命令执行wordpress
By default, WordPress makes certain directories writeable so that you and other authorized users on your website can easily upload themes, plugins, images, and videos to your website.
默认情况下,WordPress使某些目录可写,以便您和网站上的其他授权用户可以轻松地将主题,插件,图像和视频上传到您的网站。
However this capability can be abused if it gets in the wrong hand such as hackers who can use it to upload backdoor access files or malware to your website.
但是,如果该功能使用不当,则会被滥用,例如黑客可以利用该功能将后门访问文件或恶意软件上传到您的网站。
These malicious files are often disguised as core WordPress files. They are mostly written in PHP and can run in the background to gain full access to every aspect of your website.
这些恶意文件通常被伪装成核心WordPress文件。 它们主要是用PHP编写的,并且可以在后台运行以完全访问您网站的各个方面。
Sounds scary, right?
听起来吓人吧?
Don’t worry there is an easy fix for that. Basically, you’d simply disable PHP execution in certain directories where you don’t need it. Doing so, any PHP files will not run inside those directories.
不用担心有一个简单的解决方案。 基本上,您只需要在不需要的某些目录中禁用PHP执行即可。 这样做,任何PHP文件都不会在这些目录中运行。
In this article, we will show you how to disable PHP execution in WordPress using the .htaccess file.
在本文中,我们将向您展示如何使用.htaccess文件禁用WordPress中PHP执行。
使用.htaccess文件在某些WordPress目录中禁用PHP执行 (Disabling PHP Execution in Certain WordPress Directories Using .htaccess File)
Most WordPress sites have a .htaccess file in the root folder. This is a powerful configuration file used to password protect admin area, disable directory browsing, generate SEO friendly URL structure, and more.
大多数WordPress网站的根文件夹中都有一个.htaccess文件 。 这是一个功能强大的配置文件,用于密码保护管理区域 ,禁用目录浏览, 生成SEO友好的URL结构等。
By default, the .htaccess file located in your WordPress website’s root folder, but you can also create and use it inside your inner WordPress directories.
默认情况下,.htaccess文件位于WordPress网站的根文件夹中,但您也可以在内部WordPress目录中创建并使用它。
To protect your website from backdoor access files, you need to create a .htaccess file and upload it to your site’s /wp-includes/ and /wp-content/uploads/ directories.
为了保护您的网站免受后门访问文件的侵害,您需要创建一个.htaccess文件,并将其上传到您网站的/ wp-includes /和/ wp-content / uploads /目录中。
Simply create a blank file on your computer by using a text editor like Notepad (TextEdit on Mac). Save the file as .htaccess and paste the following code inside it.
只需使用文本编辑器(如记事本)(在Mac上为TextEdit)在计算机上创建空白文件。 将文件另存为.htaccess,并将以下代码粘贴到其中。
<Files *.php>
deny from all
</Files>
Now save the file on your computer.
现在将文件保存在您的计算机上。
Next, you need to upload this file to /wp-includes/ and /wp-content/uploads/ folders on your WordPress hosting server.
接下来,您需要将此文件上传到WordPress托管服务器上的/ wp-includes /和/ wp-content / uploads /文件夹中。
You can upload it by using an FTP client or via File Manager app in your hosting account’s cPanel dashboard.
您可以使用FTP客户端或托管帐户的cPanel仪表板中的文件管理器应用程序上传该文件。
Once the .htaccess file with the above code is added, it will stop any PHP file to run in these directories.
添加了带有上述代码的.htaccess文件后,它将停止任何PHP文件在这些目录中运行。
Using this .htaccess trick helps you harden your WordPress security, but it is not a FIX for an already hacked WordPress site.
使用此.htaccess技巧可以帮助您增强WordPress的安全性,但这并不是已经被黑客入侵的WordPress网站的解决方案。
Backdoors are cleverly disguised and can already be hidden in plain sight.
后门巧妙地伪装了起来,已经可以被隐藏起来了。
If you want to check for possible backdoors on your website, then you need to activate Sucuri on your website.
如果要检查网站上是否存在后门,则需要在网站上激活Sucuri 。
Sucuri is the best WordPress security plugin on the market. It scans your website for possible threats, suspicious code, malware, and vulnerabilities.
Sucuri是市场上最好的WordPress安全插件 。 它会扫描您的网站以查找可能的威胁,可疑代码,恶意软件和漏洞。
It also effectively blocks most hacking attempts to even reach your website by adding a firewall between your site and suspicious traffic.
通过在您的站点和可疑流量之间添加防火墙 ,它也有效地阻止了大多数黑客企图甚至到达您的站点。
Most importantly, if your WordPress site gets hacked, then they will clean it up for you. To learn more, you can check our Sucuri review because we have been using their service for years.
最重要的是,如果您的WordPress网站被黑,那么他们将为您清理它。 要了解更多信息,您可以查看我们的Sucuri评论,因为我们多年来一直在使用他们的服务。
We hope this article helped you to learn how to disable PHP execution in certain WordPress directories to harden your website security. If you are looking for a complete guide, check out our ultimate WordPress security guide.
我们希望本文能帮助您学习如何在某些WordPress目录中禁用PHP执行以增强网站安全性。 如果您正在寻找完整的指南,请查看我们的终极WordPress安全指南 。
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。
命令执行wordpress
411
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
