薄弱环节。 当他们拥有管理员特权时,这一弱点是最危险的。
Few actually need administrative access. WordPress offers a range of alternate roles to choose from:
实际上很少需要管理权限。 WordPress提供了一系列替代角色供您选择:
- Editor: someone who can publish and manage their own and other people’s posts 编辑:可以发布和管理自己和其他人的帖子的人
- Author: someone who can publish and manage their own posts 作者:可以发布和管理自己的帖子的人
- Contributor: someone who can write and manage their own posts but cannot publish them. 投稿人:可以撰写和管理自己的帖子但不能发布的人。
25.对登录使用强制SSL (25. Use Forced SSL for Logins)
Forced SSL is a relatively simple change which can make a huge difference. Even if you don’t encrypt your entire website, ensure your users have a secure login pages. You’ll need an up-to-date SSL certificate to ensure this.
强制SSL是一个相对简单的更改,可以带来很大的不同。 即使您不加密整个网站,也请确保您的用户具有安全的登录页面。 您需要一个最新的SSL证书来确保这一点。
26.从您的登录页面中删除错误消息 (26. Remove Error Messages from Your Login Page)
With every failed login attempt, error messages on your login page can give hackers clues. Remove them by adding the following line of code in your theme functions.php file:
每次尝试登录失败时,登录页面上的错误消息都可以为黑客提供线索。 通过在主题functions.php文件中添加以下代码行来删除它们:
add_filter('login_errors',create_function('$a', "return null;"));27.更改您的WordPress登录URL (27. Change Your WordPress Login URL)
Knowing that the WordPress admin URL is wp-admin, any hacker can easily get started with brute force attacking. Reduce the risk of getting attacked by changing that URL so hackers won’t be able to find it.
知道WordPress管理员URL是wp-admin ,任何黑客都可以轻松地开始进行蛮力攻击。 通过更改该URL来降低遭受攻击的风险,使黑客无法找到它。
WPS Hide Login is the simplest plugin for achieving that.
WPS隐藏登录是实现此目的的最简单插件。
28.隐藏作者用户名 (28. Hide Author Usernames)
To log in to WordPress you need a username and a password. By default, WordPress makes it easy to discover your authors’ usernames. According to DreamHost, it’s a good idea to hide the author’s username to ensure you aren’t making the hacker’s job easier.
要登录WordPress,您需要用户名和密码。 默认情况下,WordPress可以轻松发现作者的用户名。 根据DreamHost的说法,最好隐藏作者的用户名,以确保您不会使黑客的工作更加轻松。
To do that, copy and paste the following into your functions.php file:
为此,将以下内容复制并粘贴到functions.php文件中:
add_action(‘template_redirect’, ‘bwp_template_redirect’);
function bwp_template_redirect()
{
if (is_author())
{
wp_redirect( home_url() ); exit;
}
}29.密码保护wp-login.php (29. Password Protect wp-login.php)
This one’s for advanced users. You can provide another layer of security by requiring a server-side login before the WordPress login screen is displayed.
这是给高级用户的。 通过在显示WordPress登录屏幕之前要求服务器端登录,可以提供另一层安全性。
Learn more here:
在此处了解更多信息:
30.保护wp-admin目录 (30. Protect the wp-admin Directory)
If only you (or your authors, but not members or readers) need to log in, then restrict access to your /wp-admin/ folder or wp-login.php file.
如果仅您(或您的作者,而不是成员或读者)需要登录,则限制对/wp-admin/文件夹或wp-login.php文件的访问。
If you only log in from your home computer, restrict the log in screen to only that computer. Grab your home IP address (using whatismyip.com or similar) and add these lines to the .htaccess file in your WordPress admin folder (replacing xx.xxx.xxx.xxx with your IP address):
如果仅从家用计算机登录,则将登录屏幕限制为仅该计算机。 获取您的家庭IP地址(使用whatismyip.com或类似文件),并将这些行添加到WordPress admin文件夹中的.htaccess文件中(用您的IP地址替换xx.xxx.xxx.xxx):
<Files wp-login.php>
order deny,allow
Deny from all
Allow from xx.xxx.xxx.xxx
</Files>To allow access to multiple computers (office/home/laptop or user1/user2/user3), add another Allow from xx.xxx.xxx.xxx statement on a new line.
要允许访问多台计算机(办公室/家庭/笔记本电脑或user1 / user2 / user3),请在新行上添加另一个允许来自xx.xxx.xxx.xxx的语句。
31.禁用XML-RPC (31. Disable XML-RPC)
XML-RPC allows users to connect to WordPress remotely via blogging clients, and is used for trackbacks and pingbacks. It has been enabled by default since WordPress 3.5.
XML-RPC允许用户通过博客客户端远程连接到WordPress,并用于引用和pingback。 自WordPress 3.5起,默认情况下已启用它。
Unfortunately, hackers can use it for DDoS attacks, so if you don’t use those features, consider disabling XML-RPC.
不幸的是,黑客可以将其用于DDoS攻击,因此,如果您不使用这些功能,请考虑禁用XML-RPC。
This can be done with one of the following plugins:
可以使用以下插件之一完成此操作:
保护您的WordPress数据库和文件 (Secure Your WordPress Database & Files)
32.使用强MySQL数据库名称 (32. Use Strong MySQL Database Names)
Avoid naming your database “wordpress” with a user ID of “user” and a password of “password.” You only set the database up once, so make them as complex as you like. If you forget them, you can check the details in wp-config.php.
避免使用用户标识“ user”和密码“ password”来命名数据库“ wordpress”。 您只需设置一次数据库,即可使它们尽可能复杂。 如果您忘记了它们,可以在wp-config.php查看详细信息。
33.为数据库设置强密码 (33. Set Strong Passwords for Your Database)
Use a strong password for WordPress to access the database. See our password hints in #16 above.
为WordPress使用强密码来访问数据库。 请参阅上面#16中的密码提示。
34.更改WordPress数据库表前缀 (34. Change the WordPress Database Table Prefix)
When you install WordPress, tables use table prefixes like Wp_ by default. Knowing this, hackers with automated tools can work out your database structure. Change the prefix so that it becomes more difficult to run SQL injection queries and other attacks.
当您安装WordPress时,表默认使用表前缀,如Wp_ 。 知道了这一点,使用自动化工具的黑客可以确定您的数据库结构。 更改前缀,使运行SQL注入查询和其他攻击变得更加困难。
35.使用SFTP连接到服务器 (35. Use SFTP to Connect to Your Server)
Use an SFTP (Secure FTP) connection when connecting to your server. This ensure the communication between your machine and the server is protected. Most hosts , like SiteGround, offer SFTP.
连接到服务器时,请使用SFTP(安全FTP)连接。 这样可以确保您的机器与服务器之间的通信受到保护。 大多数主机(例如SiteGround)都提供SFTP。
Further reading:
进一步阅读:
36.限制文件权限 (36. Restrict File Permissions)
Protect the security of your site by setting your file permissions to the bare minimum:
将文件权限设置为最低限度,以保护网站的安全:
- Set the CHMOD value to 755 for folders. Only the owner will have write permissions, and others will have read and execute permissions. 将文件夹的CHMOD值设置为755。 仅所有者拥有写权限,其他所有者具有读和执行权限。
- Set the CHMOD value to 644 for files. Owners have the read and write permissions, and others can only read the files. 将文件的CHMOD值设置为644。 所有者具有读写权限,其他人只能读取文件。
37.监控恶意软件 (37. Monitor for Malware)
If a breach does happen, you don’t want to be serving malware to your visitors unaware. You need a solution in place that will scan regularly for infected files.
如果确实发生违规行为,则您不想在没有意识到的情况下向访问者提供恶意软件。 您需要一个可以定期扫描受感染文件的解决方案。
There are several server-side scanning solutions, including Sucuri. Some hosting providers, like SiteGround, have it set up out of the box.
有几种服务器端扫描解决方案,包括Sucuri 。 一些托管服务提供商(例如SiteGround )已将其设置为开箱即用。
选择一个安全的托管服务提供商 (Choose a Secure Hosting Provider)
41% of hacked sites are because of security vulnerabilities on the hosting platform. So take special care when choosing or changing yuour hosting provider.
被黑客入侵的网站中有41%是由于托管平台上的安全漏洞所致。 因此,在选择或更改您的托管服务提供商时要格外小心。
38.选择您可以负担的最佳托管计划 (38. Choose the Best Hosting Plan You Can Afford)
Your WordPress site is only as secure as your hosting account. If it’s running an old, vulnerable version of PHP, it won’t matter what you do to secure WordPress.
您的WordPress网站仅与托管帐户一样安全。 如果运行的是旧的易受攻击PHP版本,那么保护WordPress的安全无所谓。
It’s essential that you choose a hosting provider that prioritises security. Some of the features that you should look for are:
选择优先考虑安全性的托管服务提供商至关重要。 您应该寻找的一些功能是:
- Support for the latest PHP and MySQL versions 支持最新PHP和MySQL版本
- Account isolation 帐户隔离
- Web Application Firewall Web应用防火墙
- Intrusion detecting system 入侵检测系统
- Proactive updates and patches 主动更新和补丁
- Fast server monitoring 快速服务器监控
- Daily backups 每日备份
SiteGround, our preferred hosting provider, provides all of that and more.
我们首选的托管服务提供商 SiteGround 提供了所有这些以及更多功能。
Further Reading:
进一步阅读:
39.利用您的托管服务提供商的安全解决方案 (39. Take Advantage of Your Hosting Provider’s Security Solutions)
Several companies now offer secure, managed WordPress hosting with excellent security solutions, such as WP Engine, SiteGround and Media Temple. They spend time, effort and expertise configuring their tools for maximum effectiveness.
现在,多家公司提供了具有出色安全解决方案的安全,托管WordPress托管,例如WP Engine,SiteGround和Media Temple。 他们花费时间,精力和专业知识来配置其工具,以实现最大的效率。
For example, WP Engine will automatically update WordPress and key plugins, and disable plugins known to cause performance and security issues. They provide hardware based firewalls and configuration to ensure that Distributed Denial of Service (DDoS) attacks don’t bring your site down.
例如,WP Engine将自动更新WordPress和密钥插件,并禁用已知会导致性能和安全问题的插件。 它们提供基于硬件的防火墙和配置,以确保分布式拒绝服务(DDoS)攻击不会使您的站点瘫痪。
SiteGround provides automatic updates for the WordPress core and plugins, an efficient ch-root account isolation for all accounts on shared servers, and sophisticated systems that block malicious bots and attackers.
SiteGround为WordPress核心和插件提供自动更新,为共享服务器上的所有帐户提供有效的ch-root帐户隔离,以及阻止恶意bot和攻击者的复杂系统。
安全插件 (Security Plugins)
40.安装良好的安全性插件 (40. Install good security plugins)
We’ve focused on highly-rated plugins that cover a range of security features, rather than one-trick-wonders. If your hosting provider doesn’t already have a comprehensive security solution, installing one of these would be a great first step in your security strategy.
我们专注于涵盖一系列安全功能而不是一招多得的高评价插件。 如果您的托管服务提供商还没有全面的安全解决方案,那么安装其中一个将是您安全策略的重要第一步。
Have we missed your favorite security plugin? Let us know in the comments.
我们错过了您最喜欢的安全插件吗? 让我们在评论中知道。
41. WordFence (41. WordFence)
- Cost: Free, Premium from $99/year 费用:免费,高级版每年99美元起
- Active installs: 2+ million 有效安装次数:2+百万
- Rating: 4.8 out of 5 stars (3,048 reviews) 评分:4.8 / 5星(3,048条点评)
Wordfence Security is 100% free and open source. We also offer a Premium API key that gives you Premium Support, Country Blocking, Scheduled Scans, Password Auditing, real-time updates to the Threat Defense Feed, two-factor authentication, and we even check if your website IP address is being used to Spamvertize.
Wordfence Security是100%免费和开源的。 我们还提供了高级API密钥,可为您提供高级支持,国家/地区阻止,计划扫描,密码审核,威胁防御源的实时更新,两因素身份验证,甚至检查您的网站IP地址是否用于垃圾广告。
WordFence includes these security features:
WordFence包括以下安全功能:
Firewall. WAF with automatically updated firewall rules that block common WordPress security threats.
防火墙。 WAF具有自动更新的防火墙规则,可以阻止常见的WordPress安全威胁。
Blocking features. Real-time blocking of known attackers and malicious networks and other security threats.
阻止功能。 实时阻止已知攻击者和恶意网络以及其他安全威胁。
Login security. Two-factor authentication, enforced strong passwords, security to lock out brute force attacks.
登录安全性。 两因素身份验证,强制使用强密码,安全性可阻止暴力攻击。
Security scanning. Scans core files, themes and plugins for malware and backdoors, and checks for files that have been changed.
安全扫描。 扫描核心文件,主题和插件中是否存在恶意软件和后门,并检查是否已更改文件。
Monitoring. Monitors traffic in real time including bots and reverse DNS, monitors for DNS changes and disk space.
监控。 实时监控流量,包括漫游器和反向DNS,监控DNS更改和磁盘空间。
42.多合一可湿性粉剂安全性和防火墙 (42. All In One WP Security & Firewall)
- Cost: Free 费用:免费
- Active installs: 500,000+ 有效安装:500,000+
- Rating: 4.8 out of 5 stars (669 reviews) 评分:4.8 / 5星(669条点评)
A comprehensive, easy to use, stable and well supported security plugin… It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
一个全面,易于使用,稳定且得到良好支持的安全插件……它通过检查漏洞以及实施和实施最新推荐的WordPress安全实践和技术来降低安全风险。
All In One WP Security & Firewall includes these security features:
多合一WP安全性和防火墙包括以下安全功能:
User accounts security. Change the default admin username, check for user display names that are the same as usernames, password strength tool, stop user enumeration.
用户帐户安全性。 更改默认的管理员用户名,检查与用户名,密码强度工具相同的用户显示名称,停止用户枚举。
User login security. Login lockdown (brute force protection), log out inctive users, view failed login attempts, whitelist IP addresses, see who’s logged in, CAPTCHA.
用户登录安全性。 登录锁定(强力保护),注销吸引用户,查看失败的登录尝试,将IP地址列入白名单,查看谁登录,CAPTCHA。
User registration security. Enable manual approval, CAPTCHA, Honeypot.
用户注册安全。 启用手动批准,CAPTCHA,Honeypot。
Database security. Set the default WP prefix, schedule automatic backups.
数据库安全性。 设置默认的WP前缀,安排自动备份。
File system security. Identify and fix insecure permissions, disable file editing from WP admin, monitor system logs.
文件系统安全性。 识别并修复不安全的权限,从WP管理员禁用文件编辑,监视系统日志。
htaccess and wp-config.php file backup and restore. Easily backup, restore and modify these important files.
htaccess和wp-config.php文件备份和还原。 轻松备份,还原和修改这些重要文件。
Blacklist functionality. Ban users based on IP address or range, or by specifying user agents.
黑名单功能。 根据IP地址或范围或通过指定用户代理来禁止用户。
Firewall. Add firewall protection via htaccess, firewall rules that stop malicious scripts.
防火墙。 通过htaccess(阻止恶意脚本的防火墙规则)添加防火墙保护。
Brute force login and attack prevention. Cookie-based login prevention, CAPTCHA on login form, rename login form URL, Honeypot.
暴力登录和攻击防范。 基于Cookie的登录预防,登录表单上的CAPTCHA,重命名登录表单URL,Honeypot。
Whois lookup. Get full details of a suspicous host.
Whois查找。 获取可疑主机的完整详细信息。
Security scanner. File change alerts, scan database tables for suspicious strings.
安全扫描仪。 文件更改警报,扫描数据库表以查找可疑字符串。
Comment spam security. Block IP addresses of spammers, add CAPTCHA to comment form.
评论垃圾邮件的安全性。 阻止垃圾邮件发送者的IP地址,将CAPTCHA添加到评论表单。
Front-end text copy protection. Disables right click, text selection and the copy option.
前端文本复制保护。 禁用右键单击,文本选择和复制选项。
43. iThemes安全 (43. iThemes Security)
- Cost: Free, Pro: 2 sites $80/year, 10 sites $100/year, unlimited sites $150/year, Gold $297 lifetime. 费用:免费,专业版:2个站点$ 80 /年,10个站点$ 100 /年,无限制站点$ 150 /年,金牌终身$ 297。
- Previously called Better WP Security 以前称为“更好的WP安全性”
- Active installs: 800,000+ 有效安装:800,000+
- Rating: 4.7 out of 5 stars (3,812 reviews) 评分:4.7分,满分5星(3,812条点评)
iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.
iThemes Security Pro消除了WordPress安全性的猜测。 您不必一定是安全专家才能使用安全插件,因此iThemes Security Pro可以轻松保护和保护WordPress网站。
The free version gives you some protection, but the Pro version includes these security features:
免费版本为您提供了一些保护,但是Pro版本包含以下安全功能:
Two-Factor Authentication. “Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.”
两因素身份验证。 “使用移动应用程序(例如Google Authenticator或Authy)来生成代码或将生成的代码通过电子邮件发送给您。”
WordPress Salts & Security Keys. “The iThemes Security plugin makes updating your WordPress keys and salts easy.”
WordPress盐和安全密钥。 “ iThemes安全性插件使更新WordPress密钥和盐变得容易。”
Malware Scan Scheduling. “Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.”
恶意软件扫描计划。 “每天自动为您的网站扫描恶意软件。 如果发现问题,则会发送一封包含详细信息的电子邮件。”
Password Security. “Generate strong passwords right from your profile screen.”
密码安全性。 “直接在您的个人资料屏幕上生成强密码。”
Password Expiration. “Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).”
密码过期。 “设置密码最长使用期限,并强制用户选择新密码。 您还可以强制所有用户立即选择新密码(如果需要)。”
Google reCAPTCHA. “Protect your site against spammers.”
Google reCAPTCHA。 “保护您的网站免受垃圾邮件发送者的侵害。”
User Action Logging. “Track when users edit content, login or logout.”
用户操作日志记录。 “跟踪用户何时编辑内容,登录或注销。”
Import/Export Settings. “Saves time setting up multiple WordPress sites.”
导入/导出设置。 “节省了设置多个WordPress网站的时间。”
Dashboard Widget. “Manage important tasks such as user banning and system scans right from the WordPress dashboard.”
仪表板小部件。 “直接从WordPress仪表板管理重要任务,例如用户禁止和系统扫描。”
Online File Comparison. “When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.”
在线文件比较。 “检测到文件更改后,它将扫描文件的来源,以确定更改是否是恶意的。 目前仅适用于WordPress核心,但插件和主题即将推出。”
Temporary Privilege Escalation. “Give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.”
临时特权升级。 “授予承包商或其他人临时管理员或编辑者对您的网站的访问权限,该权限将自动重置。”
wp-cli Integration. “Manage your site’s security from the command line.”
wp-cli集成。 “从命令行管理站点的安全性。”
44. Sucuri安全 (44. Sucuri Security)
- Cost: Free, Basic $199/year, Pro $299/year, Business $499/year 费用:免费,基本版$ 199 /年,专业版$ 299 /年,企业版$ 499 /年
- Active installs: 300,000+ 有效安装:300,000+
- Rating: 4.6 out of 5 stars (260 reviews) 评分:4.6 / 5星(260条点评)
We keep your website safe and hack-free! The Sucuri Platform is a suite of tools designed for complete website security. With no additional cost or hidden fees, the Sucuri Platform is affordable, easy to deploy, and supported by a team of professionals at your disposal.
我们确保您的网站安全无黑客! Sucuri平台是一套旨在实现完整网站安全性的工具。 Sucuri平台不收取任何额外费用或隐性费用,价格实惠,易于部署,并由您支配的专业团队提供支持。
Sucuri forms part of the security solution of many quality hosting providers, including SiteGround. It’s a valuable tool for SiteGround to protect its clients’ sites from malware, because it scans every link that is accessible from the website homepage on a daily basis. It includes these security features:
Sucuri构成了许多优质托管服务提供商(包括SiteGround)安全解决方案的一部分。 这是SiteGround保护客户网站免受恶意软件侵害的宝贵工具,因为它每天都会扫描可从网站主页访问的每个链接。 它包括以下安全功能:
Clean and repair hacked websites. “Professional security incident response team available 24/7/365.”
清理和修复被黑的网站。 “专业安全事件响应团队将于24/7/365提供服务。”
Attack and hack prevention. “A cloud-based WAF/IPS solution designed to stop hacks and attacks.”
攻击和黑客防御。 “旨在阻止黑客和攻击的基于云的WAF / IPS解决方案。”
Continuous monitoring. “Continuous monitoring and alerting of any security-related issues.”
持续监控。 “持续监视和警告任何与安全相关的问题。”
The free WordPress security plugin includes these features:
免费的WordPress安全插件包括以下功能:
- Security Activity Audit Logging 安全活动审核日志记录
- File Integrity Monitoring 文件完整性监控
- Remote Malware Scanning 远程恶意软件扫描
- Blacklist Monitoring 黑名单监控
- Effective Security Hardening 有效的安全加固
- Post-Hack Security Actions 黑客入侵后的安全措施
- Security Notifications 安全通知
45. Jetpack ,现在包括VaultPress (45. Jetpack, which now includes VaultPress)
- Cost: Free, Personal ($39/year), Premium ($99/year), Professional ($299/year) 费用:免费,个人($ 39 /年),高级($ 99 /年),专业($ 299 /年)
- Active installs: 3+ million 有效安装次数:3+百万
- Rating: 4.1 out of 5 stars (1,330 reviews) 评分:4.1,满分5星(1,330条点评)
Jetpack (by Automattic, who bring you WordPress) does more than just security. It basically brings the features of WordPress.com to the rest of us, which is appealing. For security and backup the paid plans includes VaultPress.
Jetpack(由Automattic带来,它为您带来了WordPress)所做的不仅仅是安全性。 它基本上将WordPress.com的功能带给了我们其他人,这很有吸引力。 为了安全和备份,付费计划包括VaultPress。
VaultPress is a real-time backup and security scanning service designed and built by Automattic, the same company that operates (and backs up!) millions of sites on WordPress.com.
VaultPress是由Automattic设计和构建的实时备份和安全扫描服务,该公司在WordPress.com上运营(并备份!)数百万个网站。
VaultPress is now powered by Jetpack and effortlessly backs up every post, comment, media file, revision, and dashboard setting on your site to our servers. With VaultPress you’re protected against hackers, malware, accidental damage, and host outages.
VaultPress现在由Jetpack提供支持,可轻松将您网站上的所有帖子,评论,媒体文件,修订和仪表板设置备份到我们的服务器。 使用VaultPress,您可以免受黑客,恶意软件,意外损坏和主机中断的影响。
VaultPress includes these security features:
VaultPress包括以下安全功能:
Backups. “Comprehensive daily or real-time automated backups stored in our offsite digital vault, optimized for WordPress and better than your host.”
备份。 “存储在我们的异地数字保管库中的全面的每日或实时自动备份,针对WordPress进行了优化,并且比您的主机更好。”
Restores. “Even during the most stressful moments we have your back. Restore your entire online presence quickly and easily without needing your host.”
恢复。 “即使在最紧张的时刻,我们也有支持。 无需主机即可快速轻松地恢复整个在线状态。”
File scanning. “Automatically detect and eliminate viruses, malware, and other exploitable security problems that may be hiding in your website.”
文件扫描。 “自动检测并消除可能隐藏在您网站中的病毒,恶意软件和其他可利用的安全问题。”
Automated file repair. “Fix detected viruses, malware, and other dangerous threats with a single click.”
自动文件修复。 “单击即可修复检测到的病毒,恶意软件和其他危险威胁。”
Spam defense. “Protect your SEO, readers, and brand reputation by automatically blocking all spammers.”
垃圾邮件防御。 “通过自动阻止所有垃圾邮件发送者来保护您的SEO,读者和品牌声誉。”
46. 防弹安全 (46. BulletProof Security)
- Cost: Free, Pro $59.95 (one time purchase) 费用:免费,专业版$ 59.95(一次性购买)
- Active installs: 100,000+ 有效安装:100,000+
- Rating: 4.7 out of 5 stars (302 reviews) 评分:4.7分,满分5星(302条评论)
BulletProof Security Pro has an amazing track record. BPS Pro has been publicly available for 5+ years and is installed on over 30,000 websites worldwide. Not a single one of those 30,000+ websites in 5+ years have been hacked.
BulletProof Security Pro拥有出色的记录。 BPS Pro已公开发布5年以上,并已在全球30,000多个网站上安装。 在过去5年多的时间里,这30,000多个网站中没有一个被黑客入侵。
100% hack free website guarantee. If your website is hacked after installing BPS Pro, we will clean up your hacked website for free. We can easily offer that awesome deal because your website will never be hacked if you have BPS Pro installed.
100%免费破解网站保证。 如果在安装BPS Pro后您的网站被黑,我们将免费清理被黑的网站。 我们可以轻松地提供这项令人敬畏的交易,因为如果您安装了BPS Pro,您的网站将永远不会被黑客入侵。
The free version includes these security features:
免费版本包括以下安全功能:
- One-Click setup wizard 一键式安装向导
- .htaccess website security protection (firewalls) .htaccess网站安全保护(防火墙)
- Hidden plugin folders / files cron (HPF) 隐藏的插件文件夹/文件cron(HPF)
- Login security & monitoring 登录安全和监控
- Idle session logout (ISL) 空闲会话注销(ISL)
- Auth cookie expiration (ACE) 身份验证Cookie到期时间(ACE)
- DB backup: full/Partial, manual/scheduled, email/zip, cron delete old backups, logging 数据库备份:完整/部分,手动/预定,电子邮件/ zip,cron删除旧备份,日志记录
- DB table prefix changer 数据库表前缀更改器
- Security logging 安全记录
- HTTP error logging HTTP错误记录
The Pro version adds these features:
专业版增加了以下功能:
- AutoRestore Intrusion Detection & Prevention System (ARQ IDPS) 自动还原入侵检测和防御系统(ARQ IDPS)
- Quarantine Intrusion Detection & Prevention System (ARQ IDPS) 隔离入侵检测和防御系统(ARQ IDPS)
- Real-time file monitor (IDPS) 实时文件监控器(IDPS)
- DB Monitor Intrusion Detection System (IDS) DB Monitor入侵检测系统(IDS)
- DB diff tool: data comparison tool DB diff工具:数据比较工具
- DB status & info 数据库状态和信息
- Plugin firewall (IP Firewall): automated whitelisting & IP address updating in real time 插件防火墙(IP防火墙):实时自动白名单和IP地址更新
- JTC anti-spam/anti-hacker JTC反垃圾邮件/反黑客
- Uploads folder anti-exploit guard (UAEG) 上传文件夹反漏洞防护(UAEG)
- Custom php.ini website security 自定义php.ini网站安全
- F-Lock: read only file locking F-Lock:只读文件锁定
- Additional logging options 其他记录选项
- S-Monitor: monitoring & alerting core S-Monitor:监视和警报核心
- Pro Tools: 16 mini-plugins Pro Tools:16个迷你插件
47. SecuPress (47. SecuPress)
- Cost: Free, 1 site $57.60/year, 3 sites $144/year, 10 sites $288/year, unlimited sites $479/year 费用:免费,1个站点$ 57.60 /年,3个站点$ 144 /年,10个站点$ 288 /年,无限制站点$ 479 /年
- Active installs: 5,000+ 有效安装:5,000+
- Rating: 4.8 out of 5 stars (19 reviews) 评分:4.8 / 5星(19条评论)
Protect your WordPress with malware scans, block bots & suspicious IPs. Get a complete WordPress security toolkit for free or as a pro plugin.
通过恶意软件扫描,阻止漫游器和可疑IP保护您的WordPress。 免费或作为专业插件获得完整的WordPress安全工具包。
If you are proactive, our free WordPress security plugin is a great choice! No time to activate weekly scans? Then SecuPress pro is the way to go. Our plugin takes care of everything with automated tasks.
如果您积极主动,我们的免费WordPress安全插件是一个不错的选择! 没有时间激活每周扫描? 然后,SecuPress pro是必经之路。 我们的插件可以自动完成所有任务。
SecuPress includes these features:
SecuPress包括以下功能:
- Anti brute force login 反暴力登录
- Blocked IPs 封锁的IP
- Firewall 防火墙功能
- Security alerts 安全警报
- Malware scan (Pro) 恶意软件扫描(专业版)
- Block country by geolocation 按地理位置封锁国家
- Protection of security keys 保护安全钥匙
- Block visits from bad bots 阻止恶意机器人的访问
- Vulnerable plugins & themes detection (Pro) 漏洞插件和主题检测(Pro)
- Security reports in PDF format (Pro) PDF格式的安全报告(Pro)
48. 安全忍者 (48. Security Ninja)
- Cost: Single site $29 (1 year updates/support), multi site $79 (1 year updates/support), forever unlimited $199 费用:单站点29美元(1年更新/支持),多站点79美元(1年更新/支持),永久无限199美元
- Active installs: 6,000+ 有效安装:6,000+
- Rating: 5 out of 5 stars (6 reviews) 评分:5,满分5星(6条评论)
Security Ninja helps thousands to stay safe and prevent downtime due to security issues. 50+ tests will provide a comprehensive overview of your site’s security.
安全忍者可帮助数千人保持安全并防止由于安全问题而导致的停机。 50多个测试将全面概述您的站点的安全性。
The free version lets you achieve the following:
免费版本使您可以实现以下目标:
- Perform 50+ security tests including brute-force attacks. 执行50多种安全测试,包括蛮力攻击。
- Check your site for security vulnerabilities and holes. 检查您的站点是否存在安全漏洞和漏洞。
- Take preventive measures against attacks. 采取预防措施以防攻击。
- Prevent 0-day exploit attacks. 防止零日漏洞攻击。
- Use included code snippets for quick fixes. 使用随附的代码段进行快速修复。
- Brute-force attack on user accounts to test password strength. 对用户帐户的蛮力攻击以测试密码强度。
- Numerous installation parameters tests. 大量的安装参数测试。
- File permissions. 文件权限。
- Version hiding. 版本隐藏。
- 0-day exploits tests. 0天漏洞利用测试。
- Debug and auto-update modes tests. 调试和自动更新模式测试。
- Database configuration tests. 数据库配置测试。
- Apache and PHP related tests Apache和PHP相关测试
- WP options tests. WP选项测试。
You can even more protection using these Pro modules:
您可以使用以下Pro模块提供更多保护:
Core scanner. “Easily monitor the state of your WP core files. Have a clear view of files that are modified but shouldn’t be and restore them with a single click.”
核心扫描仪。 “轻松监视WP核心文件的状态。 清晰查看已修改但不应该修改的文件,只需单击一下即可恢复它们。”
Malware scanner. “Powerful heuristic malware scanning algorithm will check all your themes, plugins, uploaded files and options table for suspicious content.”
恶意软件扫描程序。 “强大的启发式恶意软件扫描算法将检查您的所有主题,插件,上载的文件和选项表中的可疑内容。”
Auto fixer. “If you don’t like creating backups, editing files, messing with code and getting your hands dirty – Security Ninja PRO will do everything for you. Fix security issues with one click.”
自动修复。 “如果您不喜欢创建备份,编辑文件,弄乱代码并弄脏手– Security Ninja PRO将为您做所有事情。 一键解决安全问题。”
Events logger. “Monitor, track and log more than 50 events on the site in great detail. From user actions, to post edits and widget changes – Events Logger sees everything.”
事件记录器。 “非常详细地监视,跟踪和记录网站上的50多个事件。 从用户操作,到发布编辑和小部件更改-事件记录器都能看到一切。”
Scheduled scanner. “Have Security Ninja do automatic, periodic scans of your sites, including scans of core files. If there are any changes you’ll be notified via email.”
预定的扫描仪。 “让安全忍者对您的网站进行自动的定期扫描,包括对核心文件的扫描。 如果有任何更改,您将通过电子邮件收到通知。”
翻译自: https://www.sitepoint.com/ways-to-keep-your-wordpress-site-secure/
wordpress安全
6453
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
