Security is an ongoing discussion for WordPress site owners with all technical expertise, but this can be a particularly difficult area for beginners. Security insiders are good at the difference between general attack vectors, but for Joe, it may just be a confused ocean of imperceptible threats. In this article, we will briefly analyze what the more general threats are actually about to fill the knowledge gap. We will focus on understanding the core from the perspective of ordinary people, rather than blinding you with front page text and white papers. We will also introduce several simple steps that can be taken by website owners to maintain security. The
However, before looking at the details, let’s briefly review the locations that are usually found to pose the greatest threat to site security. Security starts at home. Although the technical security system is becoming more and more perfect, it should be remembered that the main weakness of all systems actually lies in the people who run it. Before you focus too much on finding security flaws at the software level, make sure that you have a tight ship running on your team in terms of regular site access and procedures. In particular, password management must be correct with clear roles and responsibilities, because in fact, who has the right to install software such as themes or plug-ins. The
Finally, you may want to make sure that you have carefully studied the standard word press security guide word press security white paper and have generally read at least some of the historical background of word press security. For general security threats, the non expert guide omits some of these considerations for introduction, and analyzes several more common security threats that perplex the platform. Use the top 10 application security threats list of OWASP (open web application security project) as a general reference point, with special emphasis on three areas. The
Bubble! 1. it can be seen from OWASP’s customization of injection attacks: \
2. XSS (cross site script) attack is technically an injection attack, but XSS (cross site script attack) deserves separate consideration. Compared with the previous SQL injection example, the attack direction is the opposite by default. Padraic Brady provided an excellent and simple summary of the situation. \
3. the difference between XSS and CSRF is that
