wordpress安全
Do you want to install and setup Wordfence security plugin on your website? Wordfence is a popular WordPress plugin that helps you tighten the security of your WordPress site and protects it from hacking attempts. In this article, we will show you how to easily install and setup Wordfence security plugin in WordPress.
您是否要在网站上安装和设置Wordfence安全插件? Wordfence是一个流行的WordPress插件,可帮助您加强WordPress网站的安全性并保护其免受黑客攻击。 在本文中,我们将向您展示如何在WordPress中轻松安装和设置Wordfence安全插件。
什么是Wordfence? 如何保护您的WordPress网站? (What is Wordfence? How it Protects Your WordPress Site?)
Wordfence is a WordPress security plugin that helps you protect your website against security threats like hacking, malware, DDOS and brute force attacks.
Wordfence是一个WordPress安全插件,可帮助您保护网站免受黑客,恶意软件,DDOS和暴力攻击等安全威胁。
It comes with a website application firewall, which filters all traffic to your website and blocks suspicious requests.
它带有网站应用程序防火墙,该防火墙可过滤访问您网站的所有流量并阻止可疑请求。
It has a malware scanner that scans all your WordPress core files, themes, plugins, and upload folders for changes and suspicious code. This helps you clean a hacked WordPress site.
它具有一个恶意软件扫描程序,可扫描您的所有WordPress核心文件,主题,插件和上载文件夹,以查找更改和可疑代码。 这可以帮助您清理被黑客入侵的WordPress网站 。
The basic Wordfence plugin is free, but it also comes with a premium version that gives you access to more advanced features such as country blocking, firewall rules updated in real time, scheduled scanning, etc.
基本的Wordfence插件是免费的,但它还提供了一个高级版本,可让您访问更多高级功能,例如国家/地区阻止,实时更新防火墙规则,计划扫描等。
Having said that, let’s see how to install and easily setup Wordfence for maximum security.
话虽如此,让我们看看如何安装和轻松设置Wordfence以获得最大的安全性。
如何在WordPress中安装和设置Wordfence (How to Install and Setup Wordfence in WordPress)
First thing you need to do is install and activate the Wordfence Security plugin. For more details, see our step by step guide on how to install a WordPress plugin.
您需要做的第一件事是安装并激活Wordfence Security插件。 有关更多详细信息,请参阅有关如何安装WordPress插件的分步指南。
Upon activation, the plugin will add a new menu item labeled Wordfence to your WordPress admin bar. Clicking on it will take you to the plugin’s settings dashboard.
激活后,该插件将在您的WordPress管理栏中添加一个名为Wordfence的新菜单项。 单击它会将您带到插件的设置仪表板。
This page shows an overview of the plugin’s security settings on your website. You will also see security notifications and stats like recent IP blocking, failed login attempts, total attacks blocked, etc.
此页面显示了您网站上插件安全设置的概述。 您还将看到安全通知和统计信息,例如最近的IP阻止,登录尝试失败,阻止的攻击总数等。
Wordfence settings are divided into different sections. The default settings will work for most websites, but you still need to review and change them if needed.
Wordfence设置分为不同的部分。 默认设置适用于大多数网站,但是如果需要,您仍然需要查看和更改它们。
Let’s start by running a scan first.
让我们首先运行扫描。
使用Wordfence扫描WordPress网站 (Scanning Your WordPress Site Using Wordfence)
Head over to Wordfence » Scan page and then click on ‘Start a Wordfence Scan’ button.
转到“ Wordfence»扫描”页面,然后单击“启动Wordfence扫描”按钮。
Wordfence will now start scanning your WordPress files.
Wordfence现在将开始扫描您的WordPress文件。
The scan will look for changes in file sizes in the official WordPress core and plugin files.
扫描将在官方WordPress核心和插件文件中查找文件大小的变化。
It will also look inside the files to check for suspicious code, backdoors, malicious URLs, and known patterns of infections.
它还将在文件内部查找以检查可疑代码,后门程序,恶意URL以及已知的感染模式。
Typically these scans need a lot of server resources to run. Wordfence does an excellent job of running the scans as efficiently as possible. The time it takes to complete a scan will depend on how much data you have, and the server resources available.
通常,这些扫描需要大量服务器资源才能运行。 Wordfence在尽可能高效地运行扫描方面做得很好。 完成扫描所需的时间将取决于您拥有多少数据以及可用的服务器资源。
You will be able to see the progress of the scan in the yellow boxes on the scan page. Most of this information will be technical. However, you don’t need to worry about the technical stuff.
您将能够在扫描页面的黄色框中看到扫描进度。 这些信息大部分将是技术性的。 但是,您无需担心技术方面的问题。
Once the scan is finished, Wordfence will show you the results.
扫描完成后,Wordfence将为您显示结果。
It will notify you if it found any suspicious code, infections, malware, or corrupted files on your website. It will also recommend actions you can take to fix those issues.
如果在您的网站上发现任何可疑代码,感染,恶意软件或损坏的文件,它将通知您。 它还将建议您可以采取的解决这些问题的措施。
Free Wordfence plugin automatically runs full scans on your WordPress site once every 24 hours. Premium version of the plugin allows you to set up your own scan schedules.
免费Wordfence插件每24小时自动在WordPress网站上运行一次完整扫描。 高级版的插件允许您设置自己的扫描计划。
设置Wordfence防火墙 (Setting up Wordfence Firewall)
Wordfence comes with a website application firewall. This is a PHP based application level firewall.
Wordfence带有网站应用程序防火墙。 这是基于PHP的应用程序级防火墙。
The Wordfence firewall offers two levels of protection. The basic level which is enabled by default allows the Wordfence firewall to run as a WordPress plugin.
Wordfence防火墙提供两个级别的保护。 默认情况下启用的基本级别允许Wordfence防火墙作为WordPress插件运行。
This means, that the firewall will load with rest of your WordPress plugins. This can protect you from several threats, but it will miss out on threats that are designed to trigger before WordPress themes and plugins are loaded.
这意味着,防火墙将与其余的WordPress插件一起加载。 这可以保护您免受多种威胁的侵害,但是会错过旨在加载WordPress主题和插件之前触发的威胁。
The second level of protection is called extended protection. It allows Wordfence to run before WordPress core, plugins, and themes. This offers a much better protection against more advanced security threats.
第二级保护称为扩展保护。 它允许Wordfence在WordPress核心,插件和主题之前运行。 这样可以更好地防御更高级的安全威胁。
Here is how you would set up the extended protection.
这是设置扩展保护的方法。
Visit Wordfence » Firewall page and click on the Optimize Firewall button.
访问Wordfence»防火墙页面,然后单击优化防火墙按钮。
Wordfence will now run some tests in the background to detect your server configuration. If you know that your server configuration is different from what Wordfence has selected, then you can select a different one.
Wordfence现在将在后台运行一些测试以检测服务器配置。 如果您知道您的服务器配置与Wordfence选择的不同,则可以选择其他配置。
Click on the continue button.
单击继续按钮。
Next, Wordfence will ask you to download your current .htaccess file as a backup. Click on the ‘Download .htaccess’ button and after downloading the backup file click on the continue button.
接下来,Wordfence将要求您下载当前的.htaccess文件作为备份。 单击“下载.htaccess”按钮,下载备份文件后,单击“继续”按钮。
Wordfence will now update your .htaccess file which will allow it to run before WordPress. You will be redirected to the firewall page where you will now see your protection level as ‘Extended protection’.
Wordfence现在将更新您的.htaccess文件,使其可以在WordPress之前运行。 您将被重定向到防火墙页面,在该页面中,您现在会看到保护级别为“扩展保护”。
You will also notice a ‘Learning Mode’ button. When you first install Wordfence, it attempts to learn how you and your users interact with the website to make sure that it doesn’t block legitimate visitors. After a week it will automatically switch to ‘Enabled and Protecting’ mode.
您还会注意到“学习模式”按钮。 首次安装Wordfence时,它将尝试了解您和您的用户如何与网站进行交互,以确保它不会阻止合法访问者。 一周后,它将自动切换到“启用和保护”模式。
使用Wordfence监视和阻止可疑活动 (Monitoring and Blocking Suspicious Activity Using Wordfence)
Wordfence shows a very useful log of all requests made to your website. You can view it by visiting Wordfence » Live Traffic page.
Wordfence显示了非常有用的日志,记录了对您的网站的所有请求。 您可以通过访问Wordfence»实时交通页面来查看它。
Here you can see the list of IPs requesting different pages on your website.
在这里,您可以看到请求网站上不同页面的IP列表。
You can block individual IPs and even full networks on this page.
您可以在此页面上阻止单个IP甚至整个网络。
You can also block suspicious IPs manually by visiting the Wordfence » Blocking page.
您也可以通过访问Wordfence»阻止页面来手动阻止可疑IP。
Wordfence中的高级设置和工具 (Advanced Settings and Tools in Wordfence)
Wordfence is a powerful plugin with lots of useful options. You can visit Wordfence » Options page to review them.
Wordfence是一个功能强大的插件,具有许多有用的选项。 您可以访问Wordfence»选项页面进行查看。
Here you can selectively turn features on and off. You can also enable or disable email notifications, scans, and other advanced settings.
在这里您可以有选择地打开和关闭功能。 您还可以启用或禁用电子邮件通知,扫描和其他高级设置。
On Wordfence » Tools page, you can run password audit to ensure that all users on your website are using strong passwords. You can run whois-lookup for suspicious IP addresses and view diagnostics information to help debug issues with the plugin or your WordPress site.
在Wordfence»工具页面上,您可以运行密码审核以确保您网站上的所有用户都使用强密码 。 您可以运行whois-lookup以查找可疑IP地址并查看诊断信息,以帮助调试插件或WordPress网站问题。
Premium version users can also setup two-factor login to strengthen login security on their websites.
高级版用户还可以设置两步登录,以增强其网站上的登录安全性。
Wordfence与Sucuri –哪个更好? (Wordfence vs Sucuri – Which One is Better?)
Now some of you will probably be thinking how Wordfence stacks against Sucuri?
现在,你们中的一些人可能会想到Wordfence如何针对Sucuri进行堆叠 ?
Sucuri is another popular website security suite that comes with a website application firewall, malware scanner and removal.
Sucuri是另一种流行的网站安全套件,带有网站应用程序防火墙,恶意软件扫描程序和清除功能。
At WPBeginner, we use Sucuri. Check out our Sucuri review to see how it helped us block more than 450,000 WordPress attacks in 3 months.
在WPBeginner,我们使用Sucuri。 查看我们的Sucuri评论 ,看看它如何帮助我们在3个月内阻止了450,000多次WordPress攻击。
Both Wordfence and Sucuri are great choices to improve your WordPress security. However, we believe that Sucuri has some features that give it a slight edge over Wordfence.
Wordfence和Sucuri都是提高WordPress安全性的绝佳选择。 但是,我们认为Sucuri具有一些功能,使其在Wordfence方面略有优势。
One of them is website application firewall. Wordfence WAF is an application level firewall, which means it is initiated on your server.
其中之一是网站应用程序防火墙。 Wordfence WAF是应用程序级防火墙,这意味着它是在您的服务器上启动的。
On the other hand, Sucuri website firewall is a DNS level firewall. This means all traffic to your website goes to their cloud proxy before reaching your website. This helps Sucuri block DDOS attacks more efficiently and also reduces server load on your website.
另一方面,Sucuri网站防火墙是DNS级别的防火墙。 这意味着到您网站的所有流量在到达您的网站之前先进入其云代理。 这有助于Sucuri更有效地阻止DDOS攻击,并减少网站上的服务器负载。
We hope this article helped you learn how to install and properly setup Wordfence on your website. For more security tips, you should also check out our ultimate WordPress security guide for beginners.
我们希望本文能帮助您学习如何在网站上安装和正确设置Wordfence。 有关更多安全提示,您还应该查看我们针对初学者的终极WordPress安全指南 。
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。
翻译自: https://www.wpbeginner.com/plugins/how-to-install-and-setup-wordfence-security-in-wordpress/
wordpress安全
934
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
