wordpress安全
Sometimes you encounter a tip which is so simple you can’t believe you didn’t know about it before.
有时,您会遇到一个非常简单的提示,以至于您无法相信自己以前并不了解它。
If you’re running WordPress, you’ll have defined a wp-config.php file which contains essential settings such as the MySQL database host, name, user and password. It normally sits in the location where WordPress was installed — in most cases this will be the web server root but it could be any sub-folder.
如果您运行的是WordPress,则将定义一个wp-config.php文件,其中包含基本设置,例如MySQL数据库主机,名称,用户和密码。 它通常位于WordPress的安装位置-在大多数情况下,这将是Web服务器的根目录,但可以是任何子文件夹。
You certainly don’t want wp-config.php falling into the wrong hands. Under normal circumstances, a naughty cracker cannot view the file because the PHP interpreter would parse it and return an empty page. However:
您当然不希望wp-config.php落入错误之手。 通常情况下,顽皮的破解者无法查看文件,因为PHP解释器会解析该文件并返回一个空页面。 然而:
- The cracker will know exactly where the file is located and can target it more effectively. 破解者将确切知道文件的位置,并可以更有效地将其定位。
- If PHP fails, e.g. perhaps during a update, wp-config.php could be viewed directly in a browser by entering the URL. 如果PHP失败(例如在更新过程中),则可以通过输入URL在浏览器中直接查看wp-config.php。
Ready for the simple tip…
准备好简单的提示...
Move the wp-config.php file into the folder above your WordPress installation.
将wp-config.php文件移动到WordPress安装上方的文件夹中。
For example, you may have a folder structure such as /home/mysite/public_html/ where WordPress is installed. In that case, you would move wp-config.php into /home/mysite/.
例如,您可能具有一个文件夹结构,例如/ home / mysite / public_html /,其中安装了WordPress。 在这种情况下,您可以将wp-config.php移至/ home / mysite /。
This has several benefits:
这有几个好处:
- Assuming /home/mysite/public_html/ was the web server’s root folder, /home/mysite/ is inaccessible to anyone using a browser. 假设/ home / mysite / public_html /是Web服务器的根文件夹,则使用浏览器的任何人都无法访问/ home / mysite /。
- A cracker has less chance of locating the correct file. 破解者找到正确文件的机会较小。
- It’s so simple, there’s little reason not to do it! 它是如此简单,没有理由不这样做!
Perhaps this won’t be the most exciting tech article you read today, but it’s useful to know. I hope it helps with your security efforts.
也许这不是您今天阅读的最激动人心的技术文章,但了解它很有用。 希望它对您的安全工作有所帮助。
翻译自: https://www.sitepoint.com/easiest-wordpress-security-tip-ever/
wordpress安全