wordpress安全
Before the Major Brute-Force Attack Occurred on WordPress Sites, WordPress announced its “Two Step Authentication” process to improve the WordPress security.
在WordPress网站上发生重大蛮力攻击之前,WordPress宣布了其“ 两步身份验证 ”过程以提高WordPress的安全性。
What is Two Step Authentication?
什么是两步验证?
It is a kind of feature or process introduced by WordPress to tighten its security. It adds another layer of security to your WordPress accounts. Those who have enabled the two step authentication with Google accounts must have an idea about it. The two step authentication with WordPress.com works similarly. WordPress also uses your mobile device to send a verification code to your account, which is impossible-to-guess.
这是WordPress引入的一种旨在加强其安全性的功能或过程。 它为您的WordPress帐户增加了另一层安全性。 那些使用Google帐户启用了两步身份验证的用户必须对此有所了解。 使用WordPress.com进行两步身份验证的工作原理类似。 WordPress还使用您的移动设备将验证码发送到您的帐户,这是无法猜测的。
How to Improve WordPress Security with Two Step Authentication?
如何通过两步验证提高WordPress安全性?
Logging in with Two Step Authentication
使用两步身份验证登录
There are two different ways you can enable the two step authentication, which are:
您可以通过两种不同的方式来启用两步身份验证:
- Two Step Authentication via Smartphone’s 通过智能手机的两步身份验证
- Two Step Authentication via Email 通过电子邮件进行两步身份验证
Two Step Authentication via Smartphone’s
通过智能手机进行两步身份验证
In order to enable two step authentication via smartphone’s it is required to install the “Google Authenticator app” on your smartphone, which is available for iOS, Android, and Blackberry smartphone’s.
为了通过智能手机启用两步身份验证,需要在智能手机上安装“ Google Authenticator应用”,该应用可用于iOS,Android和Blackberry智能手机。
Every time when you log into your wordpress.com account that has enabled the Two Step Authentication process, it will ask you to:
每次您登录启用了“两步身份验证”过程的wordpress.com帐户时,都会要求您:
- Enter your username and password at WordPress.com, which is the first step. 第一步,在WordPress.com上输入您的用户名和密码。
- Enter a secret verification code that you receive on your smartphone – is the second step. 输入您在智能手机上收到的秘密验证码-第二步。
The secret code that is sent to your phone will keep on changing with each login you make. If you don’t have one of the above mentioned phones you can also receive it via SMS (text message).
每次登录时,发送到手机的密码都会不断更改。 如果您没有上述电话之一,也可以通过短信(短信)接收。
Two Step Authentication process significantly diminishes the probability that someone could attempt to get an unauthorized access to your WordPress.com account. To get access to your WordPress account, possibly they would require access to your username, password, and phone.
两步身份验证过程大大降低了有人试图未经授权访问您的WordPress.com帐户的可能性。 要访问您的WordPress帐户,可能他们需要访问您的用户名,密码和电话。
Application-Specific Passwords
特定于应用程序的密码
Also, another way is to create “Application-Specific Passwords”. There are several apps out there which people subscribe to WordPress blogs. The most common you will find are WordPress mobile apps and Jabber apps.
另外,另一种方法是创建“应用程序专用密码”。 那里有几个应用程序,人们可以订阅WordPress博客。 您会发现最常见的是WordPress移动应用程序和Jabber应用程序。
For such kind of apps, you can create unique passwords for each phone and tablet. Providing the application name and generating a password will create a unique 16-character password which can be used every time when you login from that particular device. It will help you secure your WordPress account across several devices. In case, your device is lost, you can remove the application from your WordPress account to disable the password so that others won’t be able to access your account via that application on your lost device.
对于此类应用,您可以为每个手机和平板电脑创建唯一的密码。 提供应用程序名称并生成密码将创建一个唯一的16个字符的密码,每次从该特定设备登录时都可以使用该密码。 这将帮助您跨多个设备保护WordPress帐户。 万一您的设备丢失了,您可以从WordPress帐户中删除该应用程序以禁用密码,这样其他人将无法通过丢失的设备上的该应用程序访问您的帐户。
You can find detailed steps for the above Authentication ways on the wordpress.com site.
您可以在wordpress.com网站上找到上述认证方式的详细步骤。
Two Step Authentication via Email
通过电子邮件进行两步身份验证
WordPress users that have opted for WordPress Hosting service with another web hosting companies and don’t have a smartphone to implement the above authentication ways can still take advantage of the Two Step Authentication log-in process via the “WordPress 2-step Verification” plugin available in the Plugin Directory of WordPress.
选择与其他网络托管公司合作使用WordPress托管服务且没有智能手机来实现上述身份验证方式的WordPress用户仍可以通过“ WordPress两步验证 ”插件利用两步身份验证登录过程可以在WordPress的插件目录中找到。
This WordPress 2-step Verification plugin enables you to generate a unique verification code via iPhone/Android/Blackberry smartphones or via Email. If you don’t have a phone, it provides you another option which is Code Verification via Email. Kindly follow the steps given below to enable the “Two Step Authentication via Email”.
这个WordPress两步验证插件可让您通过iPhone / Android / Blackberry智能手机或电子邮件生成唯一的验证码。 如果您没有电话,它将为您提供另一个选项,即通过电子邮件进行代码验证。 请按照以下步骤启用“通过电子邮件进行两步身份验证”。
Step 1: Log in to your WordPress Dashboard.
步骤1:登录到WordPress信息中心。
Step 2: Go to Plugins >> Add New and Search for the plugin “WordPress 2-step Verification”.
第2步:转到插件>>添加新内容,然后搜索插件“ WordPress两步验证 ”。
Step 3: Install the plugin and Activate it.
步骤3:安装插件并激活它。
Step 4: Now, go to Users tab and you will see the “2-Step Verification” in the list as shown in the image below. Click on that option.
步骤4:现在,转到“用户”选项卡,您将在列表中看到“两步验证”,如下图所示。 单击该选项。
The 2-Step Verification configuration page will look like this:
两步验证配置页面如下所示:
If you are using the smartphone for authentication you can choose the “Mobile application” option. Here, we are going to enable the 2-step authentication via Email.
如果您使用智能手机进行身份验证,则可以选择“移动应用程序”选项。 在这里,我们将通过电子邮件启用两步身份验证。
Step 5: Click on the “Add an Email” link. Clicking the link will load a form to enter the details. There will be three steps to enable the email authentication: Add an Email, Verify Computer, and Activate. Now, enter the desired email address in the field as shown in the image below so that plugin can send codes and click on the “Send Code” button to send the verification code to your email.
步骤5:点击“添加电子邮件”链接。 单击链接将加载一个表单以输入详细信息。 启用电子邮件身份验证将分三个步骤:添加电子邮件,验证计算机和激活。 现在,如下图所示,在字段中输入所需的电子邮件地址,以便插件可以发送代码,然后单击“发送代码”按钮以将验证代码发送到您的电子邮件。
Check your email, and enter the verification code in the box as shown in the image above and Click on the “Verify” button to complete the next step. It will show you this message: “Your email is configured. Click Next to continue.”
检查您的电子邮件,然后在上图所示的框中输入验证码,然后单击“验证”按钮以完成下一步。 它会向您显示以下消息:“您的电子邮件已配置。 单击下一步继续。”
Step 6: If you select the option “Trust this computer”, it won’t ask you for the verification every time you login. However, if you unselect the option it will generate a new code every time you login to your WordPress account. If you are using different computers and devices to login, then it is recommended to keep the box unselected.
步骤6:如果您选择“信任此计算机”选项,则每次登录时它都不会要求您进行验证。 但是,如果取消选择该选项,则每次登录WordPress帐户时都会生成一个新代码。 如果您使用其他计算机和设备登录,则建议不要选中该框。
Click on the “Next” button.
点击“下一步”按钮。
Step 7: This would be the last step to enable the “Wordpress 2-step Verification” plugin process. Simply, click on the “TURN ON 2-STEP VERIFICATION” button in red color to enable the verification process as shown in the image below.
步骤7:这将是启用“ Wordpress两步验证”插件过程的最后一步。 只需单击红色的“打开两步验证 ”按钮即可启用验证过程,如下图所示。
Now onwards, every time you login to your WordPress Admin Dashboard, it will prompt you to enter the verification code sent on your email address. (See image below)
现在开始,每次您登录WordPress Admin Dashboard时,它将提示您输入通过电子邮件地址发送的验证码。 (见下图)
In order to login successfully, you just have to copy the verification code from your email inbox and enter it in the box shown in the image above.
为了成功登录,您只需要从电子邮件收件箱复制验证码,然后在上图所示的框中输入验证码即可。
Hope the steps shown here will help you secure your WordPress sites from such attacks.
希望此处显示的步骤将帮助您保护WordPress网站免受此类攻击。
翻译自: https://www.eukhost.com/blog/webhosting/improve-wordpress-security-with-two-step-authentication/
wordpress安全
1105
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
