命令执行wordpress
Do you want to perform a WordPress security audit to make sure that your website is secure?
您是否要执行WordPress安全审核以确保您的网站安全?
WordPress out of the box is very secure. However, if you suspect that something is not right with your website, then you may want to perform a complete security audit to make sure that your website is secure.
开箱即用的WordPress非常安全。 但是,如果您怀疑您的网站不正确,那么您可能需要执行完整的安全审核,以确保您的网站安全。
In this article, we’ll show you how to easily perform a WordPress security audit without taking down your site.
在本文中,我们将向您展示如何轻松进行WordPress安全审核而不关闭您的网站。
什么是WordPress安全审核? (What is a WordPress Security Audit?)
WordPress security audit is the process of checking your website for signs of a security breach. You can perform a WordPress check to look for suspicious activity, malicious code, or an unusual drop in performance.
WordPress安全审核是检查您的网站是否存在安全漏洞迹象的过程。 您可以执行WordPress检查以查找可疑活动,恶意代码或性能异常下降。
The basic WordPress security contains simple steps that you can perform manually.
WordPress的基本安全性包含您可以手动执行的简单步骤。
For a more thorough audit, you can use a WordPress security audit tool to automatically perform the checks for you.
为了进行更彻底的审核,您可以使用WordPress安全审核工具自动为您执行检查。
There are also online WordPress security audit services that you can use to evaluate your website’s security.
您还可以使用在线WordPress安全审核服务来评估网站的安全性。
If you find something suspicious, then you can isolate, remove, and fix it.
如果发现可疑的东西,则可以隔离,删除和修复它。
何时执行WordPress安全审核? (When to Perform a WordPress Security Audit?)
You should perform a WordPress security audit at least once a quarter. This allows you to stay on top of everything and close security loopholes even before they cause any trouble.
您应该每季度至少执行一次WordPress安全审核。 这样一来,您就可以始终掌握一切并关闭安全漏洞,即使它们没有造成任何麻烦。
However if you see something suspicious, then you should perform a security audit immediately.
但是,如果看到可疑的东西,则应立即执行安全审核。
The following are some of the signs which indicate that you may need a security audit.
以下是一些迹象,表明您可能需要安全审核。
- Your website is suddenly too slow and sluggish 您的网站突然太慢且呆滞
- You witness a drop in website traffic 您见证了网站流量的下降
- There are suspicious new accounts, forgot password requests, or login attempts on your website 您的网站上有可疑的新帐户,忘记密码请求或尝试登录
- You see suspicious links appear on your website 您看到可疑链接出现在您的网站上
That being said, let’s take a look at how to easily perform a WordPress security audit on your website.
话虽如此,让我们看一下如何轻松地在您的网站上执行WordPress安全审核。
WordPress安全审核清单 (WordPress Security Audit Checklist)
The following are some of the steps you can take to perform a basic WordPress security audit on your website.
以下是您可以在网站上执行基本WordPress安全审核的一些步骤。
1. Software updates
1.软件更新
WordPress updates are really important for the security and stability of your website. They patch security vulnerabilities, bring new features, and improve performance.
WordPress更新对于确保网站的安全性和稳定性非常重要。 它们修补安全漏洞,带来新功能并提高性能。
Make sure your WordPress core software, all plugins, and themes are up to date. You can easily do that by visiting Dashboard » Updates page inside WordPress admin area.
确保您的WordPress核心软件,所有插件和主题都是最新的。 您可以通过访问WordPress管理区域内的仪表板»更新页面轻松地做到这一点。
WordPress will look up if any updates are available and then list them for you to install. If you need more help, then see our guides on how to properly update WordPress and how to properly update WordPress plugins.
WordPress将查找是否有可用的更新,然后列出它们供您安装。 如果您需要更多帮助,请参阅有关如何正确更新WordPress以及如何正确更新WordPress插件的指南 。
2. Check user accounts and passwords
2.检查用户帐户和密码
Next, you need to review WordPress user accounts by visiting Users » All Users page. You’ll be looking for suspicious user accounts that shouldn’t be there.
接下来,您需要通过访问用户»所有用户页面来查看WordPress用户帐户。 您将寻找不该存在的可疑用户帐户。
If you run an online store, a membership site, or sell online courses, then you may have user accounts for your customers to sign in.
如果您经营在线商店 , 会员站点或出售在线课程 ,则您可能拥有供客户登录的用户帐户。
However, if you run a blog or a business website, then you should only see user accounts for yourself, or any other user that you have manually added.
但是,如果您运行博客或商业网站 ,则应该只看到您自己或手动添加的任何其他用户的用户帐户。
If you see suspicious user accounts, then you need to delete them.
如果看到可疑的用户帐户,则需要删除它们。
Now if your website doesn’t require users to create an account, then you need to visit Settings » General page and make sure that the box next to the ‘Anyone can register’ option is unchecked.
现在,如果您的网站不需要用户创建帐户,则需要访问“设置”»“常规”页面,并确保未选中“任何人都可以注册”选项旁边的框。
As an extra precaution, you need to change your WordPress admin password. We highly recommend adding two-factor authorization to strengthen password security on your website.
作为额外的预防措施,您需要更改WordPress管理员密码。 我们强烈建议添加两因素授权,以增强您网站上的密码安全性。
3. Run a WordPress security scan
3.运行WordPress安全扫描
The next step is to check your website for security vulnerabilities. Luckily, there are several online security scanners that you can use to check for malware.
下一步是检查您的网站是否存在安全漏洞。 幸运的是,您可以使用几种在线安全扫描程序来检查恶意软件。
We recommend using IsItWP Security Scanner which checks your website for malware and other security vulnerabilities.
我们建议使用IsItWP Security Scanner ,它会检查您的网站是否存在恶意软件和其他安全漏洞。
These tools are good, but they can only scan the public-facing pages of your website. We’ll show you how to perform deeper audits later in this article.
这些工具很好,但是它们只能扫描网站的面向公众的页面。 本文稍后将向您展示如何执行更深入的审核。
4. Check your website analytics
4.检查您的网站分析
Website analytics help you keep track of your website traffic. They are also a pretty good indicator of your website’s health.
网站分析可帮助您跟踪网站流量。 它们也很好地表明了您网站的健康状况。
If your website has been blacklisted by search engines, then you’ll see a sudden drop in your website traffic. If your website is slow or unresponsive, then your overall page views will also drop.
如果您的网站已被搜索引擎列入黑名单,则您的网站访问量会突然下降。 如果您的网站运行缓慢或无响应,那么您的整体页面浏览量也会下降。
We recommend using MonsterInsights to track your website traffic. It not only shows your overall pageviews, but you can also use it to track registered users, your WooCommerce customers, form conversions and more.
我们建议使用MonsterInsights来跟踪您的网站流量。 它不仅显示您的整体浏览量,还可以用来跟踪注册用户 ,您的WooCommerce客户 ,表单转换等。
5. Check or set up WordPress backups
5.检查或设置WordPress备份
If you haven’t already done so, then you need to immediately set up a WordPress backup plugin. This ensures that you always have a back up available in case anything goes wrong.
如果您尚未这样做,则需要立即设置WordPress备份插件 。 这样可以确保在出现任何问题时始终可以进行备份。
On the other hand, many beginners forget about their WordPress backup plugin after setting it up. Sometimes backup plugins may stop working without any notice. It is a good idea to make sure that your backup plugin is still working and saving backups.
另一方面,许多初学者在设置后忘记了他们的WordPress备份插件。 有时,备份插件可能会停止工作而没有任何通知。 确保备份插件仍在工作并保存备份是一个好主意。
自动执行WordPress安全审核 (Automatically Perform WordPress Security Audit)
The above checklist allows you to go through the most important aspects of a security audit. However, it is not a very thorough process which means your website may still be vulnerable.
上面的清单使您可以进行安全审核的最重要方面。 但是,这不是一个非常彻底的过程,这意味着您的网站可能仍然容易受到攻击。
For instance, it is difficult to keep a manual record of all user activity, file differences, suspicious codes, and more. This is where you need a plugin to automate security auditing and keeping a record of everything.
例如,很难保留所有用户活动,文件差异,可疑代码等的手动记录。 在这里,您需要一个插件来自动执行安全审核并保留所有记录。
You can automate this process with the help of a few WordPress security and monitoring plugins.
您可以借助一些WordPress安全和监视插件来自动执行此过程。
1. WordPress安全审核日志 (1. WordPress Security Audit Log)
WordPress Security Audit Log is the best WordPress activity monitoring plugin on the market.
WordPress安全审核日志是市场上最好的WordPress活动监视插件 。
It allows you to keep track of all user activity on your website. You can view all user logins, IP addresses, and what they did on your website.
它使您可以跟踪网站上的所有用户活动。 您可以查看所有用户登录名,IP地址以及他们在您的网站上所做的操作。
You can track WooCommerce users, editors, authors, and other members who have an account on your website.
您可以跟踪WooCommerce用户,编辑,作者和在您的网站上拥有帐户的其他成员。
You can also turn on events that you want to track and switch-off events that you don’t want to monitor.
您还可以打开要跟踪的事件,并关闭不想监视的事件。
The plugin also shows you a live view of all the users logged in to your website. If you see a suspicious account, then you can end their session right away and lock them out.
该插件还会向您显示所有登录到您网站的用户的实时视图。 如果您发现可疑帐户,则可以立即结束其会话并将其锁定。
For more details, see our guide on how to monitor user activity in WordPress using WP Security Audit log.
有关更多详细信息,请参阅有关如何使用WP Security Audit日志监视WordPress中的用户活动的指南。
2. Sucuri (2. Sucuri)
Sucuri is the best WordPress firewall plugin on the market, and it is also the best all-in-one WordPress security solution that you can get for your website.
Sucuri是市场上最好的WordPress防火墙插件 ,它也是可以为您的网站获得的最好的多合一WordPress安全解决方案。
It provides real-time protection against DDoS attacks by blocking suspicious activity even before it reaches your website. This removes load from your server and improves your website speed / performance.
它通过阻止可疑活动甚至在您到达网站之前就提供了针对DDoS攻击的实时保护。 这样可以减轻服务器负载,并提高网站速度/性能。
It comes with a built-in security plugin that checks your WordPress files for suspicious code. You also get a detailed look at the user activity across your website.
它带有一个内置的安全插件,可检查您的WordPress文件中是否存在可疑代码。 您还将详细了解整个网站上的用户活动。
Most importantly, Sucuri offers malware removal for free with all their paid plans. This means, that even if your website is already affected, their security experts will clean it for you.
最重要的是, Sucuri的所有付费计划都免费提供了恶意软件清除功能。 这意味着,即使您的网站已经受到影响,他们的安全专家也会为您清理它。
We hope this article helped you learn how to perform a WordPress security audit on your website. You may also want to see our complete WordPress security guide for step by step instructions on how to protect your website.
我们希望本文能帮助您学习如何在您的网站上执行WordPress安全审核。 您可能还希望查看我们完整的WordPress安全指南 ,以获取有关如何保护您的网站的逐步说明。
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。
翻译自: https://www.wpbeginner.com/wp-tutorials/how-to-perform-a-wordpress-security-audit/
命令执行wordpress
2065
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
