8个安全技巧和指南为您的WordPress Blog

张贴在2007年9月21日在2:27 pm

这一些 Wordpress安全技巧 我随着时间的过去学会了。 在读关于疯狂的俄国人或恶意的竞争者被乱砍,残废和切断的blogs的两三个恐怖故事以后,我决定了对它会是好想法实施我的WordPress blog的一些安全实践。 在审阅一束以后站点和固定的事在我自己的blog,我认为与所有其他WordPress用户分享这些项目那里是好。

实施这些安全措施为是当前挣或设法挣金钱他们的blogs的人是特别重要的。 一旦您blog被乱砍或发送同样的消息到多个新闻组,不用知道关于它的您,您从查寻引擎将投下,并且它不是容易的得到的后面in。 记住,甚而以所有安全措施,它是根本有您的blog备份。 插入式我使用是 WordPress数据库备份. 如果您没有它安装,现在安装它! 严重。

帮助的技巧保护自己免受WordPress安全性问题:

  1. 升级Wordpress -这大概是您应该做的第一件事! 如果您不跑最新版本,您自讨苦吃。 当前,它是2.2.3,但很快是版本2.3。 不妨等待直到24个和安装新版本。 有是正义安全固定的几发行最近(SQL射入等等)。 它也许似乎象令人讨厌的人,并且它可以有时是,但升级真正地不是那坏。 因为我被惊吓了某事打算出错和被删除的一切我举行了升级从版本2.0到2.2几个月。 终于,我召集了能量并且逐步审阅他们的指示,并且它优良是! 在您以后一次升级Wordpress,它所有不是那坏!

  2. 改变默认密码 -您平静采伐入您的wpadmin页以被发电子邮件给您的同一个默认密码? 如果那样,改变它! 密码只是6个字符和正义数字和信件。 我的祖母可能在几个星期以后大概崩裂它。 如果您能,做它复合体和超过10个字符。 并且,设法不使用词,做它一好的混杂信件、数字和标志。 并且,当您是在它,继续并且采伐入您主持的公司的站点并且为您的帐户注册和所有控制板注册改变您的密码那里,象cPanel等等时。

  3. 使用SSH/Shell通入而不是FTP -这一个是一大一个! It’s not as easy to implement as the other two, but it’s probably the best tip out of all the others that I will list here. If someone gets a hold of your FTP login information (which is usually not encrypted and easy to get), they can manipulate your files and add spam to your site without you even knowing about it! Just read this story! It’s actually best to disable FTP altogether if you can! Using SSH, everything is encrypted including the transfer of files, etc.

  4. Install LoginLock plugin - This is a really cool plugin that will automatically block an IP address from trying to log into your Wordpress admin area after a certain number of attempts. LoginLock will prevent bots from continuously trying different combinations to crack your account. This is very similar to how Windows works if you’re in a domain environment. The default locked out time is 1 hour.

  5. Create a blank index.html file in your /Plugins/ directory - By default, your Wordpress plugins folder is completely visible to anyone by going to http://www.domainname.com/wp-content/plugins. Go ahead and create a blank document in your favorite editor and save it as index.html and upload it to the plugins directory. Now when you try to access it, you only get a blank screen. This prevents hackers from finding out a security hole in one of your plugins.

  6. Block access to wp-admin folder using .htaccess - There is an article written Reuben that talks about how you can protect your Wordpress admin folder by allowing access to it from a defined set of IP addresses. Everything else will bring up a Forbidden error message. So if you only access your blog from one or two places routinely, it’s worth implementing. Also, you’re supposed to create a new .htaccess file inside your wp-admin folder, not replace the one at the root of your blog

  7. Remove the version string from your header.php file - Of course, if you’re running version 2.0 and the current release is 2.3 AND your blog explicitly states that it’s at 2.0 on every page, it’s not going to be very hard for someone to find your vulnerable blog and attack it. The line looks like this: <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />

  8. Block WP- folders from the search engines - There is no need to have all of your filesWordpress files indexed by Google, so it’s best to block them in your robots.txt file. Add the following line to your list:Disallow: /wp-*

Got any more tips you want to add? Drop a comment! Thanks!

Technorati Tags: , , ,

If you enjoyed this post, make sure you subscribe to my RSS feed!

» Filed Under Blogging

Related Posts

5 Responses to “8 Security Tips and Guidelines for your WordPress Blog”

  1. Jon Phillips said on : September 21st, 2007 at 2:56 pm

    Great tip. Most of the time it’s not the software that poses the biggest security threat, it’s the user. People want to make passwords that are easy to remember, but when you have blog software that is widely used as Wordpress is, it doesn’t take a 1337 H@x0r to compromise it.


  2. Siddharth said on : September 21st, 2007 at 5:01 pm

    Really nice articles thx for this


  3. Frank H M said on : November 8th, 2007 at 5:01 am

    Great tips. I will make sure to implemente these ASAP before I start blogging for real.


    Pingbacks
  1. Hey Wordpress Blogger, I Can See Your Plugins! Says:

    […] who also told me about this issue. More tips on Wordpress security are available via Online Tech Tips). A very nice implementation of this solution can be seen at […]

    October 11th, 2007 at 11:15 am
    2. Pingbacks
  2. Great articles that should be read | My lucky number 13 Says:

    […] 8 Security Tips and Guidelines for your WordPress Blog - Aseem Kishore […]

    October 31st, 2007 at 5:53 pm
Please post your comments/suggestions!