wordpress 黑客
This article has been contributed by Roman Daneghyan.
本文由Roman Daneghyan提供。
Powering 35% of the web, WordPress (WP) is one of the most popular website building platforms in the world. However, unfortunately, because of its popularity, the platform is also a popular target with hackers.
WordPress(WP)为35%的网络提供动力,是世界上最受欢迎的网站构建平台之一。 但是,不幸的是,由于其受欢迎程度,该平台也受到了黑客的广泛欢迎。
If hackers find a vulnerability in any popular WP theme or plugin, a cyber attack can affect millions of WP sites using that plugin or theme. Consequently, you must take the necessary steps to improve the security of your WordPress site.
如果黑客在任何流行的WP主题或插件中发现漏洞,则网络攻击可能会影响使用该插件或主题的数百万个WP网站。 因此,您必须采取必要的步骤来提高WordPress网站的安全性。
Investing in reliable WordPress security plugins can be an excellent way to minimize the risk of WordPress security issues. However, with so many WordPress security plugins available on the market, choosing the perfect one is not easy. Don’t worry; we have put together the best plugins of 2020 that can help you take the security of your WP site to the next level.
投资可靠的WordPress安全性插件是将WordPress安全性问题的风险降至最低的绝佳方法。 但是,市场上有这么多的WordPress安全插件,选择完美的插件并不容易。 不用担心 我们汇集了2020年最好的插件,可以帮助您将WP网站的安全性提高到一个新水平。
So, without further delay, let’s get started.
因此,现在就开始吧。
顶级最佳WordPress安全插件 (Top Best WordPress Security Plugins)
1. Sucuri (1. Sucuri)
Sucuri is a popular WordPress security plugin available in both free and paid versions. Until you need robust features like firewall protection, the free version will work fine for you.
Sucuri是一个流行的WordPress安全插件,有免费和付费版本。 除非您需要强大的功能(如防火墙保护),否则免费版本将非常适合您。
Even in the free version, it gives you features like blacklist monitoring, security notifications, file integrity monitoring and security hardening. The plugin can be installed in the same fashion as other plugins. Simply, go to Plugins, Add New and search for Sucuri.
即使在免费版本中,它也为您提供了诸如黑名单监控,安全通知,文件完整性监控和安全强化等功能。 该插件可以与其他插件相同的方式安装。 只需转到插件,添加新内容并搜索Sucuri。
特征 (Features)
- It comes with a free SSL certificate so you don’t have to buy one separately 它带有免费的SSL证书,因此您无需单独购买
- You receive an instant notification as soon as something wrong happens within your site 您的网站出现问题后,您会立即收到通知
- It gives powerful protection against DDoS (distributed denial-of-service) attacks (available in some plans) 它为DDoS(分布式拒绝服务)攻击提供了强大的保护(某些计划中提供)
- You can contact the support team instantly via chat or email 您可以通过聊天或电子邮件立即联系支持团队
2. 恶意护理 (2. MalCare)
Malware is the primary concern for the majority of website owners. Usually, it spreads through corrupted versions of WP plugins and themes.
恶意软件是大多数网站所有者最关心的问题。 通常,它会在WP插件和主题的损坏版本中传播。
Since hackers are continually looking for new ways to infiltrate WordPress sites, you must look for reliable ways to prevent your site from malware attacks.
由于黑客一直在寻找渗透WordPress网站的新方法,因此您必须寻找可靠的方法来防止您的网站受到恶意软件攻击。
MalCare is a renowned malware detection and removal plugin that comes with an auto-clean feature that cleans your site without waiting for hours. Since the plugin syncs every part of your website with its server, it scans everything. Moreover, unlike other plugins, it doesn’t overload your server. Therefore, your site always runs at high speed.
MalCare是著名的恶意软件检测和清除插件,具有自动清除功能,无需等待数小时即可清除您的网站。 由于该插件会将您网站的每个部分与其服务器同步,因此它会扫描所有内容。 而且,与其他插件不同,它不会使服务器过载。 因此,您的站点始终保持高速运行 。
Check out some major features of MalCare below.
在下面查看MalCare的一些主要功能。
- Full website scanning 完整的网站扫描
- Quick malware removal 快速清除恶意软件
- Backup and restore facilities 备份和还原功能
- Uptime and performance monitoring 正常运行时间和性能监控
- White-labeling solution 白标解决方案
- Multiple site management from a single dashboard 从一个仪表板进行多个站点管理
3. iThemes安全性 (3. iThemes Security)
Earlier known as Better WP Security, iThemes Security is a powerful WP plugin that protects your site against hacks and unwanted infiltrators.
iThemes Security以前称为Better WP Security,它是一个功能强大的WP插件,可保护您的网站免遭黑客入侵和有害的渗透程序侵害。
iThemes Security has been building WordPress tools since 2008. What makes it different from other WordPress security plugins is that it gives you more than 30 ways to protect your site.
iThemes Security自2008年以来一直在构建WordPress工具。与其他WordPress安全插件不同的是,它为您提供了30多种保护网站的方法。
The plugin is designed to identify and fix common WordPress security issues.
该插件旨在识别和修复常见的WordPress安全问题。
Like other plugins, it has both paid and free versions. The paid plan starts at $56 per year and gives advanced features like one-year plugin updates, immediate customer support for up to two websites and more.
像其他插件一样,它具有付费和免费版本。 付费计划的起价为每年56美元,并提供高级功能,例如一年的插件更新,最多两个网站的即时客户支持等等。
特征 (Features)
- Website malware scanning 网站恶意软件扫描
- Complete security report 完整的安全报告
- WP login page protection WP登录页面保护
- User-friendly and centralized dashboard for multiple sites 用户友好的集中式仪表板,可用于多个站点
- Website hardening measures 网站强化措施
- Brute force protection and robust password enforcement 蛮力保护和强大的密码执行
- Essential WordPress version management facilities 必要的WordPress版本管理工具
4. Shield Security WordPress插件 (4. Shield Security WordPress Plugin)
Shield Security is counted among the top WordPress security plugins. Easy to install, it comes with advanced security features that eliminate your website vulnerabilities. The plugin can help you fix various WordPress security challenges such as ransomware, viruses, bots and hacking attempts.
Shield Security被评为顶级WordPress安全插件之一。 易于安装,具有高级安全功能,可消除您的网站漏洞。 该插件可以帮助您解决各种WordPress安全挑战,例如勒索软件,病毒,机器人和黑客攻击。
Besides this, the plugin also provides you advanced security features like 2-factor authentication, comment spam filter, automatic IP blacklist, reCAPTCHA and admin access protection. The good thing is that all of these features are available with the free version.
除此之外,该插件还为您提供高级安全功能,例如2要素身份验证,注释垃圾邮件过滤器,自动IP黑名单,reCAPTCHA和管理员访问保护。 好消息是所有这些功能都可以通过免费版本获得。
With the Pro version, you get additional scanning features, import and export functionality, WooCommerce support and premium support.
使用Pro版本,您可以获得其他扫描功能,导入和导出功能,WooCommerce支持和高级支持。
特征 (Features)
- User-friendly interface 友好的用户界面
- 6 X powerful core file scanners 6个强大的核心文件扫描仪
- Limit login attempts 限制登录尝试
- Three types of two-factor authentication 三种类型的两因素身份验证
- Security admin users 安全管理员用户
5. Wordfence安全 (5. Wordfence Security)
With more than 3 million active installs, Wordfence Security is a popular firewall and security scanner for WordPress sites. It protects your website from spam, Malware and other possible threats in real-time.
活跃安装量超过300万,Wordfence Security是适用于WordPress网站的流行防火墙和安全扫描程序。 它可以实时保护您的网站免受垃圾邮件,恶意软件和其他可能威胁的侵害。
Unlike other WordPress security plugins, it has a very user-friendly dashboard that anyone can use without any prior training.
与其他WordPress安全插件不同,它具有非常用户友好的仪表板,任何人都可以使用它,而无需任何事先培训。
The security plugin also enables you to see comprehensive reports about your site’s traffic trends. Thus, you can find out whether the traffic is coming from search engine crawlers, humans or bad bots.
该安全插件还使您可以查看有关站点流量趋势的综合报告。 因此,您可以找出流量是来自搜索引擎爬虫,人类还是恶意机器人。
In addition to this, Wordfence Security also allows you to block traffic coming from specific geographic regions.
除此之外,Wordfence Security还允许您阻止来自特定地理区域的流量。
With the free version, you get plenty of features such as brute force attack protection, firewall blocks and more. However, for added features, you can switch to a premium plan that starts at $99 per license.
使用免费版本,您可以获得大量功能,例如蛮力攻击防护,防火墙阻止等。 但是,要增加功能,您可以切换到高级计划,起价为每个许可99美元。
特征 (Features)
- The free version is capable enough to keep mid-sized websites secured 免费版足以保护中型网站的安全
- It has a powerful firewall suite offering protection against real-time threats 它具有功能强大的防火墙套件,可抵御实时威胁
- The plugin can monitor live traffic by inspecting human visits, Google crawl activities and logins and logouts 该插件可以通过检查人员访问,Google抓取活动以及登录和注销来监视实时流量
- Its scanner scans all your files (not just WordPress files) for malware 它的扫描仪扫描您所有文件(不只是WordPress文件)是否存在恶意软件
- The plugin also supports spamming comment filters 该插件还支持垃圾评论过滤器
6. 喷气背包 (6. Jetpack)
The majority of WordPress users are acquainted with Jetpack as it is an all-in-one plugin that supports a wide range of features.
大多数WordPress用户都熟悉Jetpack,因为它是一个支持多种功能的多合一插件。
Developed by Automattic, it is a website enhancement plus a security plugin. It has more than 5 million active installations, making it one of the most popular WordPress security plugins. It comes with various modules to improve your website speed, protection and strengthen your social media.
由Automattic开发,它是一个网站增强功能以及一个安全插件。 它具有超过500万个活动安装,使其成为最受欢迎的WordPress安全插件之一。 它带有各种模块,可提高您的网站速度,保护并增强您的社交媒体。
特征 (Features)
- Downtime monitoring, spam filtering and prevention against brute-force attack 停机时间监视,垃圾邮件过滤以及防止暴力攻击
- Provides full website backup 提供完整的网站备份
- Complete login security with two-factor authentication 双重身份验证,提供完整的登录安全性
- Scanning for malware, codes and automated threats 扫描恶意软件,代码和自动威胁
- Quick support from WordPress specialists WordPress专家的快速支持
7. SecuPress (7. SecuPress)
Designed by Julio Potier (co-founder of WP Media), SecuPress protects your site from suspicious bots and IPs. It scans malware and spyware and then cleans them.
SecuPress由WP Media联合创始人Julio Potier设计,可保护您的站点免受可疑的漫游器和IP的侵害。 它扫描恶意软件和间谍软件,然后清除它们。
Additionally, you can use this plugin to block countries by geolocation and protect your site from brute-force attacks. Like other WordPress security plugins in the list, this GDPR (General Data Protection Regulation) compliant plugin is available in both free and paid versions.
此外,您可以使用此插件按地理位置阻止国家/地区,并保护您的网站免受暴力攻击。 像列表中的其他WordPress安全插件一样,该符合GDPR(通用数据保护法规)的插件有免费版和付费版。
If you can manually scan your site for security threats, its free version should be an excellent choice for you, but if not, go for SecuPress Pro.
如果您可以手动扫描站点是否存在安全威胁,则免费版本应该是您的最佳选择,但如果不能,请选择SecuPress Pro。
特征 (Features)
- SecuPress blocks malicious bot SecuPress阻止恶意机器人
- It protects security keys 它保护安全密钥
- The plugin scans vulnerable plugins and themes 该插件会扫描易受攻击的插件和主题
- You get security reports in PDF format 您将获得PDF格式的安全报告
8. 防弹安全 (8. BulletProof Security)
BulletProof Security is a highly recommended security plugin by the WordPress community as it gives advanced security against spamming and Malware attacks.
BulletProof Security是WordPress社区强烈推荐的安全插件,因为它提供了针对垃圾邮件和恶意软件攻击的高级安全性。
This user-friendly plugin also does an excellent job for knowledgeable developers who want to leverage unique features and settings such as Base64decoder, anti-exploit guard and more.
对于想要利用独特功能和设置(例如Base64decoder,反漏洞防护等)的知识丰富的开发人员,此用户友好的插件也非常出色。
Even in the free version, it provides login security, database backups, malware scanning and various anti-hacking tools.
即使是免费版本,它也提供登录安全性,数据库备份,恶意软件扫描和各种反黑客工具。
Since they are offering a 30-day money-back guarantee, you can try this plugin without any hesitation. Check out some of its significant features below.
由于他们提供30天退款保证,因此您可以毫不犹豫地试用此插件。 在下面查看其一些重要功能。
特征 (Features)
- BulletProof Security supports advanced security features such as folder locking, encrypting solutions, intrusion detection and prevention BulletProof Security支持高级安全功能,例如文件夹锁定,加密解决方案,入侵检测和防御
- It features a single-click wizard 它具有一个单击向导
- The free edition has enough features to suit the regular website 免费版具有足够的功能以适合常规网站
- You get database backup in the free version 您可以获得免费版本的数据库备份
- The plugin provides .htaccess website security protection (firewalls) 该插件提供.htaccess网站安全保护(防火墙)
9. WP fail2ban (9. WP fail2ban)
If brute force attacks are your major concern, you can’t find a better plugin than WP fail2ban. It takes a different approach than other WordPress security plugins listed above. It logs all login attempts to the Syslog regardless of their nature. It gives you the option to enforce a soft or hard ban depending on your needs.
如果您最关心暴力攻击,那么找不到比WP fail2ban更好的插件。 与上面列出的其他WordPress安全插件相比,它采取了不同的方法。 它将所有登录尝试记录到Syslog中,无论其性质如何。 它使您可以根据需要选择实施软禁或硬禁。
特征 (Features)
- The plugin helps you create a shortcode which blocks a user immediately 该插件可帮助您创建可立即阻止用户的简码
- You have the option to choose between hard or soft blocks 您可以选择硬块还是软块
- The plugin allows you to prevent spam or malicious comments 该插件可以防止垃圾邮件或恶意评论
- It documents information about user enumeration, pingbacks and spam 它记录了有关用户枚举,pingback和垃圾邮件的信息
You can integrate plugins with CloudFlare and proxy servers. If you don’t know how to do that you can take the help of a dedicated WordPress developer
您可以将插件与CloudFlare和代理服务器集成。 如果您不知道该怎么做,可以寻求专门的WordPress开发人员的帮助
10. 隐藏我的WP (10. Hide My WP)
As the name indicates, this security plugin hides it from attackers and hackers that you use the WordPress platform. Hide My WP features a robust intrusion detector to prevent security attacks such as XSS, SQL injection and more in real-time. Besides this, it also hides your website login URL. So, if you want to keep your WP site protected from cyber attackers, invest in this premium WP security plugin.
顾名思义,此安全插件对使用WordPress平台的攻击者和黑客隐藏了该插件。 Hide My WP具有强大的入侵检测器,可实时防御XSS,SQL注入等安全攻击。 除此之外,它还会隐藏您的网站登录URL。 因此,如果您想保护WP网站免受网络攻击者的侵害,请投资此高级WP安全插件。
特征 (Features)
- Hides your site’s theme name, plugins, login URL and more 隐藏您网站的主题名称,插件,登录URL等
- Informs about all bad behavior and gives complete details of the attacker 通知所有不良行为,并提供攻击者的完整详细信息
- Features a “trust network2 that naturally blocks traffic from bad IP addresses 具有“信任网络2”,可自然阻止来自错误IP地址的流量
- Compatible with Apache, Nginx and other premium themes. 与Apache,Nginx和其他高级主题兼容。
11. VaultPress (11. VaultPress)
VaultPress is a subscription-based WordPress plugin that gives you real-time backup and automated security scanning. Developed by Automattic, VaultPress has more than 80,000 active installations.
VaultPress是基于订阅的WordPress插件,可为您提供实时备份和自动安全扫描。 VaultPress由Automattic开发,拥有80,000多个活动安装。
特征 (Features)
- It enables you to make real-time or manual backups using a calendar 它使您可以使用日历进行实时或手动备份
- Automatically detects and eliminates malware, viruses and other security threats 自动检测并消除恶意软件,病毒和其他安全威胁
- Blocks all spam to protect your SEO and brand reputation 阻止所有垃圾邮件,以保护您的SEO和品牌声誉
12. Astra网络安全 (12. Astra Web Security)
This powerful WordPress security plugin is ideal if you are worried about malware, SQLi, XSS and comments spam. The Astra Web Security plugin gives you protection against more than 100 threats. Since the plugin is installed as an extension, you don’t need to make any changes to your DNS setting. Astra supports an intuitive dashboard from where you can easily manage your site.
如果您担心恶意软件,SQLi,XSS和注释垃圾邮件,那么此功能强大的WordPress安全插件是理想的选择。 Astra Web Security插件可为您提供针对100多种威胁的防护。 由于该插件是作为扩展安装的,因此您无需对DNS设置进行任何更改。 Astra支持直观的仪表板,您可以从中轻松管理站点。
特征 (Features)
- Gives immediate malware clean up and supports a robust firewall that stops attacks like SQLi, XSS, code injection, SEO spam and brute force 立即清除恶意软件并支持强大的防火墙,以阻止SQLi,XSS,代码注入,SEO垃圾邮件和暴力破解等攻击
- Bad bots blocking 坏机器人阻止
- An intuitive dashboard, which gives you the option to block or whitelist a particular IP, country or URL 直观的仪表板,可让您选择阻止或将特定IP,国家或URL列入白名单
13. WebARX (13. WebARX)
WebARX is a premium WordPress security plugin, known for advanced managed endpoint firewalls that protect your site from bot attacks, plugin vulnerabilities and fake traffic. What makes WebARX unique from other WordPress security plugins is that it allows you to create your own firewall rules. Moreover, it is also very easy to setup.
WebARX是一个高级WordPress安全插件,以高级托管端点防火墙而闻名,该防火墙可以保护您的网站免受机器人攻击,插件漏洞和虚假流量的侵害。 WebARX与其他WordPress安全插件的不同之处在于,它允许您创建自己的防火墙规则。 此外,它也很容易设置。
特征 (Features)
- Powerful firewall protection 强大的防火墙保护
- Centralized security for unlimited websites 无限网站的集中安全性
- Uptime monitoring — you get an email alert as soon as your site goes down 正常运行时间监控-网站一旦关闭,您将收到一封电子邮件警报
14. 安全忍者 (14. Security Ninja)
Security Ninja is a handy WP plugin that helps you identity loopholes and weaknesses in your website. It scans your entire site within a minute and highlights all the gaps that hackers can exploit. Like a lot of security plugins, it doesn’t make your website load slowly.
安全忍者是一个方便的WP插件,可帮助您识别网站中的漏洞和弱点。 它在一分钟内扫描了整个站点,并突出显示了黑客可以利用的所有漏洞。 像许多安全插件一样,它不会使您的网站加载缓慢。
特征 (Features)
- It comes with an auto fixer module that eliminates any issues detected 它带有一个自动修复程序模块,可消除检测到的任何问题
- It scans WordPress themes and plugins for suspicious code and malware 它扫描WordPress主题和插件中的可疑代码和恶意软件
- It logs all events happening on your WP site 它记录了您的WP网站上发生的所有事件
您可以用来增强WP网站安全性的其他措施 (Other Things You Can do to Enhance the Security of Your WP Site)
As WordPress is vulnerable to hacker attacks (even the FBI warns), you can’t just rely on a security plugin. Nowadays, cybercriminals are taking different approaches to gain access to WordPress sites. Therefore, you should take all the necessary steps to make your site secured.
由于WordPress容易受到黑客攻击(甚至FBI 警告 ),因此您不能仅仅依靠安全插件。 如今,网络犯罪分子正在采取不同的方法来访问WordPress网站。 因此,您应该采取所有必要的步骤来保护您的网站安全。
Check out what you can do.
看看您能做什么。
Choose a reliable hosting company because 41% of WordPress attacks are due to a vulnerability on the hosting service
选择可靠的托管公司,因为41%的WordPress攻击是由于托管服务上的漏洞引起的
- Always run your WP site on the latest version. Update it as soon as you get a notification for a new update. Don’t forget; there are various other benefits of updating a WordPress site 始终在最新版本上运行WP网站。 收到新更新通知后,请立即进行更新。 不要忘记 更新WordPress网站还有其他好处
Invest in the best VPN service to encrypt all your data transfers and improve the privacy of your site
投资最好的VPN服务来加密所有数据传输并改善站点的隐私
- Don’t use a corrupted theme 不要使用损坏的主题
- Always use a strong password 一律使用强密码
- Install a SSL Certificate 安装SSL证书
- Limit your login attempts 限制登录尝试
最后的想法 (Final Thoughts)
The goal of every security plugin is to protect your site against WordPress security issues. However, not every plugin is the same in terms of effectiveness and reliability. As a result, you must choose a security plugin carefully.
每个安全插件的目的都是为了保护您的站点免受WordPress安全问题的侵害。 但是,并不是每个插件在有效性和可靠性方面都是相同的。 因此,您必须仔细选择一个安全插件。
For your convenience, we have researched these top 14 WordPress security plugins of 2020. You can go for any plugin that best suits your needs and budget.
为方便起见,我们研究了2020年这14个WordPress安全插件。您可以选择最适合您的需求和预算的任何插件。
Which plugin are you using? Let us know in the comments below.
您正在使用哪个插件? 在下面的评论中让我们知道。
_
_
About the author: Roman Daneghyan is a social media marketing, content marketing, link building and SEO expert.
关于作者: Roman Daneghyan是社交媒体营销,内容营销,链接构建和SEO专家。
wordpress 黑客
扫一扫
1016
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
