wordpress汉化技巧
WordPress is a fantastic platform for building websites but when it comes to security it does have a few vulnerabilities. In this post, we’ll provide you with a range of tips to help you make your WordPress website far more secure.
WordPress是构建网站的绝佳平台,但在安全性方面确实存在一些漏洞。 在这篇文章中,我们将为您提供一系列技巧,以帮助您使WordPress网站更加安全。
隐藏您的wp-admin登录页面 (Hide your wp-admin login page)
When most hackers try to break into your website, they’ll do it by attempting to log in via your wp-admin page. With WordPress being so popular, everyone knows this is the standard login page, so all a hacker needs to do is type in ‘http://yoursite/wp-admin’ in their browser. It would make things much more difficult for them if that page was hidden – and this is possible with plugins such as Protect Your Admin. Using these types of plugins, you can change the URL of the wp-admin page to something that a hacker wouldn’t know what to look for.
当大多数黑客试图闯入您的网站时,他们会尝试通过您的wp-admin页面登录。 随着WordPress的流行,每个人都知道这是标准的登录页面,因此黑客需要做的就是在浏览器中键入“ http:// yoursite / wp-admin”。 如果该页面被隐藏,这将给他们带来更多麻烦–而这可以通过诸如Protect Your Admin之类的插件实现。 使用这些类型的插件,您可以将wp-admin页面的URL更改为黑客不知道要查找的内容。
At the same time, these plugins make it possible to redirect anyone who does try to access the old wp-admin url to your homepage.
同时,这些插件可以将尝试访问旧wp-admin URL的任何人重定向到您的主页。
自动更新WordPress及其主题和插件 (Auto update WordPress and its themes and plugins )
One of the reasons there are so many updates is because developers spot vulnerabilities and send out a new version with a security fix. Whilst most WordPress users know we should update our software as soon as a new version is released, we often don’t get around to it. This is particularly true if you run many different websites.
更新如此之多的原因之一是因为开发人员发现了漏洞并发出了带有安全修复程序的新版本。 虽然大多数WordPress用户都知道我们应该在发布新版本后立即更新我们的软件,但我们经常不了解它。 如果您运行许多不同的网站,则尤其如此。
Luckily, there are several plugins, such as Easy Updates Manager, which make it possible to update WordPress, together with your plugins and themes, automatically, taking the headache out of keeping your site up to date. You can configure Easy Updates manager so that you can choose which plugins you want to update automatically and which ones, if any, you want to manually update.
幸运的是,有几个插件,例如Easy Updates Manager ,它可以自动更新WordPress,以及您的插件和主题,这使您不必为保持网站的最新状态而烦恼。 您可以配置Easy Updates Manager,以便可以选择要自动更新的插件,以及要手动更新的插件(如果有)。
更改你的用户名 (Change your username)
To log in to your site, a hacker needs two pieces of information – your username and your password. Whilst we are constantly reminded to be secure with our passwords, giving people access to your username provides them with 50% of the information they need to break in to your site.
要登录到您的站点,黑客需要两条信息-您的用户名和密码。 虽然我们经常提醒我们使用密码保护安全,但允许人们访问您的用户名将为他们提供进入您网站所需的50%的信息。
We all know that we should not use ‘admin’ as a username, but even using our own names can be risky. If your run a blog and have your own name mentioned on the site, either on the homepage or as an author, then it can be very helpful to hackers. If you are called John Smith, then it’s not going to be too difficult for hackers to hazard a guess at your username being ‘johnsmith’ or something similar when attempting to login.
大家都知道我们不应该使用“ admin”作为用户名,但是即使使用我们自己的名称也会带来风险。 如果您经营一个博客并且在网站上提到您自己的名字(无论是在主页上还是作为作者),那么这对黑客很有帮助。 如果您叫约翰·史密斯(John Smith),那么对于黑客来说,在尝试登录时猜测您的用户名是“约翰·史密斯”或类似的东西就不会太困难。
To make your website more secure, you need to do two things. Firstly, change your username to something that would be more difficult for a hacker to guess at; and secondly, change the settings so that your username is not identical with the display name.
为了使您的网站更安全,您需要做两件事。 首先,将用户名更改为黑客更难以猜测的名称; 其次,更改设置,以使您的用户名与显示名称不同。
To make your username more difficult to guess at, use a mixture of upper and lowercase letters as well as numbers and symbols too – just as you would with your password. You can change your username easily using the Username Changer plugin.
为了使您的用户名更难于猜测,请同时使用大小写字母以及数字和符号,就像使用密码一样。 您可以使用Username Changer插件轻松更改用户名。
To change the display name so it is not identical with the user name, go to Admin Panel >> Users and then find yourself in the user list. Once there, click ‘Edit’. When the page opens, scroll down to the section in the image below:
要更改显示名称,使其与用户名不同,请转到管理面板>>用户,然后在用户列表中找到自己。 在那里,点击“编辑”。 当页面打开时,向下滚动到下图中的部分:
To make the display name different, do the following:
要使显示名称不同,请执行以下操作:
1. Change the Nickname to the name you want to be displayed
1.将昵称更改为要显示的名称
2. Click the dropdown box, next to Display name. The new nickname should now appear in as an option. Choose this as your display name.
2.单击显示名称旁边的下拉框。 现在,新的昵称应作为一个选项出现。 选择它作为您的显示名称。
3. Click to save settings at the bottom of the page.
3.单击以保存页面底部的设置。
4. You will now have a more secure username and this will not appear on your blog or on emails and newsletters.
4.您现在将拥有一个更安全的用户名,并且该用户名不会出现在您的博客或电子邮件和新闻通讯中。
扫描入侵 (Scan for intrusion )
One of the best ways to defend your site is to have it constantly monitored for intrusion threats. This can protect your website against malware, code injections, cross-site scripting attacks and many other types of threat.
防御站点的最佳方法之一是对其进行持续监视以防入侵威胁。 这可以保护您的网站免受恶意软件,代码注入,跨站点脚本攻击和许多其他类型的威胁。
There are two ways to protect your website using intrusion monitoring. The best method is to have your site monitored by your web host using an advanced system, such as MTvScan. Systems like these can come at a premium, but if you have WordPress hosting with eUKhost, you’ll get MTvScan included for free in you hosting package. Below, you’ll see some of the features of MTvScan.
有两种使用入侵监控来保护您的网站的方法。 最好的方法是使用高级系统(例如MTvScan)让您的网站托管服务器监视您的网站。 诸如此类的系统可能会非常昂贵,但是如果您使用eUKhost托管WordPress,您将在托管包中免费获得MTvScan。 在下面,您将看到MTvScan的一些功能。
An alternative would be to use one of the free plugins available from WordPress, such as WordFence. These plugins also offer reasonably good intrusion protection, though to get the most secure features, such as blocking IPs from specific countries, you do need to upgrade to the premium versions. However, as a start, the free versions offer better protection than none at all and are well worth using to keep your site safe.
一种替代方法是使用WordPress提供的免费插件之一,例如WordFence 。 这些插件还提供了相当不错的入侵保护,尽管要获得最安全的功能(例如阻止来自特定国家/地区的IP),您确实需要升级到高级版本。 但是,首先,免费版本提供的保护要比没有提供更好的保护,值得您使用来保护您的网站安全。
使用两因素身份验证 (Use two-factor authentication )
Two-factor authentication is a highly secure process that means no-one can login to your website with just a username and password – they will also need another piece of information which is usually created during the login process and sent to your mobile phone. What this means, is that unless a hacker has your mobile phone with them, they won’t be able to break in to your site.
两因素身份验证是一个高度安全的过程,这意味着没有人可以仅使用用户名和密码登录到您的网站-他们还需要通常在登录过程中创建并发送到您的手机的另一条信息。 这意味着,除非黑客将您的手机随身携带,否则他们将无法侵入您的网站。
There are quite a few plugins available in the WordPress repository which provide you with this kind of security, including Google Authenticator For WordPress and the very popular (over 700,000 downloads) Clef Authenticator which is so advanced you don’t even need a password.
WordPress存储库中有很多可用的插件,可以为您提供这种安全性,其中包括适用于WordPress的Google Authenticator和非常流行(下载量超过700,000)的Clef Authenticator ,该插件非常先进,您甚至不需要密码。
记得备份 (Remember to backup)
Never take security for granted. Hackers use very sophisticated methods and are always on the lookout for new vulnerabilities. If your site is hacked or infected, you will need a backup to restore your lost website. If you don’t, it could mean the loss of years of hard work, your business being offline and an expensive rebuild.
永远不要将安全视为理所当然。 黑客使用非常复杂的方法,并且总是在寻找新的漏洞。 如果您的网站被黑客入侵或感染,则需要备份以恢复丢失的网站。 如果您不这样做,则可能意味着多年的辛苦工作,业务处于脱机状态且重建成本很高。
There are a few different routes you can take to back up your website. A good web host will provide a remote backup service with options to back up at the rate which your website needs – be it continuously or once a week. They will also provide you with appropriate storage and the expertise to get your site back online if you are hacked.
您可以采取几种不同的方法来备份您的网站。 一个好的Web主机将提供远程备份服务,并且可以选择以您的网站所需的速度进行备份–连续或每周一次。 他们还将为您提供适当的存储空间和专业知识,以使您的网站在遭到黑客攻击时可以重新联机。
A less expensive method can be achieved using a backup plugin, such as Updraft Plus. Whilst the free version won’t provide continuous backups like a web host can, you will still be able to schedule when they take place. What isn’t included is the storage, so you will need to find somewhere to store your backups. If you have a small site you can use Google Drive or Dropbox, for large sites you may need to pay for storage space.
使用备份插件(例如Updraft Plus)可以实现一种较便宜的方法。 尽管免费版本不会像网络主机那样提供连续备份,但是您仍然可以计划何时进行备份。 不包括存储空间,因此您将需要找到某个地方来存储备份。 如果您的网站较小,则可以使用Google云端硬盘或Dropbox;对于大型网站,则可能需要支付存储空间。
结论 (Conclusion)
Hopefully, these tips have given you a better understanding of some of the threats faced by WordPress websites and what precautions you can take to improve security and make it harder for your site to be hacked.
希望这些技巧可以使您更好地了解WordPress网站面临的一些威胁,以及可以采取哪些预防措施来提高安全性,并使网站更难以被黑客入侵。
If you are looking for WordPress hosting, check out our WordPress Hosting page. Our affordable packages are packed with helpful features and backed up with expert WordPress support and first-class security.
如果您正在寻找WordPress托管,请查看我们的WordPress托管页面。 我们负担得起的软件包包含有用的功能,并以WordPress专业支持和一流的安全性为后盾。
翻译自: https://www.eukhost.com/blog/webhosting/6-tips-for-better-wordpress-security/
wordpress汉化技巧
扫一扫
91
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
