wordpress表单调用
Do you want to create a secure form in WordPress?
您要在WordPress中创建安全表单吗?
Forms allow users to submit information on your website. However, they can also be used by hackers to steal information, attack websites, and install malicious code.
表格允许用户在您的网站上提交信息。 但是,黑客还可以使用它们来窃取信息,攻击网站并安装恶意代码。
In this article, we will show you how to create a secure contact form in WordPress. We’ll explain how to ensure secure WordPress form submissions on your site.
在本文中,我们将向您展示如何在WordPress中创建安全的联系表单。 我们将说明如何确保您网站上的WordPress表单提交安全。
Here is a summary of what we’ll cover in this article.
这是我们将在本文中介绍的内容的摘要。
- What you need to secure WordPress forms保护WordPress表单所需的条件
- Creating a secure contact form in WordPress在WordPress中创建安全的联系表单
- Securing WordPress contact form email notifications保护WordPress联系人表单电子邮件通知的安全
- Securing WordPress forms against spam and DDoS attacks保护WordPress表单免受垃圾邮件和DDoS攻击
- Restricting WordPress form access (password protected, members only, and more)限制WordPress表单访问(受密码保护,仅限会员等)
- Keeping your WordPress site secure确保您的WordPress网站安全
您需要什么来保护WordPress表单? (What You Need to Secure WordPress Forms?)
To make your WordPress contact form secure, you need two things.
为了确保您的WordPress联系人表单安全,您需要注意两点。
- A secure WordPress contact form plugin 安全的WordPress联系人表单插件
- A secure WordPress hosting environment 安全的WordPress托管环境
Let’s start with the form plugin.
让我们从表单插件开始。
1. Choosing a Secure Contact Form Plugin
1.选择一个安全的联系表单插件
A secure contact form plugin allows you to save form entries securely on your website. It also allows you to use secure email methods to deliver your form notifications.
安全的联系表单插件可让您将表单条目安全地保存在您的网站上。 它还允许您使用安全的电子邮件方法来传递表单通知。
We recommend using WPForms, which is the best WordPress contact form plugin on the market.
我们建议使用WPForms ,它是市场上最好的WordPress联系人表单插件 。
It comes with a tons of powerful features to secure WordPress forms and protect your website from spam, hacking, and data theft.
它具有大量强大的功能,可以保护WordPress表单并保护您的网站免受垃圾邮件,黑客攻击和数据盗窃的侵害。
There is also a free version available called WPForms Lite. It is equally secure but has limited features.
还有一个免费版本,称为WPForms Lite 。 它同样安全,但功能有限。
2. Choosing a Secure Hosting Platform
2.选择一个安全的托管平台
Choosing the right WordPress hosting is crucial for the security of your website and your contact forms.
选择正确的WordPress托管对于您的网站和联系表格的安全至关重要。
We recommend using Bluehost. They are one of the largest hosting companies in the world and officially recommended WordPress hosting provider.
我们建议使用Bluehost 。 它们是世界上最大的托管公司之一,并且是官方推荐的WordPress托管提供商。
More importantly, they are offering WPBeginner users free domain and SSL certificate (you’ll need it for better WordPress form security).
更重要的是,他们为WPBeginner用户提供了免费的域和SSL证书(您将需要它来提高WordPress表单的安全性)。
You can also use other popular WordPress hosting companies like SiteGround, WP Engine, HostGator, etc because they all offer free SSL.
您还可以使用其他流行的WordPress托管公司,例如SiteGround , WP Engine , HostGator等,因为它们都提供免费的SSL。
What is SSL? And why do you need it to secure WordPress forms?
什么是SSL? 以及为什么需要它来保护WordPress表单?
SSL stands for Secure Sockets Layer. It switches your WordPress site from HTTP to HTTPs (secure HTTP). You’ll notice a padlock icon next to your website indicating that it is using SSL protocol to transfer data.
SSL代表安全套接字层。 它将您的WordPress网站从HTTP切换到HTTP(安全HTTP)。 您会在网站旁边看到一个挂锁图标,表明它正在使用SSL协议传输数据。
SSL protects your information by encrypting the data transfer between a user’s browser and the website. This adds WordPress form encryption support which makes it harder for hackers to steal data.
SSL通过加密用户浏览器和网站之间的数据传输来保护您的信息。 这增加了WordPress表单加密支持,这使黑客更难窃取数据。
For more details, see our article on how to get a free SSL certificate for your website.
有关更多详细信息,请参见有关如何为您的网站获取免费SSL证书的文章。
That being said, now let’s take a look at how to create a secure contact form in WordPress.
话虽如此,现在让我们看一下如何在WordPress中创建安全的联系表单。
在WordPress中创建安全的联系表单 (Creating a Secure Contact Form in WordPress)
Creating a secure WordPress contact form is easy if you already checked the above-mentioned requirements. See our tutorial on how to quickly add a contact form in WordPress if you haven’t already done so.
如果您已经检查了上述要求,则创建安全的WordPress联系人表单很容易。 如果尚未在WordPress中快速添加联系表单,请参阅我们的教程。
Next, is to add more security layers to your WordPress contact form. This helps you keep form data safe and also helps you reduce spam and improve your website performance.
接下来,是在WordPress联系人表单中添加更多安全层。 这可以帮助您确保表单数据的安全,还可以减少垃圾邮件并提高网站性能。
The following are some of the most common ways someone can steal information or abuse your WordPress forms.
以下是某些人可以窃取信息或滥用您的WordPress表单的最常见方法。
First, they can sniff the information as it is submitted by a form. You can address this by using a secure WordPress hosting platform and enabling SSL encryption on your website.
首先,他们可以嗅探表单提交的信息。 您可以通过使用安全的WordPress托管平台并在您的网站上启用SSL加密来解决此问题。
The next part is when your WordPress form sends notification emails. Business email services are not part of WordPress, and if you are not properly sending those emails, then they can be insecure.
下一部分是您的WordPress表单何时发送通知电子邮件。 商业电子邮件服务不是WordPress的一部分,如果您没有正确发送这些电子邮件,则它们可能是不安全的。
Lastly, your WordPress forms can be abused to send spam messages and DDoS attacks. If you are using a custom WordPress login form, then hackers can use brute force attacks to login to your WordPress site.
最后,您的WordPress表单可能被滥用来发送垃圾邮件和DDoS攻击。 如果您使用的是自定义WordPress登录表单,则黑客可以使用蛮力攻击来登录到您的WordPress网站。
Now let’s address each one of them to make your WordPress forms more secure.
现在,让我们解决其中的每个问题,以使您的WordPress表单更安全。
保护WordPress联络表单电子邮件通知 (Securing WordPress Contact Form Email Notifications)
As we mentioned earlier, insecure emails can be spied upon and are unsafe. There are two ways you can handle form notification emails.
正如我们前面提到的,不安全的电子邮件可能会被发现并且是不安全的。 您可以通过两种方式处理表单通知电子邮件。
1. Don’t send form data via email notifications
1.不要通过电子邮件通知发送表单数据
The first thing you would want to consider is not sending form data via emails.
您首先要考虑的是不通过电子邮件发送表单数据。
For instance, when someone submits your contact form, you only get an email alert that someone has submitted form and not the form data itself.
例如,当某人提交您的联系表单时,您只会收到一封电子邮件警报,提示某人已提交表单,而不是表单数据本身。
WPForms comes with a built-in entry management system that stores your form data in your WordPress database. You can simply go to WPForms » Entries page to view all form submissions.
WPForms带有内置的条目管理系统,该系统将您的表单数据存储在WordPress数据库中。 您只需进入WPForms»条目页面即可查看所有表单提交。
Note: You’ll need to upgrade to the paid version of WPForms for entry management features.
注意:您需要升级到WPForms的付费版本才能使用条目管理功能。
2. Send secure WordPress form notification emails
2.发送安全的WordPress表单通知电子邮件
For some users, sending form notification emails is necessary for their business.
对于某些用户来说,发送表格通知电子邮件对于他们的业务是必要的。
For instance, if you have an online order form, a donations form, or a payment form, then you may need to send email notifications to your users.
例如,如果您具有在线订购表 , 捐赠表或付款表,则可能需要向用户发送电子邮件通知。
For this, you need to set up a proper SMTP service to securely send emails.
为此,您需要设置适当的SMTP服务以安全地发送电子邮件。
SMTP stands for Secure Mail Transfer Protocol. It is the industry standard to securely send emails on the internet.
SMTP代表安全邮件传输协议。 在互联网上安全地发送电子邮件是行业标准。
We recommend using G Suite which allows you to create a professional business email address. Powered by Google, it allows you to use the familiar Gmail interface to send and receive emails.
我们建议使用G Suite ,它允许您创建专业的企业电子邮件地址。 它由Google提供支持,可让您使用熟悉的Gmail界面发送和接收电子邮件。
However, if you’ll be sending a lot of emails, then we recommend using Sendinblue, Amazon SES, or any of the reliable SMTP service providers.
但是,如果您要发送大量电子邮件,那么我们建议您使用Sendinblue ,Amazon SES或任何可靠的SMTP服务提供商 。
Next, you need to connect your email service to WordPress so that all your WordPress form notifications are sent using your secure email connection.
接下来,您需要将电子邮件服务连接到WordPress,以便使用安全的电子邮件连接发送所有WordPress表单通知。
To do that, you need to install and activate the WP Mail SMTP plugin. It works with any SMTP email service and allows you to easily send WordPress emails securely.
为此,您需要安装并激活WP Mail SMTP插件。 它可与任何SMTP电子邮件服务一起使用,并允许您轻松安全地发送WordPress电子邮件。
For detailed instructions, see our guide on how to set up WP Mail SMTP in WordPress.
有关详细说明,请参阅有关如何在WordPress中设置WP Mail SMTP的指南。
保护WordPress表单免受垃圾邮件和DDoS攻击 (Securing WordPress Forms Against Spam and DDoS Attacks)
Your website forms are publicly accessible. This means anyone can access and fill them. We’ll cover restricting form access to specific users in the next step, but for this step we will address public forms.
您的网站表单可以公开访问。 这意味着任何人都可以访问并填充它们。 在下一步中,我们将限制对特定用户的表单访问,但是在这一步中,我们将处理公共表单。
When your form is accessible by anyone on the internet, it can become a target for spammers and hackers. While spammers try to use your form for fraudulent activities, hackers may try to use it to gain access to your website or even bring it down.
互联网上的任何人都可以访问您的表单时,它可能成为垃圾邮件发送者和黑客的目标。 当垃圾邮件发送者试图将您的表格用于欺诈活动时,黑客可能会尝试使用它来访问您的网站,甚至将其关闭。
Luckily, WPForms comes with several spam-prevention features. It also automatically enables honeypot anti-spam technique on all forms.
幸运的是,WPForms具有一些垃圾邮件阻止功能。 它还会自动启用所有形式的蜜罐反垃圾邮件技术。
Honeypot basically obscures form fields from automated spambots. However, it is not the most effective way to protect online forms.
Honeypot基本上掩盖了自动水龙头的表单字段。 但是,这不是保护在线表格的最有效方法。
If you suspect that your forms are abused or under attack, then you can deploy the following spam protection tools.
如果您怀疑自己的表单被滥用或受到攻击,则可以部署以下垃圾邮件防护工具。
1.在您的表单中启用Google reCAPTCHA (1. Enable Google reCAPTCHA in Your Forms)
WPForms comes with Google reCAPTCHA support. Simply go to WPForms » Settings page and click on the reCAPTCHA tab.
WPForms带有Google reCAPTCHA支持。 只需转到WPForms»设置页面,然后单击reCAPTCHA选项卡。
Google offers three types of reCAPTCHA tools. We recommend using checkbox reCAPTCHA v2 because it is more user-friendly.
Google提供了三种类型的reCAPTCHA工具。 我们建议使用复选框reCAPTCHA v2,因为它更加用户友好。
You’ll need site key and secret key to enable reCAPTCHA on your site. Simply go to the reCAPTCHA website and click on the ‘Admin Console’ button at the top.
您需要站点密钥和秘密密钥才能在您的站点上启用reCAPTCHA。 只需访问reCAPTCHA网站 ,然后单击顶部的“管理控制台”按钮。
Next, you can go ahead and your website details. Provide a label for your site and then choose reCAPTCHA v2 with ‘I am not a robot’ checkbox.
接下来,您可以继续浏览您的网站详细信息。 提供您网站的标签,然后选中“我不是机器人”复选框,选择reCAPTCHA v2。
Click on the Submit button to continue and you’ll see the API keys.
单击“提交”按钮继续,您将看到API密钥。
Go ahead and copy these keys and paste them in WPForms settings page. Don’t forget to click on the ‘Save Settings’ button to store your changes.
继续并复制这些密钥并将其粘贴到WPForms设置页面中。 不要忘记单击“保存设置”按钮来存储您的更改。
You can now edit your form and add the reCAPTCHA field to your form.
现在,您可以编辑表单并将reCAPTCHA字段添加到表单中。
You’ll see a notification that reCAPTCHA is now enabled for your form. You can go ahead and save your form.
您会看到一条通知,说明您的表单现已启用reCAPTCHA。 您可以继续保存表格。
If you haven’t already added form to your website, then you can simply edit the post or page where you want to display the form and add the WPForms block to the content area.
如果尚未将表单添加到网站,则只需在要显示表单的位置编辑帖子或页面,然后将WPForms块添加到内容区域。
Simply select your form in the drop down menu and WPForms will load a preview of your form. You can now save your post or page and visit it in a new browser tab to see your form with the reCAPTCHA field in action.
只需在下拉菜单中选择您的表单,WPForms将加载您的表单预览。 现在,您可以保存您的帖子或页面,并在新的浏览器选项卡中对其进行访问,以查看带有reCAPTCHA字段的表单。
2.为您的WordPress表单启用自定义验证码 (2. Enable Custom Captcha for Your WordPress Forms)
If you don’t want to use Google reCAPTCHA, then you can use your own math quiz or questions with WPForms Custom Captcha addon.
如果您不想使用Google reCAPTCHA,则可以使用自己的数学测验或WPForms Custom Captcha插件问题。
Note: You’ll need pro version of the plugin to access custom captcha addon.
注意:您需要使用专业版的插件才能访问自定义的验证码插件。
Simply head over to WPForms » Addons page to install and activate the Custom Captcha addon.
只需转到WPForms»插件页面即可安装和激活自定义验证码插件。
After that, you can edit your contact form and add the Captcha field to your form.
之后,您可以编辑联系表单并将验证码字段添加到表单中。
By default, it adds a random math question. You can change that to add your own custom captcha by changing the captcha type to text.
默认情况下,它添加一个随机数学问题。 您可以通过将验证码类型更改为文本来将其更改为添加自己的自定义验证码。
You can now save your form, and it to a post or page using the WPForms block.
现在,您可以保存表单,并使用WPForms块将其保存到帖子或页面上。
You can now visit your post or page to see the custom captcha in action.
现在,您可以访问您的帖子或页面,以查看自定义验证码的操作。
限制某些用户的WordPress表单访问 (Restricting WordPress Forms Access to Certain Users)
Another way to protect your WordPress forms is to restrict access to logged-in members, or through a unique form password.
保护您的WordPress表单的另一种方法是限制对登录成员的访问或通过唯一的表单密码。
WPForms comes with a Form Locker addon that lets you enable various form permissions and access control rules.
WPForms带有一个Form Locker插件 ,可让您启用各种表单权限和访问控制规则。
With form locker you can:
使用表格储物柜,您可以:
- Password Protect Forms – this requires users to enter a password to submit the form. This added protection helps decrease the number of unwanted form submission.密码保护表单 –这要求用户输入密码来提交表单。 此增强的保护功能有助于减少不需要的表单提交的数量。
- Close Form Submissions After Specific Date / Time – this is great for any kind of application forms or other time-sensitive forms.在特定日期/时间后关闭表格提交 –这对于任何形式的申请表格或其他对时间敏感的表格都很有用。
- Limit the number of total submissions – this is great for contests or giveaways. Once the max number of entries are in, the WPForms will automatically close the form.限制提交的总数 –这对于比赛或赠品非常有用。 输入最大数量的条目后,WPForms将自动关闭表单。
- Limit one entry per person – if you want to avoid duplicate submissions, then you will love this option. This is very useful for scholarship applications, giveaways, etc.每人限制一个条目 –如果您要避免重复提交,那么您会喜欢此选项。 这对于奖学金申请,赠品等非常有用。
- Restrict Forms to Members Only – you can restrict your forms to logged-in users of your WordPress site. This is great for membership sites or businesses who want to restrict support to paid customers only.仅将表单限制为成员 -您可以将表单限制为WordPress网站的登录用户。 这对于会员站点或只希望将支持仅限于付费客户的企业非常有用。
You can access the Form Locker settings inside the Form Builder Settings panel:
您可以在“表单构建器设置”面板中访问“表单锁定器”设置:
For a detailed step by step tutorial, please see our guide on how to password protect WordPress forms.
有关详细的分步教程,请参阅有关如何密码保护WordPress表单的指南 。
确保您的WordPress网站安全 (Keeping Your WordPress Site Secure)
The security of your WordPress forms depends on the security of your entire WordPress website. With some simple steps, you can strengthen your WordPress website security.
WordPress表单的安全性取决于整个WordPress网站的安全性。 通过一些简单的步骤,您可以增强WordPress网站的安全性。
We recommend using Sucuri, as the best WordPress security plugin on the market. It comes with a website firewall that blocks any suspicious activity even before it reaches your website.
我们建议使用Sucuri作为市场上最好的WordPress安全插件 。 它带有一个网站防火墙,该防火墙甚至可以阻止任何可疑的活动进入您的网站。
For more practical tips, see our complete WordPress security guide for beginners.
有关更多实用技巧,请参阅针对初学者的完整WordPress安全指南 。
We hope this article helped you create a secure contact form in WordPress. You may also want to see our guide on how to create an email newsletter and our list of must have WordPress plugins.
我们希望本文能帮助您在WordPress中创建安全的联系表单。 您可能还想查看有关如何创建电子邮件通讯的指南, 以及 必须具有WordPress插件的列表。
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。
翻译自: https://www.wpbeginner.com/wp-tutorials/how-to-create-a-secure-contact-form-in-wordpress/
wordpress表单调用
409
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
