wordpress修复插件_修复最常见的WordPress安全问题的十大技巧

wordpress修复插件

This article on fixing WordPress security issues was originally published by Torque Magazine, and is reproduced here with permission.

这篇有关修复WordPress安全问题的文章最初由Torque Magazine发行 ，并在获得许可的情况下在此处转载。

Three out of every four WordPress websites are vulnerable to attacks. If your site is hacked, it will not only cost you in terms of restoring the system back to a safe level, but it will also damage your reputation and affect your search engine ranking.

每四个WordPress网站中就有三个容易受到攻击。 如果您的网站被黑客入侵，不仅会花费您将系统恢复到安全级别的费用，还会损害您的声誉并影响您的搜索引擎排名。

But if you follow some best practices you can tighten the security and protect the website from malicious attacks. Here are some tips to fix WordPress security issues.

但是，如果您遵循一些最佳做法，则可以加强安全性并保护网站免受恶意攻击。 以下是一些解决WordPress安全问题的技巧。

提示1：两因素验证 (Tip #1: Two-factor authentication)

An effective method of protecting your WordPress website from brute force attacks is to secure your site’s login. By implementing two-factor authentication you can have an extra layer of security during login.

保护您的WordPress网站免受暴力攻击的有效方法是保护您网站的登录。 通过实施两因素身份验证，您可以在登录期间拥有额外的安全层。

Apart from a username and password, you will need to enter a one-time passcode sent via an SMS to your phone to log in to the site. Several plugins like Duo Two-factor authentication, Google Authenticator are available to implement this feature effectively.

除了用户名和密码，您还需要输入通过短信发送到手机的一次性密码才能登录该站点。 可以使用Duo二重身份验证，Google Authenticator等插件来有效地实现此功能。

提示2：强密码 (Tip #2: Strong password)

An effective way of dealing with WordPress security issues is to have a strong password with a minimum of 10 characters. It should be a combination of lowercase letters, uppercase letters, and numbers along with special characters.

解决WordPress安全问题的一种有效方法是使用一个至少10个字符的强密码。 它应该是小写字母，大写字母和数字以及特殊字符的组合。

Passwords should be hard to guess and they should be changed often. Preferably keep different passwords for different websites. One can use tools like “Strong password generator” to generate passwords that are hard to crack.

密码应该很难猜到并且应该经常更改。 最好为不同的网站保留不同的密码。 可以使用“强密码生成器”之类的工具来生成难以破解的密码。

Get Ultimate WordPress Security Guide

获取终极WordPress安全指南

提示3：限制登录尝试 (Tip #3: Limit login attempts)

Hackers use tactics like trying to login to the website again and again until they crack the password. If you limit the number of times a person can attempt to log in within a specific period one can save the WordPress website from brute-force attacks.

黑客使用战术来尝试一次又一次地登录该网站，直到他们破解密码为止。 如果您限制一个人在特定时期内尝试登录的次数，则可以使WordPress网站免遭暴力攻击。

There are plugins available that have a locking mechanism to restrict the number of login attempts. They block the IP addresses of users that cross the threshold limit of failed login attempts.

有可用的插件具有锁定机制，以限制登录尝试的次数。 它们阻止超过登录尝试失败阈值限制的用户的IP地址。

提示4：选择优质的托管服务提供商 (Tip #4: Choose a good hosting provider)

You can make use of the latest security hacks but your efforts will be in vain if the security of your host itself is vulnerable to attacks. Choose a good hosting provider that specializes in WordPress and includes WP firewall, Malware scanning, up-to-date PHP, and MySQL to ensure a secured hosting.

您可以利用最新的安全性技巧，但是如果主机本身的安全性容易受到攻击，则您的努力将徒劳无功。 选择一个擅长WordPress且包括WP防火墙，恶意软件扫描，最新PHP和MySQL的良好托管服务提供商，以确保安全托管。

提示5：预定备份 (Tip #5: Scheduled Backups)

As a part of an effective security and crisis management strategy, one must have a scheduled backup plan. If something goes wrong, one can rely on the backup solution to restore to the version prior to the damage and get back on track in the least possible time. Plugins like Vaultpress, Backup Buddy help in taking regular backups and provide restore options.

作为有效的安全和危机管理策略的一部分，必须制定计划的备份计划。 如果出现问题，可以依靠备份解决方案在损坏之前还原到版本，并在最短的时间内恢复正常。 Vaultpress ， Backup Buddy之类的插件可帮助您进行常规备份并提供还原选项。

提示6：更改管理员用户名 (Tip #6: Change admin username)

Don’t keep “admin” as the username, since it is the most commonly used string. Hackers use this username first to try and break into the website. If you already have a WordPress website with a username as admin, you will need to create a new user and give him administrative privileges.

不要使用“ admin”作为用户名，因为它是最常用的字符串。 黑客首先使用该用户名尝试进入该网站。 如果您已经拥有一个使用用户名admin的WordPress网站，则需要创建一个新用户并赋予他管理权限。

Assign your posts to the new admin user. Then delete the old admin account from WordPress. Alternatively, you can change the admin username by using a plugin.

将您的帖子分配给新的管理员用户。 然后从WordPress删除旧的管理员帐户。 或者，您可以使用插件来更改管理员用户名。

提示7：保持WordPress环境最新 (Tip #7: Keep WordPress environment up to date)

Whenever a security issue crops up WordPress releases an updated version to patch the security flaw. Make sure that you upgrade your WordPress installation whenever a new version is released. Running an older version of WordPress makes it vulnerable.

每当出现安全问题时，WordPress都会发布更新版本以修复安全漏洞。 确保在发布新版本时升级WordPress安装。 运行旧版本的WordPress使其容易受到攻击。

Since the hackers get information regarding the security flaws of the older version they can easily target and attack your website if it still runs on an older version. Use automatic updates and maintain your website regularly.

由于黑客可以获得有关旧版本安全漏洞的信息，因此，如果您的网站仍在旧版本上运行，他们可以轻松地针对您的网站并进行攻击。 使用自动更新并定期维护您的网站。

提示8：更新插件和主题 (Tip #8: Update Plugins and Themes)

Plugins and themes are like open doors to your personal information. Since they are prone to attacks they need to be secured properly. Keep them up to date just as you do with the WordPress environment.

插件和主题就像打开您的个人信息之门。 由于它们容易受到攻击，因此需要对其进行适当保护。 就像在WordPress环境中一样，使它们保持最新。

You can easily identify the plugins that require updating in the admin dashboard. Configure automatic updates wherever possible so that everything stays current.

您可以在管理控制台中轻松识别需要更新的插件。 尽可能配置自动更新，以使所有内容保持最新。

提示9：删除未使用的插件 (Tip #9: Delete plugins not in use)

Inactive plugins on a WordPress website are prone to threats. Because one tends to ignore the updates on those plugins. Hence it’s a good idea to delete plugins that you are not using and reduce vulnerability. Note that simply deactivating the plugin isn’t enough. You need to delete them to ensure they do not become the entry points for the hackers.

WordPress网站上的无效插件容易受到威胁。 因为人们倾向于忽略那些插件的更新。 因此，最好删除不使用的插件并减少漏洞。 请注意，仅停用插件是不够的。 您需要删除它们，以确保它们不会成为黑客的切入点。

提示10：监控WordPress文件 (Tip # 10: Monitor WordPress files)

Use security plugins like Wordfence help you monitor and track changes to the WP files. With security scanning and intrusion detection and prevention features, these plugins provide for a complete security solution.

使用Wordfence等安全插件可以帮助您监视和跟踪WP文件的更改。 这些插件具有安全扫描以及入侵检测和防御功能，可提供完整的安全解决方案。

These were just some of the strategies that one can adapt to fix WordPress security issues. Protecting the WordPress environment is a continuous process. One needs to be aware of the new threats as well as new tricks and tools to deal with them on a regular basis.

这些只是可以用来解决WordPress安全问题的一些策略。 保护WordPress环境是一个连续的过程。 人们需要意识到新的威胁以及定期应对新威胁的技巧和工具。

翻译自: https://www.sitepoint.com/fixing-wordpress-security-issues/

wordpress修复插件