8 Security Tips and Guidelines for your WordPress Blog 8條安全提示和指引,為您的wordpress的博客

Posted on September 21, 2007 at 2:27 pm張貼於2007年9月21日在下午2時27分

Here are a few Wordpress security tips I’ve learned over time.下面是幾個wordpress的安全提示我學會了隨著時間的推移。 After reading a couple of horror stories about blogs being hacked, maimed and mutilated by crazy Russians or vindictive competitors, I’ve decided to it would be good idea to implement some security practices for my WordPress blog.後來看了一對夫婦的恐怖故事約博客被砍死,致殘和肢解俄羅斯人瘋狂或惡意的競爭對手,我已經決定,這將是個好主意,以落實一些安全做法,為我的wordpress的博客。 After going through a bunch of sites and fixing things on my own blog, I thought it would be good to share these items with all of the other WordPress users out there.後經歷的一群地點和固定的東西,對我自己的博客,我還以為這將是很好的分享這些物品與所有的其他wordpress的用戶那裡。

Implementing these security measures is especially important for anyone who is currently making or trying to make money off their blogs.實施這些安全措施是特別重要的人目前正在或者試圖賺錢,他們的博客。 Once you blog is hacked or spammed without you knowing about it, you’ll be dropped from the search engines and it’s not easy getting back in. Remember, even with all the security measures, it’s essential to have a backup of your blog.一旦你博客是披荊斬棘,或垃圾郵件沒有你認識它,你將被撤銷,從搜索引擎和它的不容易得到回來。記住,即使所有的保安措施,它必須有一個備份你的博客。 The plugin I use is該插件為我用的是 WordPress Database Backup wordpress的數據庫備份 . If you don’t have it installed, install it now!如果你沒有安裝,安裝它現在! Seriously.認真。

Tips to help protect yourself from WordPress security issues:提示,以幫助保護自己,從wordpress的安全問題:

  1. Upgrade Wordpress - This is probably the first thing you should do! 升級wordpress的 -這大概就是第一件事,你應該做的! If you’re not running the most up-to-date version, you’re asking for trouble.如果你沒有運行最切合時宜的版本,你是在自找麻煩。 Currently, it’s 2.2.3, but soon will be version 2.3.目前,它的2.2.3 ,但很快將2.3版本。 May as well wait till the 24th and install the newest version.還不如等到第24和安裝最新版本。 There have been a few releases recently that were just security fixes (SQL Injection, etc).先前有一些新聞稿,最近只是被安全補丁( sql注入等) 。 It may seem like a pain in the butt and sometimes it can be, but upgrading is really not that bad.看起來它可能像是一個痛在槍托,有時可以,但升級其實並不真的那麼壞。 I held off upgrading from version 2.0 to 2.2 for a few months because I was scared something was going to go wrong and everything deleted.我曾小康升級,從2.0版到2.2了數個月,因為我是害怕的東西是要出問題的一切刪除。 Finally, I mustered the energy and went through their instructions step by step and it was fine!最後,我糾集能源和經歷,他們的指示,一步步被罰款! After you upgrade Wordpress once, it’s not all that bad!當您升級wordpress的有一次,它沒有那麼壞!

  2. Change default passwords - Are you still logging into your wp-admin page with the same default password that was emailed to you? 更改預設密碼-你是否依然伐木到你可濕性粉劑管理員頁面,同時預設的密碼,這是透過電子郵件發送給你呢? If so, CHANGE IT!如果是的話,改變它! That password is only 6 characters and just numbers and letters.這是密碼,只有6個字符和公正的數字和字母。 My grandmother could probably crack it after a few weeks.我的祖母可能是裂紋,它經過數個星期。 Make it complex and more than 10 characters if you can.使複雜的,以及超過10個字,如果你能。 Also, try not to use words, make it a nice jumble of letters, numbers, and symbols.另外,盡量不使用的詞語,使之成為一個很好混雜的字母,數字和符號。 Also while you’re at it, go ahead and log into your hosting company’s site and change your password there for your account login and any control panel logins, like cPanel, etc.此外,當你在它,去進取,登錄到你的託管公司的網站,並改變你的密碼有你的帳戶登錄名和任何控制面板登錄,如cpanel等。

  3. Use SSH/Shell Access instead of FTP - This one is a big one! 使用ssh /殼牌准入而不是ftp的-這是一個大的一個! It’s not as easy to implement as the other two, but it’s probably the best tip out of all the others that I will list here.這就沒那麼容易執行,至於其他兩個,但它的大概是最好的端出來的,所有其他人,我會在這裡名單。 If someone gets a hold of your FTP login information (which is usually not encrypted and easy to get), they can manipulate your files and add spam to your site without you even knowing about it!如果有人得把握你的ftp登錄信息(這是通常不加密,而且易得) ,他們可以操縱你的檔案,並放入垃圾郵件給你的網站沒有你,即使明知它! Just read this story讀了這個故事 ! It’s actually best to disable FTP altogether if you can!它實際上是最好禁用的ftp完全,如果你能! Using SSH, everything is encrypted including the transfer of files, etc.使用ssh的,一切都是加密包括轉移檔案等。

  4. Install LoginLock plugin - This is a really cool plugin that will automatically block an IP address from trying to log into your Wordpress admin area after a certain number of attempts. 安裝loginlock插件-這是一個真正的酷插件會自動啟動,阻止一個i p地址試圖登錄到你的w ordpress的管理員區後,在一定次數的嘗試。 LoginLock loginlock will prevent bots from continuously trying different combinations to crack your account.將防止機器人從不斷嘗試不同的組合,以打擊你的帳戶。 This is very similar to how Windows works if you’re in a domain environment.這是非常相似如何窗口工程,如果你是在一個域環境。 The default locked out time is 1 hour.默認鎖時間是1小時。

  5. Create a blank index.html file in your /Plugins/ directory - By default, your Wordpress plugins folder is completely visible to anyone by going to 新建一個空白index.html文件,在你的/插件/名錄-默認情況下,你的w ordpress的插件文件夾是完全看得見的人去 http://www.domainname.com/wp-content/plugins . Go ahead and create a blank document in your favorite editor and save it as index.html and upload it to the plugins directory.落實新建一個空白文件,在你最喜歡的編輯器,並儲存為index.html ,並上傳到插件目錄中。 Now when you try to access it, you only get a blank screen.現在,當你試圖訪問它,你只得到了一個空白頁面。 This prevents hackers from finding out a security hole in one of your plugins.這防止黑客找到了一個安全漏洞是你們的插件。

  6. Block access to wp-admin folder using .htaccess - There is an article written Reuben that talks about how you can 阻止訪問可濕性粉劑管理員文件夾使用。 htaccess的 -有一篇文章r euben繼續談判,你如何能 protect your Wordpress admin folder保護您的wordpress的管理員文件夾 by allowing access to it from a defined set of IP addresses.允許進入,它從一個限定的ip地址。 Everything else will bring up a Forbidden error message.一切都無從談起,抓緊培養造就一支被禁止的錯誤信息。 So if you only access your blog from one or two places routinely, it’s worth implementing.因此,如果你只獲得你的博客,由一個或兩地定期進行的,這是值得推行。 Also, you’re supposed to create a new .htaccess file inside your wp-admin folder, not replace the one at the root of your blog同時,你應該創造一個新的。 htaccess的檔案裡面,你可濕性粉劑管理員文件夾,而不是取代其中的根源,你的博客

  7. Remove the version string from your header.php file - Of course, if you’re running version 2.0 and the current release is 2.3 AND your blog explicitly states that it’s at 2.0 on every page, it’s not going to be very hard for someone to find your vulnerable blog and attack it. 罷免版本字符串從你的header.php文件 -當然,如果你使用2 .0版和當前的發布版本是2 .3和你的博客中明確表示,它的在2 .0每一頁,它' s不打算很難有人找到你的脆弱博客和攻擊它。 The line looks like this: <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" />路線是這樣的: <梅塔姓名= "發電機"的內容= " wordpress的< ? php bloginfo ( '版' ) ; ? > " / >

  8. Block WP- folders from the search engines - There is no need to have all of your filesWordpress files indexed by Google, so it’s best to block them in your robots.txt file. 座可濕性粉劑-文件夾,從搜索引擎-有沒有必要有你的所有f ileswordpress檔案索引谷歌,所以這是最好的,以阻擋不了的,在你的r obots.txt文件。 Add the following line to your list: Disallow: /wp-*添加下面一行到你的名單: 不讓: /可濕性粉劑- *

Got any more tips you want to add?有沒有更多的小費,你想補充? Drop a comment!掉了評論! Thanks!謝謝!

Technorati Tags: technorati的標籤: , , ,

Bookmark, Share or Email this article. 書籤,分享或電郵這篇文章。

If you enjoyed this post, make sure you 如果你享受這個職位時,要確保你 subscribe to my RSS feed 訂閱我的rss飼料 !

» Filed Under »存檔下 Blogging博客

Related Posts相關職位

4 Responses to “8 Security Tips and Guidelines for your WordPress Blog”四反應, " 8安全提示和指引,為您的wordpress的博客"

  1. Jon Phillips jon菲利普斯 said on : 說: September 21st, 2007 at 2:56 pm 2007年9月21日在下午2時56分

    Great tip.偉大的小費。 Most of the time it’s not the software that poses the biggest security threat, it’s the user.大部分的時間,這已經不是軟件構成最大安全威脅,它的用戶。 People want to make passwords that are easy to remember, but when you have blog software that is widely used as Wordpress is, it doesn’t take a 1337人們希望,使密碼容易記住,但是當你有博客軟件,這是被廣泛用來作為wordpress的是,它不採取第1337 H@x0r h @ x0r to compromise it.妥協的。


  2. Siddharth siddharth said on : 說: September 21st, 2007 at 5:01 pm 2007年9月21日在下午5時01分

    Really nice articles thx for this真的好文章的thx本


    Pingbacks pingbacks
  1. Hey Wordpress Blogger, I Can See Your Plugins! 嘿wordpress的博客,我可以看到你的插件! Says: 內容為:

    […] who also told me about this issue. [ … ] ,他們還告訴我這個問題。 More tips on Wordpress security are available via Online Tech Tips).更多貼士wordpress的安全,可通過網上技術秘訣) 。 A very nice implementation of this solution can be seen at […]一個非常好的執行這一解決方案可以看出,在[ … ]

    October 11th, 2007 at 11:15 am 2007年10月11日上午11時15分
    2. Pingbacks pingbacks
  2. Great articles that should be read | My lucky number 13 偉大的文章認為,應該讀|我的幸運號碼13 Says: 內容為:

    […] 8 Security Tips and Guidelines for your WordPress Blog - Aseem Kishore […] [ … ] 8安全提示和指引,為您的wordpress的博客-a seem紀[ … ]

    October 31st, 2007 at 5:53 pm 2007年10月31日在下午5時53分
Please post your comments/suggestions!請後,你的意見/建議!