wordpress攻击思路
Several major sources have confirmed that there are mass brute force attacks being targeted towards WordPress and Joomla sites as we are speaking right now. HostGator, InMotion Hosting, LiquidWeb, and many others have informed their customers regarding this issue. The hackers botnet contains over 90,000 different IPs, and they are preying on WordPress beginners who are making some very common mistakes. Yes, this all sounds scary, so here is what you need to do to decrease your chances of being hacked.
几个主要消息来源已经确认,正如我们现在所说的那样,针对WordPress和Joomla网站的大规模暴力攻击是针对的。 HostGator , InMotion Hosting , LiquidWeb和许多其他产品已将此问题通知其客户。 黑客僵尸网络包含超过90,000个不同的IP,并且他们以WordPress初学者为食,他们犯了一些非常常见的错误。 是的,这听起来很吓人,所以这是您需要做的事情,以减少被黑客入侵的可能性。
1.停止使用管理员用户名 (1. Stop using the admin username)
Often beginners use very common usernames such as admin, administrator, test, root etc. Our friends over at Sucuri reported those usernames are being heavily targeted right now. If you have a generic WordPress username such as admin, then you should change it right now.
初学者通常使用非常常见的用户名,例如admin,administrator,test,root等。我们在Sucuri的朋友报告说,这些用户名目前正成为攻击的重点。 如果您拥有通用的WordPress用户名(例如admin),则应立即进行更改。
We have an easy to follow tutorial that will show you how to change your username in WordPress.
我们有一个易于遵循的教程,它将向您展示如何在WordPress中更改用户名 。
2.使用强密码 (2. Use a strong password)
Please, please, please use a very strong password. These brute force attack tries to target all the most common passwords that people use. A strong password contains uppercase and lowercase letters, numbers, and symbols. Do not use the same password at more than one location. It is never too late to start using a password management solution like 1Password or LastPass.
请,请,请使用非常安全的密码。 这些蛮力攻击试图针对人们使用的所有最常见的密码。 强密码包含大写和小写字母,数字和符号。 请勿在多个位置使用相同的密码。 开始使用1Password或LastPass之类的密码管理解决方案永远不会太晚。
3.保持良好的备份 (3. Keep Good Backups)
The best security you can have for your website is a great backup solution. We are using VaultPress which is a monthly service. However, if you don’t like to pay monthly, then we highly recommend that you get BackupBuddy.
您可以为网站获得的最佳安全性是出色的备份解决方案。 我们正在使用VaultPress ,这是一项每月服务。 但是,如果您不想按月付款,那么我们强烈建议您获取BackupBuddy 。
Please keep good backups of your site because most hosting companies do not.
请保留您网站的良好备份,因为大多数托管公司都不这样做。
4.使用两因素验证 (4. Use Two Factor Authentication)
Start using two-factor authentication. This way even if someone guesses your password, they can’t access your site because they don’t have the security code. We highly recommend that you do this right now.
开始使用两因素身份验证 。 这样,即使有人猜出了您的密码,他们也因为没有安全密码而无法访问您的网站。 我们强烈建议您立即执行此操作。
5.密码保护WP-Admin并限制登录尝试 (5. Password Protect WP-Admin and Limit Login Attempts)
We always recommend our users to limit login attempts. However, this alone cannot protect all the attacks because this botnet contains 90,000 IPs. Another thing you can do is password protect your WP-admin directory. You can also limit your wp-login.php file to a specific IP.
我们始终建议用户限制登录尝试 。 但是,仅此一项并不能保护所有攻击,因为此僵尸网络包含90,000个IP。 您可以做的另一件事是用密码保护您的WP-admin目录 。 您还可以将wp-login.php文件限制为特定IP 。
6.开始使用Sucuri (6. Start using Sucuri)
If you are not using Sucuri, then we highly recommend that you start using Sucuri. They are always on top of things, and there is no one else we would trust more when it comes to our WordPress security. See 5 reasons why we use Sucuri.
如果您不使用Sucuri,那么我们强烈建议您开始使用Sucuri。 它们始终是最重要的事情,当涉及到我们的WordPress安全性时,我们再也没有其他人可以信任。 看看我们使用Sucuri的5个理由 。
We are not sure what is the end goal for these attacks, but whatever it is we would hate to see our users fall prey to this. Please keep your sites up to date, and follow all the tips above.
我们不确定这些攻击的最终目标是什么,但是无论我们希望看到我们的用户沦为牺牲品,我们都讨厌。 请保持您的网站为最新,并按照上述所有提示进行操作。
翻译自: https://www.wpbeginner.com/news/wordpress-brute-force-attacks-and-what-you-need-to-do-about-it/
wordpress攻击思路
1478
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
