wordpress汉化技巧_保护您的WordPress管理区域的14条重要技巧（已更新）

wordpress汉化技巧

Are you seeing a lot of attacks on your WordPress admin area? Protecting the admin area from unauthorized access allows you to block many common security threats. In this article, we will show you some of the vital tips and hacks to protect your WordPress admin area.

您是否在WordPress管理区域看到了很多攻击？ 保护管理员区域免受未经授权的访问，可以阻止许多常见的安全威胁。 在本文中，我们将向您展示一些重要的提示和技巧，以保护WordPress管理区域。

1.使用网站应用程序防火墙 (1. Use a Website Application Firewall)

A website application firewall or WAF monitors website traffic and blocks suspicious requests from reaching your website.

网站应用程序防火墙或WAF监视网站流量并阻止可疑请求到达您的网站。

While there are several WordPress firewall plugins out there, we recommend using Sucuri. It is a website security and monitoring service that offers a cloud based WAF to protect your website.

虽然那里有几个WordPress防火墙插件 ，但我们建议使用Sucuri 。 这是一个网站安全和监视服务，提供基于云的WAF以保护您的网站。

All your website’s traffic goes through their cloud proxy first, where they analyze each request and block suspicious ones from ever reaching your website. It prevents your website from possible hacking attempts, phishing, malware and other malicious activities.

您网站的所有流量都首先通过其云代理，他们在其中分析每个请求并阻止可疑请求到达您的网站。 它可以防止您的网站遭受可能的黑客攻击，网络钓鱼，恶意软件和其他恶意活动。

For more details, see how Sucuri helped us block 450,000 attacks in one month.

有关更多详细信息，请参阅Sucuri如何帮助我们在一个月内阻止450,000次攻击 。

2.密码保护WordPress管理员目录 (2. Password Protect WordPress Admin Directory)

Your WordPress admin area is already protected by your WordPress password. However, adding password protection to your WordPress admin directory adds another layer of security to your website.

您的WordPress管理区域已经受到WordPress密码的保护。 但是，将密码保护添加到WordPress管理员目录可为您的网站增加另一层安全性。

First login to your WordPress hosting cPanel dashboard and then click on ‘Password Protect Directories’ or ‘Directory Privacy’ icon.

首先登录到您的WordPress托管 cPanel仪表板，然后单击“密码保护目录”或“目录隐私”图标。

Next, you will need to select your wp-admin folder, which is normally located inside /public_html/ directory.

接下来，您将需要选择wp-admin文件夹，该文件夹通常位于/ public_html /目录中。

On the next screen, you need to check the box next to ‘Password protect this directory’ option and provide a name for the protected directory.

在下一个屏幕上，您需要选中“密码保护此目录”选项旁边的框，并提供受保护目录的名称。

After that, click on the save button to set the permissions.

之后，单击“保存”按钮以设置权限。

Next, you need to hit the back button and then create a user. You will be asked to provide a username / password and then click on the save button.

接下来，您需要单击“后退”按钮，然后创建一个用户。 系统将要求您提供用户名/密码，然后单击“保存”按钮。

Now when someone tries to visit the WordPress admin or wp-admin directory on your website, they will be asked to enter the username and password.

现在，当有人尝试访问您网站上的WordPress admin或wp-admin目录时，将要求他们输入用户名和密码。

For more detailed instructions, see our guide on how to password protect WordPress admin (wp-admin) directory.

有关更多详细说明，请参阅有关如何密码保护WordPress admin(wp-admin)目录的指南 。

3.始终使用强密码 (3. Always Use Strong Passwords)

Always use strong passwords for all your online accounts including your WordPress site. We recommend using a combination of letters, numbers, and special characters in your passwords. This makes it harder for hackers to guess your password.

始终对所有在线帐户(包括WordPress网站)使用强密码。 我们建议您在密码中使用字母，数字和特殊字符的组合。 这使黑客更难猜测您的密码。

We are often asked by beginners how to remember all those passwords. The simplest answer is that you don’t need to. There are some really great password manager apps that you can install on your computer and phones.

初学者经常问我们如何记住所有这些密码。 最简单的答案是您不需要。 您可以在计算机和电话上安装一些非常好的密码管理器应用程序。

For more information on this topic, see our guide on the best way to manage passwords for WordPress beginners.

有关此主题的更多信息，请参阅有关为WordPress初学者管理密码的最佳方法的指南。

4.使用两步验证到WordPress登录屏幕 (4. Use Two Step Verification to WordPress Login Screen)

Two step verification adds another security layer to your passwords. Instead of using the password alone, it asks you to enter a verification code generated by the Google Authenticator app on your phone.

两步验证为您的密码添加了另一个安全层。 它会要求您输入手机上Google Authenticator应用程序生成的验证码，而不是仅使用密码。

Even if someone is able to guess your WordPress password, they will still need the Google Authenticator code to get in.

即使有人能够猜出您的WordPress密码，他们仍将需要Google Authenticator代码才能进入。

For detailed step by step instructions see our guide on how to setup 2-step verification in WordPress using Google Authenticator.

有关详细的分步说明，请参阅我们的指南，了解如何使用Google Authenticator在WordPress中设置两步验证 。

5.限制登录尝试 (5. Limit Login Attempts)

By default, WordPress allows users to enter passwords as many times as they want. This means someone can keep trying to guess your WordPress password by entering different combinations. It also allows hackers to use automated scripts to crack passwords.

默认情况下，WordPress允许用户根据需要多次输入密码。 这意味着有人可以通过输入不同的组合来继续尝试猜测您的WordPress密码。 它还允许黑客使用自动脚本来破解密码。

To fix this, you need to install and activate the Login LockDown plugin. Upon activation, go to visit Settings » Login LockDown page to configure the plugin settings.

要解决此问题，您需要安装并激活Login LockDown插件。 激活后，请访问设置»登录锁定页面以配置插件设置。

For detailed instructions, see our guide on why you should limit login attempts in WordPress.

有关详细说明，请参阅我们的指南，以了解为什么应限制WordPress中的登录尝试 。

6.将登录访问限制为IP地址 (6. Limit Login Access to IP Addresses)

Another great way to secure WordPress login is by limiting access to specific IP addresses. This tip is particularly useful if you or just a few trusted users need access to the admin area.

保护WordPress登录的另一种好方法是限制对特定IP地址的访问。 如果您或只有几个受信任的用户需要访问管理区域，则此技巧特别有用。

Simply add this code to your .htaccess file.

只需将此代码添加到您的.htaccess文件中。

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "WordPress Admin Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist Syed's IP address
allow from xx.xx.xx.xxx
# whitelist David's IP address
allow from xx.xx.xx.xxx
</LIMIT>

Don’t forget to replace xx values with your own IP address. If you use more than one IP address to access the internet, then make sure you add them as well.

不要忘记用自己的IP地址替换xx值。 如果您使用多个IP地址访问Internet，请确保同时添加它们。

For detailed instructions, see our guide on how to limit access to WordPress admin using .htaccess.

有关详细说明，请参阅我们的指南，了解如何使用.htaccess限制对WordPress管理员的访问 。

7.禁用登录提示 (7. Disable Login Hints)

On a failed login attempt, WordPress shows errors that tell users whether their username was incorrect or the password. These login hints can be used by someone for malicious attempts.

如果登录尝试失败，WordPress会显示错误，告诉用户其用户名不正确或密码。 有人可以使用这些登录提示进行恶意尝试。

You can easily hide these login hints by adding this code to your theme’s functions.php file or a site-specific plugin.

通过将此代码添加到主题的functions.php文件或特定于站点的插件中，您可以轻松隐藏这些登录提示。

function no_wordpress_errors(){
  return 'Something is wrong!';
}
add_filter( 'login_errors', 'no_wordpress_errors' );

8.要求用户使用强密码 (8. Require Users to Use Strong Passwords)

If you run a multi-author WordPress site, then those users can edit their profile and use a weak password. These passwords can be cracked and give someone access to WordPress admin area.

如果您运行一个多作者WordPress网站，则这些用户可以编辑其个人资料并使用弱密码。 这些密码可以被破解，并允许某人访问WordPress管理区域。

To fix this, you can install and activate the Force Strong Passwords plugin. It works out of the box, and there are no settings for you to configure. Once activated, it will stop users from saving weaker passwords.

要解决此问题，您可以安装并激活Force Strong Passwords插件。 它开箱即用，没有可供您配置的设置。 一旦激活，它将阻止用户保存较弱的密码。

It will not check password strength for existing user accounts. If a user is already using a weak password, then they will be able to continue using their password.

它不会检查现有用户帐户的密码强度。 如果用户已经在使用弱密码，那么他们将能够继续使用其密码。

9.重置所有用户的密码 (9. Reset Password for All Users)

Concerned about password security on your multi-user WordPress site? You can easily ask all your users to reset their passwords.

是否担心您的多用户WordPress网站上的密码安全性？ 您可以轻松地要求所有用户重置其密码。

First, you need to install and activate the Emergency Password Reset plugin. Upon activation, go to visit Users » Emergency Password Reset page and click on ‘Reset All Passwords’ button.

首先，您需要安装并激活紧急密码重置插件。 激活后，访问“ 用户»紧急密码重置”页面，然后单击“重置所有密码”按钮。

For detailed instructions, see our guide on how to how to reset passwords for all users in WordPress

有关详细说明，请参阅我们的指南，了解如何为WordPress中的所有用户重置密码

10.保持WordPress更新 (10. Keep WordPress Updated)

WordPress often releases new versions of the software. Each new release of WordPress contains important bug fixes, new features, and security fixes.

WordPress经常发布该软件的新版本。 WordPress的每个新版本都包含重要的错误修复，新功能和安全修复。

Using an older version of WordPress on your site leaves you open to known exploits and potential vulnerabilities. To fix this, you need to make sure that you are using the latest version of WordPress. For more on this topic, see our guide on why you should always use the latest version of WordPress.

在您的网站上使用旧版本的WordPress会使您容易受到已知漏洞和潜在漏洞的影响。 要解决此问题，您需要确保使用的是最新版本的WordPress。 有关此主题的更多信息，请参阅我们的指南，了解为什么您应始终使用最新版本的WordPress 。

Similarly, WordPress plugins are also often updated to introduce new features or fix security and other issues. Make sure your WordPress plugins are also up to date.

同样，WordPress插件也经常更新以引入新功能或修复安全性和其他问题。 确保您的WordPress插件也是最新的。

11.创建自定义登录和注册页面 (11. Create Custom Login and Registration Pages)

Many WordPress sites require users to register. For example, membership sites, learning management sites, or online stores need users to create an account.

许多WordPress网站都要求用户进行注册。 例如， 会员网站 ， 学习管理网站或在线商店需要用户创建帐户。

However, these users can use their accounts to log into WordPress admin area. This is not a big issue, as they will only be able to do things allowed by their user role and capabilities. However, it stops you from properly limiting access to login and registration pages as you need those pages for users to signup, manage their profile, and login.

但是，这些用户可以使用其帐户登录WordPress管理区域。 这不是一个大问题，因为他们将只能执行用户角色和功能所允许的事情。 但是，它使您无法正确限制对登录和注册页面的访问，因为您需要这些页面供用户注册，管理其个人资料和登录。

The easy way to fix this is by creating custom login and registration pages, so that users can signup and login directly from your website.

解决此问题的简单方法是创建自定义登录和注册页面，以便用户可以直接从您的网站进行注册和登录。

For detailed step by step instructions, see our guide on how to create custom login and registration pages in WordPress.

有关详细的分步说明，请参阅有关如何在WordPress中创建自定义登录和注册页面的指南 。

12.了解WordPress用户角色和权限 (12. Learn About WordPress User Roles and Permissions)

WordPress comes with a powerful user management system with different user roles and capabilities. When adding a new user to your WordPress site you can select a user role for them. This user role defines what they can do on your WordPress site.

WordPress带有功能强大的用户管理系统，具有不同的用户角色和功能。 在将新用户添加到WordPress网站时，您可以为其选择用户角色 。 该用户角色定义了他们可以在WordPress网站上执行的操作。

Assigning incorrect user role can give people more capabilities than they need. To avoid this you need to understand what capabilities come with different user roles in WordPress. For more on this topic see our beginner’s guide to WordPress user roles and permissions.

分配不正确的用户角色可能给人们带来超出其所需的功能。 为了避免这种情况，您需要了解WordPress中不同的用户角色具有哪些功能。 有关此主题的更多信息，请参阅WordPress用户角色和权限的初学者指南 。

13.限制仪表板访问 (13. Limit Dashboard Access)

Some WordPress sites have certain users who need access to the dashboard and some users who don’t. However, by default they can all access the admin area.

一些WordPress网站具有某些需要访问仪表板的用户，而有些则不需要。 但是，默认情况下，他们都可以访问管理区域。

To fix this, you need to install and activate the Remove Dashboard Access plugin. Upon activation, go to Settings » Dashboard Access page and select which users roles will have access to the admin area on your site.

要解决此问题，您需要安装并激活“ 删除仪表板访问”插件。 激活后，转到设置»仪表板访问页面，然后选择哪些用户角色将有权访问您站点上的管理区域。

For more detailed instructions, see our guide on how to limit dashboard access in WordPress.

有关更多详细说明，请参阅有关如何限制WordPress中的仪表板访问的指南。

14.注销空闲用户 (14. Log out Idle Users)

WordPress does not automatically log out users until they explicitly log out or close their browser window. This can be a concern for WordPress sites with sensitive information. That’s why financial institution websites and apps automatically log out users if they haven’t been active.

WordPress不会自动注销用户，除非他们明确注销或关闭其浏览器窗口。 对于具有敏感信息的WordPress网站，这可能是一个问题。 因此，如果金融机构的网站和应用未处于活动状态，则会自动将其注销。

To fix this, you can install and activate the Idle User Logout plugin. Upon activation, go to Settings » Idle User Logout page and enter the time after which you want users to be automatically logged out.

要解决此问题，您可以安装并激活空闲用户注销插件。 激活后，转到设置»空闲用户注销页面，然后输入希望用户自动注销的时间。

For more details, see our article on how to automatically log out idle users in WordPress.

有关更多详细信息，请参阅有关如何自动注销WordPress中的空闲用户的文章。

We hope this article helped you learn some new tips and hacks to protect your WordPress admin area. You may also want to see our ultimate step by step WordPress security guide for beginners.

我们希望本文能帮助您学习一些新的提示和技巧，以保护WordPress管理区域。 您可能还想看看我们针对初学者的终极逐步WordPress安全指南 。

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

如果您喜欢这篇文章，请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。

翻译自: https://www.wpbeginner.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/

wordpress汉化技巧