wordpress上传限制
From time to time hackers may try to break into your WordPress site by guessing your admin password. By default, WordPress allows users to try different passwords as many times as they want. This is also known as brute force attack. However, you can change this and add an extra layer of security to your WordPress site. In this article, we will show you how and why you should limit login attempts in your WordPress.
黑客有时会通过猜测您的管理员密码来尝试侵入您的WordPress网站。 默认情况下,WordPress允许用户根据需要尝试多次不同的密码。 这也称为蛮力攻击。 但是,您可以更改此设置,并为WordPress网站添加额外的安全层。 在本文中,我们将向您展示如何以及为什么应限制WordPress中的登录尝试。
影片教学 (Video Tutorial)
If you don’t like the video or need more instructions, then continue reading.
如果您不喜欢该视频或需要更多说明,请继续阅读。
为什么需要限制WordPress中的登录尝试? (Why you need to Limit Login Attempts in WordPress?)
By default, WordPress allows users to enter passwords as many times as they want. Hackers may try to exploit this by using scripts that enter different combinations until your website cracks.
默认情况下,WordPress允许用户根据需要多次输入密码。 黑客可能会尝试通过使用输入不同组合的脚本来利用此漏洞,直到您的网站崩溃为止。
To prevent this, you can limit the number of failed login attempts per user.
为防止这种情况,您可以限制每个用户失败的登录尝试次数。
For example, you can say after 5 failed attempts, lock the user out temporarily.
例如,您可以说5次失败尝试后,暂时将用户锁定。
If someone has more than 5 failed attempts, then your site block their IP for a temporary period of time based on your settings. You can make it 5 minutes, 15 minutes, 24 hours, and even longer.
如果某人尝试失败的次数超过5次,则您的站点将根据您的设置在一段时间内阻止其IP。 您可以将其设置为5分钟,15分钟,24小时甚至更长的时间。
如何限制WordPress中的登录尝试? (How to Limit Login Attempts in WordPress?)
First thing you need to do is install and activate the Login LockDown plugin. Upon activation, you need to visit Settings » Login LockDown page to configure the plugin settings.
您需要做的第一件事是安装并激活Login LockDown插件。 激活后,您需要访问设置»登录锁定页面来配置插件设置。
First you need to define how many login attempts can be made. After that choose how long a user will be unable to retry if they exceed the failed attempts.
首先,您需要定义可以进行多少次登录尝试。 之后,选择超过失败尝试次数的用户将无法重试的时间。
You can also define the lockout period for IP range blocks. The default value is 60 minutes, you can adjust that if you need.
您还可以为IP范围块定义锁定时间。 默认值为60分钟,您可以根据需要进行调整。
The plugin will allow users to keep trying different invalid usernames. Click on yes under lockout invalid usernames option to stop this.
该插件将允许用户继续尝试使用其他无效的用户名。 单击“锁定无效的用户名”选项下的“是”以停止此操作。
By default, WordPress lets users know that whether they entered an invalid username or invalid password on failed logins. You can hide this by clicking yes under mask login errors option.
默认情况下,WordPress会让用户知道他们在登录失败时输入的用户名无效还是密码无效。 您可以通过在“掩码登录错误”选项下单击“是”来隐藏它。
Don’t forget to click on the update settings button to store your changes.
不要忘记单击更新设置按钮来存储您的更改。
专家提示 (Pro Tip)
The first layer of protection to your WordPress sites is your passwords. You should always use strong passwords on your WordPress site. We understand that strong passwords are difficult to remember. But see our beginner’s guide which shows the best way to manage passwords for WordPress users.
WordPress网站的第一层保护是您的密码。 您应该始终在WordPress网站上使用强密码。 我们知道,强密码很难记住。 但是请参阅我们的初学者指南,其中显示了为WordPress用户管理密码的最佳方法 。
If you run a multi-author WordPress site, then see how you can force strong passwords on users in WordPress.
如果您运行一个多作者WordPress网站,请参阅如何在WordPress中对用户强制使用强密码 。
No website is 100% safe because hackers always find new ways to get around the system. That’s why it’s crucial that you keep complete backups of your WordPress site at all times. We recommend BackupBuddy plugin. Here’s a list of the best WordPress backup plugins.
没有网站是100%安全的,因为黑客总是会找到新的方法来绕过系统。 因此,始终保持WordPress网站的完整备份至关重要。 我们建议使用BackupBuddy插件。 这是最好的WordPress备份插件的列表。
If your website is a business, then we strongly recommend that you add a firewall which takes care of the brute-force attacks and so much more. We use Sucuri which guarantees our safety and if anything happens to our site, then their team is responsible to fix it at no-additional charge.
如果您的网站是企业,那么我们强烈建议您添加一个防火墙,该防火墙可以应对蛮力攻击等等。 我们使用Sucuri来保证我们的安全,如果我们的网站发生任何问题,则由他们的团队负责进行修复,无需另外付费。
We hope you found this article useful, and you have successfully added login attempts limit to your WordPress site. You may also want to see our list of 13 vital tips and tools to protect your WordPress admin area.
我们希望您对本文有所帮助,并且已成功将登录尝试限制添加到WordPress网站。 您可能还需要查看我们的13个重要提示和工具列表, 以保护WordPress管理区域 。
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。
翻译自: https://www.wpbeginner.com/plugins/how-and-why-you-should-limit-login-attempts-in-your-wordpress/
wordpress上传限制
扫一扫
462
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
