wordpress 博客_大量受感染的WordPress博客托管恶意软件

wordpress 博客

WordPress – the popular content management system and blogging platform used by over 27 million websites – is by far the preferred choice for website owners and bloggers. According to a recent study conducted by website monitoring service Netcraft, over 12,000 phishing websites that Netcraft had found were hosted on compromised blogs running on WordPress and these amount to a whopping 7% of all the phishing attacks during this period.

WordPress-超过2700万个网站使用的流行内容管理系统和博客平台-迄今为止，它是网站所有者和博客的首选。 根据网站监控服务公司Netcraft进行的一项最新研究，Netcraft发现的超过12,000个网络钓鱼网站托管在运行WordPress的受感染博客上，在此期间，此类网站占所有网络钓鱼攻击的7％。

The compromised blogs were also responsible for spreading malware and accounted for almost 8% of the total URLs which were blocked by Netcraft.

受感染的博客还负责传播恶意软件，占被Netcraft阻止的URL总数的近8％。

WordPress has been on the hit-list of attackers for quite some time and the main reason for this could be its high usage and the lack of understanding by newbie bloggers who simply install the application and do not think about its security.

WordPress已成为攻击者的热门话题已有很长一段时间了，其主要原因可能是WordPress的高使用率以及新手博客的缺乏理解，他们只是安装了该应用程序而没有考虑其安全性。

From Netcraft stats it appears WordPress.com – a free blogging platform – was not hosting any of the compromised blogs. Quite surprisingly, all the compromised blogs were webmasters who installed WordPress themselves on their website.

从Netcraft的统计数据来看，WordPress.com(一个免费的博客平台)似乎没有托管任何受感染的博客。 令人惊讶的是，所有受感染的博客都是网站管理员，他们自己在网站上安装了WordPress。

Blogs owners can easily start using the application but it is important users regularly make sure WordPress is up to date and secure; but in many cases users do no pay attention to this. Running an outdated version or using plugins with vulnerabilities are the major causes of blogs being compromised. Worst of all, many website owners use default or vulnerable login usernames and easy passwords which can be brueforced to get access to their sites.

博客所有者可以轻松地开始使用该应用程序，但是重要的是，用户应定期确保WordPress是最新的并且安全； 但在许多情况下，用户不会对此加以注意。 运行过时的版本或使用具有漏洞的插件是导致博客遭到入侵的主要原因。 最糟糕的是，许多网站所有者使用默认的或易受攻击的登录用户名和易用的密码，这些密码可能被强行使用以访问其网站。

Ensuring safety of your WordPress site

确保您的WordPress网站的安全

There are various ways in which attackers can get access to your WordPress site and it is your responsibility to make sure you secure all the possible ways and do not keep any route open.

攻击者可以通过多种方法来访问您的WordPress网站，并且您有责任确保保护所有可能的方法并且不打开任何路由。

WordPress also supports two-factor authentication which you can use to further prevent unwanted logins to your site.

WordPress还支持两因素身份验证 ，您可以使用它来进一步防止不必要的登录到您的站点。

If you are new to WordPress then you can refer to our post on getting started with WordPress and securing your WordPress blog which would help you start your own WordPress blog and keep it safe as well.

如果您不熟悉WordPress ，则可以参考我们关于WordPress入门和保护WordPress博客的文章 ，这将有助于您创建自己的WordPress博客并确保其安全。

If you have any difficulties in dealing with WordPress then you can always refer to the posts in our official forums or post a query and we’ll help you with it.

如果您在处理WordPress时遇到任何困难，那么您可以随时在我们的官方论坛中引用这些帖子或发布查询，我们将为您提供帮助。

翻译自: https://www.eukhost.com/blog/webhosting/huge-number-of-compromised-wordpress-blogs-hosting-malware/

wordpress 博客