wordpress ip
According to a study conducted back in 2013, approximately 30,000 websites are hacked every day. It goes without saying that you need to take measures to protect your site from hackers.
根据2013年进行的一项研究, 每天大约有30,000个网站被黑客入侵 。 不用说,您需要采取措施保护您的网站免受黑客攻击。
Securing your own data is important, but letting your visitors know that their data is safe is even more so. A protected site is a credible site.
保护您自己的数据很重要,但是让访问者知道他们的数据是安全的则更为重要。 受保护的站点是可信的站点。
There are several methods you can adopt to lower the chances of your WordPress site from being hacked. Limiting access to a pre-defined set of users is one of them. In this article, we’ll walk you through a step-by-step procedure to set IP restrictions for the WordPress login page.
您可以采用多种方法来降低WordPress网站遭到黑客攻击的机会。 将访问权限限制为一组预定义的用户就是其中之一。 在本文中,我们将逐步指导您为WordPress登录页面设置IP限制。
Before we move on to the tutorial, let’s quickly go over some WordPress security threats that your site faces.
在继续学习本教程之前,让我们快速浏览一下您的网站面临的一些WordPress安全威胁。
WordPress安全威胁 (WordPress Security Threats)
Brute Force Login Attempts – When a hacker tries to access your site by attempting to log in using an extensive list of username-password combinations.
蛮力登录尝试 –当黑客试图通过尝试使用用户名-密码组合的广泛列表进行登录来访问您的网站时。
Login Information Confirmation – WordPress informs the user which part of the login credentials they’ve entered incorrectly. For instance, if your username is correct but password doesn’t match, WordPress will inform the user of it. This makes brute force attacks much, much easier.
登录信息确认 – WordPress会通知用户他们输入的部分登录凭据不正确。 例如,如果您的用户名正确但密码不匹配,WordPress将通知用户。 这使暴力攻击变得非常容易。
WordPress Version – If a hacker finds out the version of WordPress you’re using they can use version-specific vulnerabilities to gain access to your site.
WordPress版本 –如果黑客发现您正在使用的WordPress版本,他们可以使用特定于版本的漏洞来访问您的网站。
WordPress Global Registration – By default, WordPress does not allow users from all over the world to register with your site. This option should remain disabled as a preventive measure.
WordPress全球注册 –默认情况下,WordPress不允许来自世界各地的用户向您的网站注册。 作为预防措施,应禁用此选项。
Access to Themes and Plugins – WordPress site owners give access to file editing functionality which may prove to be a security issue is your site is hacked, so it is generally advised against.
访问主题和插件 – WordPress网站所有者可以访问文件编辑功能,如果您的网站遭到了黑客入侵,这可能被证明是安全问题,因此通常不建议这样做。
Let’s look at some preliminary steps that you need to take before altering your site’s files.
让我们看看更改站点文件之前需要采取的一些初步步骤。
一些安全措施 (A Few Safety Measures)
In this tutorial, we will be adding PHP code to the site’s .htaccess configuration file. As a precautionary measure, the first step is to backup the configuration file.
在本教程中,我们将向站点的.htaccess配置文件中添加PHP代码。 作为预防措施,第一步是备份配置文件。
Some of you might also want to backup your entire site before you get started. Taking regular backups of your site is a good habit and should definitely be done before making any large-scale alterations to it. VaultPress is a great plugin that’ll get the job done.
有些人可能还想在开始之前备份整个站点。 定期备份您的站点是一个好习惯,因此绝对应在对其进行任何大规模更改之前进行备份。 VaultPress是一个出色的插件,可以完成工作。
静态IP与动态IP (Static IP Versus Dynamic IP)
In this tutorial we’ll show you how you can restrict access to your WordPress site’s Dashboard on both static IP addresses and dynamic IP addresses.
在本教程中,我们将向您展示如何限制静态IP地址和动态IP地址对WordPress网站仪表板的访问。
The Static IP Address tutorial should be followed if you edit your site from your desktop or a few other locations. In this case, your IP address doesn’t change i.e. it remains static.
如果您从桌面或其他几个位置编辑站点,则应遵循“ 静态IP地址”教程。 在这种情况下,您的IP地址不会更改,即它保持静态。
The Dynamic IP Address tutorial should be followed if your site is edited from several locations. Your IP address changes frequently if:
如果从多个位置编辑站点,则应遵循“ 动态IP地址”教程。 在以下情况下,您的IP地址会经常更改:
- Other team members access the website from different locations to edit it 其他团队成员从不同位置访问网站以对其进行编辑
- You use a mobile device to edit your website 您使用移动设备编辑网站
- You travel regularly and need access to your site from different locations 您经常旅行,需要从不同的位置访问您的网站
Now that the basics out of the way, let’s get started.
现在,基础知识已经解决了,让我们开始吧。
入门 (Getting Started)
The first step to setting IP restrictions to your WordPress login page is knowing what your IP address is. If you don’t already know, you can check it via sites like whatismyipaddress.com.
为WordPress登录页面设置IP限制的第一步是知道您的IP地址是什么。 如果您尚不知道,可以通过whatismyipaddress.com之类的网站进行检查。
As we mentioned above, we’ll be making changes in the .htaccess configuration file. The second step is to locate your site’s .htaccess configuration file. The .htaccess configuration file is located in your site’s root directory. However, if you don’t have a .htaccess configuration file for some reason you can create one yourself. Login with cPanel or a FTP client and locate your file.
如上所述,我们将在.htaccess配置文件中进行更改。 第二步是找到站点的.htaccess配置文件。 .htaccess配置文件位于站点的根目录中。 但是,如果由于某种原因没有.htaccess配置文件,则可以自己创建一个。 使用cPanel或FTP客户端登录并找到您的文件。
Once you’ve found it, step three is to find a suitable text editor so that you can add code to the configuration file. We recommend that you use cPanel’s built-in text editor or a desktop specific text editor (such as Notepad) to edit the .htaccess configuration file.
找到它之后,第三步是找到一个合适的文本编辑器,以便可以将代码添加到配置文件中。 我们建议您使用cPanel的内置文本编辑器或桌面特定的文本编辑器(例如记事本)来编辑.htaccess配置文件。
Note: All code will be added to the very top of the .htaccess configuration file to prevent the chances of messing up existing site settings.
注意:所有代码都将添加到.htaccess配置文件的最顶部,以防止混乱现有站点设置的机会。
使用静态IP地址设置IP限制 (Setting IP Restrictions Using Static IP Address)
If your IP address doesn’t change frequently or if you access your site from a few, known IP addresses then you can set IP restrictions using the static IP address approach. In this tutorial, you’ll be able to create a safe IP list for those users (IP addresses) who access your WordPress site’s login page.
如果您的IP地址不经常更改,或者您从一些已知的IP地址访问站点,则可以使用静态IP地址方法设置IP限制。 在本教程中,您将能够为访问WordPress网站登录页面的那些用户(IP地址)创建一个安全的IP列表 。
如何使用静态IP地址设置IP限制 (How to Set IP Restrictions Using Static IP Address)
Open your site’s
.htaccessconfiguration file in cPanel (or any text editor).在cPanel(或任何文本编辑器)中打开站点的
.htaccess配置文件。Add the following code to the top of the
.htaccessconfiguration file (Gist is also available).将以下代码添加到
.htaccess配置文件的顶部( 也提供Gist )。RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteCond %{REMOTE_ADDR} !^12\.345\.678\.90 RewriteCond %{REMOTE_ADDR} !^IP Address InsertTwo$ RewriteCond %{REMOTE_ADDR} !^IP Address InsertThree$ RewriteRule ^(.*)$ - [R=403,L]Save the
.htaccessconfiguration file.保存
.htaccess配置文件。
编辑代码 (Editing the Code)
All you have to do now is edit line 4 and line 5 (line 9 and line 10 in the Gist) and add the IP addresses that are permitted to access the WordPress login page. To do this, replace IP Address InsertTwo$ and IP Address InsertThree$ with the IP address you want to grant login address to. The IP address you give should be in the format specified in line 3 (line 8 in the Gist).
您现在要做的就是编辑第4行和第5行( Gist中的第9行和第10行),并添加允许访问WordPress登录页面的IP地址。 为此,将IP Address InsertTwo$和IP Address InsertThree$替换为您要向其授予登录地址的IP地址。 您提供的IP地址应采用第3行( Gist中的第8行)指定的格式。
添加或删除授权用户 (Adding or Removing Authorized Users)
If you’d like to grant login access to more IP addresses you can simply copy-paste RewriteCond %{REMOTE_ADDR} !^IP Address Insert$ and insert the IP address in place of IP Address Insert$. Similarly, if you’d like to grant access to only one or two, then remove the extra RewriteCond %{REMOTE_ADDR} lines from the code.
如果您想授予登录到更多IP地址的权限,您只需复制粘贴RewriteCond %{REMOTE_ADDR} !^IP Address Insert$并插入IP地址代替IP Address Insert$ 。 同样,如果您只想授予一个或两个访问权限,则从代码中删除多余的RewriteCond %{REMOTE_ADDR}行。
未经授权的用户访问页面时会发生什么? (What Happens When an Unauthorized User Visits the Page?)
Now that you’ve set the IP restrictions, when an unauthorized user visits your site’s login page or the wp-admin page they’ll see your current theme’s 404 Error page.
现在,您已经设置了IP限制,当未经授权的用户访问您站点的登录页面或wp-admin页面时,他们将看到您当前主题的404 Error页面。
If you follow the Gist, you’ll notice that the code caters for a redirect loop in the first two lines. You’ll have to change your-site's-path in line 1 and line 2 to the correct path of your site.
如果遵循Gist ,您会注意到该代码在前两行中迎合了重定向循环。 您必须将第1行和第2行中your-site's-path更改your-site's-path的正确路径。
使用动态IP地址设置IP限制 (Setting IP Restrictions Using a Dynamic IP Address)
Some of you might have to grant login access to several users whether it’s because your site has many contributors or because you’re running a Multisite network. The fundamental fact is that there are several, dynamically changing IP addresses that need to login to your site’s dashboard.
某些人可能必须授予登录权限给多个用户,无论是因为您的站点有很多贡献者,还是因为您正在运行多站点网络。 基本事实是,有多个动态更改的IP地址需要登录到站点的仪表板。
如何使用动态IP地址设置IP限制 (How to Set IP Restrictions Using a Dynamic IP Address)
Open your site’s
.htaccessconfiguration file in cPanel (or any text editor).在cPanel(或任何文本编辑器)中打开站点的
.htaccess配置文件。Add the following code to the top of the
.htaccessconfiguration file (Gist is also available).将以下代码添加到
.htaccess配置文件的顶部( 也提供Gist )。RewriteEngine on RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?your-site's-name.com [NC] RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteRule ^(.*)$ - [F]Save the
.htaccessconfiguration file.保存
.htaccess配置文件。
编辑代码 (Editing the Code)
To make code applicable to your site, substitute your-site’s-name.com in line 3 (line 7 in the Gist) with the URL to your WordPress site.
为了使代码适用于您的网站,请用WordPress网站的网址替换第3行( Gist中的第7行)中的your-site's-name.com。
The Gist version of this code also caters for a redirect loop in the first two lines. You’ll have to change your-site's-path in line 1 and line 2 to the correct path of your site. By doing this a 404 Error page will be displayed if your site is thrown into a redirect loop.
该代码的Gist版本还在前两行中提供了重定向循环。 您必须将第1行和第2行中your-site's-path更改your-site's-path的正确路径。 如果您的网站陷入重定向循环,则将显示404 Error页面。
代码的功能 (Code’s Functionality)
This code restricts access to hackers who use brute force attacks to gain access to your WordPress site through bots. Hackers try to access your site externally. Adding this code to the .htaccess configuration file means that only visitors who navigate to the page via your actual site i.e. internally, will be able to access the site’s login page or wp-admin page.
该代码将访问权限限制于使用蛮力攻击通过机器人访问您的WordPress网站的黑客。 黑客尝试从外部访问您的网站。 将此代码添加到.htaccess配置文件中,意味着只有通过您的实际站点(即内部)导航到该页面的访问者才能访问该站点的登录页面或wp-admin页面。
结语 (Wrapping It Up)
There’s no one solution that will guarantee your site protection from every possible threat,. Setting IP restrictions to the WordPress login page will go a long way to protect your site from brute force attacks.
没有一种解决方案可以保证您的站点免受各种可能的威胁。 为WordPress登录页面设置IP限制将大大保护您的网站免受暴力攻击。
If you’d like more information on WordPress security, you can read Preventing Brute Force Attacks Against WordPress Websites by Narayan Prusty and Tim Carr’s 10 Tips to Secure WordPress.
如果您想了解有关WordPress安全性的更多信息,可以阅读Narayan Prusty和Tim Carr的“ 保护WordPress的10条技巧”中的“ 防止对WordPress网站的暴力攻击” 。
Has your WordPress site ever faced a security threat? What measures do you take to protect your site from security threats? Let us know in the comments section below.
您的WordPress网站是否曾经遇到过安全威胁? 您采取什么措施来保护您的站点免受安全威胁? 在下面的评论部分让我们知道。
翻译自: https://www.sitepoint.com/setting-ip-restrictions-to-the-wordpress-login-page/
wordpress ip
扫一扫
1937
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
