wordpress安全_最简单的WordPress安全提示！

最新推荐文章于 2024-04-08 13:10:31 发布

culh2177

最新推荐文章于 2024-04-08 13:10:31 发布

阅读量141

点赞数

文章标签：数据库 python php java linux

原文链接：https://www.sitepoint.com/easiest-wordpress-security-tip-ever/

版权

wordpress安全

Sometimes you encounter a tip which is so simple you can’t believe you didn’t know about it before.

有时，您会遇到一个非常简单的提示，以至于您无法相信自己以前并不了解它。

If you’re running WordPress, you’ll have defined a wp-config.php file which contains essential settings such as the MySQL database host, name, user and password. It normally sits in the location where WordPress was installed — in most cases this will be the web server root but it could be any sub-folder.

如果您运行的是WordPress，则将定义一个wp-config.php文件，其中包含基本设置，例如MySQL数据库主机，名称，用户和密码。它通常位于WordPress的安装位置-在大多数情况下，这将是Web服务器的根目录，但可以是任何子文件夹。

You certainly don’t want wp-config.php falling into the wrong hands. Under normal circumstances, a naughty cracker cannot view the file because the PHP interpreter would parse it and return an empty page. However:

您当然不希望wp-config.php落入错误之手。通常情况下，顽皮的破解者无法查看文件，因为PHP解释器会解析该文件并返回一个空页面。然而：

The cracker will know exactly where the file is located and can target it more effectively.
破解者将确切知道文件的位置，并可以更有效地将其定位。
If PHP fails, e.g. perhaps during a update, wp-config.php could be viewed directly in a browser by entering the URL.
如果PHP失败(例如在更新过程中)，则可以通过输入URL在浏览器中直接查看wp-config.php。

Ready for the simple tip…

准备好简单的提示...

Move the wp-config.php file into the folder above your WordPress installation.

将wp-config.php文件移动到WordPress安装上方的文件夹中。

For example, you may have a folder structure such as /home/mysite/public_html/ where WordPress is installed. In that case, you would move wp-config.php into /home/mysite/.

例如，您可能具有一个文件夹结构，例如/ home / mysite / public_html /，其中安装了WordPress。在这种情况下，您可以将wp-config.php移至/ home / mysite /。

This has several benefits:

这有几个好处：

Assuming /home/mysite/public_html/ was the web server’s root folder, /home/mysite/ is inaccessible to anyone using a browser.
假设/ home / mysite / public_html /是Web服务器的根文件夹，则使用浏览器的任何人都无法访问/ home / mysite /。
A cracker has less chance of locating the correct file.
破解者找到正确文件的机会较小。
It’s so simple, there’s little reason not to do it!
它是如此简单，没有理由不这样做！

Perhaps this won’t be the most exciting tech article you read today, but it’s useful to know. I hope it helps with your security efforts.

也许这不是您今天阅读的最激动人心的技术文章，但了解它很有用。希望它对您的安全工作有所帮助。