When I started working as a web designer and developer, the biggest problem was to let me work as I wished. I am (mostly) more worried about making it work as I expected. Making it look cool is one of my main goals when I finish a website. WordPress security is the most concerned issue. Hackers are what I read, not what I expected to happen to me. SQL injection, inter site scripting, privilege escalation and serious security vulnerabilities are just buzzwords in the technical news. But one day, when I heard that WordPress, which is actively used on Facebook feed, had a fatal weakness, my website security suddenly became very important. My credentials are not approved the next time I try to log in to my site. The
Most of my sites are compromised by vulnerabilities. But I was lucky. I took a careless precaution to ensure that my website would not be completely maliciously used. I changed my administrator user name. Hackers can’t log in, even though my site exploits the vulnerability. Your administrator user name is complex. What I know today is not the default \
Protect your site with WordPress’s best level 32 Security Checklist. Why are hackers interested in my website? In fact, it is very important to understand the logic and reasoning behind website hacking before you can understand in detail all the steps required for website security and WordPress hacking prevention. You may have the following questions: \
Hackers are interested in \
There is a framework for selling accidents on the online black market, which is easy to distribute malicious code through hacker websites. In essence, your website may become a party to criminal activities! In addition, there are other negative meanings. Your site can be used as a spam agent. Websites attacked and damaged by hackers are likely to damage the brand reputation. In addition to serious shame, hacked websites usually overwhelm the hosting server and cause the website to shut down. This usually results in a loss of business. The cost of recovering hacked websites can range from the very low cost of data being deleted \/ lost without recoverability (if there is a website backup) to full redevelopment. Do you think your website is too small to be attacked? Think again. The
The following word press Security Checklist is very helpful to protect the word press site from hackers. How can hackers find my website? On millions of Web sites available online, you may mistakenly assume that hackers are very unlikely to find your site and target it. In the end, your website is just a drop in the ocean of websites. Right? You made a terrible mistake. sun
Ker will not perform this operation manually. They hire yellow people to do dirty work. Well, actually it’s not a little yellow man. Their only real purpose is to find (robots) or vulnerable websites. The
These programs or scripts are usually run on the ECS, which can be set and destroyed at will, leaving little or no trace. The script uses the method of discovering hundreds of websites, if not thousands per hour. Buying scripts at a very low price and running them on low-cost cloud managed servers makes the \
WordPress and its plug-ins continue to find vulnerabilities. Therefore, WordPress security is very important to the health of the website. WordPress security: considering all the terrible content on the checklist in step 32, I want to determine whether you have all the knowledge you can get to fully protect the WordPress website. The following is a checklist of all the actions required to protect the WordPress site. This checklist is divided into two parts: The first part contains measures that everyone must absolutely implement. Most are basic, such as using strong passwords. The second part is the advanced measures for word press security, which is aimed at those who are paranoid about security. This is for the administrator who wants to lock the door, lock the door and lock the door. And the lock on the lock. The
Part I: steps everyone must take to protect the WordPress website \1:wordpress version is always up to date# 2: WordPress kernel do not change \3: ensure that all plug-ins have been updated \4: remove disabled or unused plug-ins \5: ensure that all topics are kept up to date \6: update topics only on official sources, Plug in and script installation \7: select a secure WordPress hosting service \8: confirm that your site is running the latest version of PHP \9: change the administrator user name \10: always use a strong password \11: do not reuse the password \12: prevent normal text password transmission, protect the password \13: reliable four Update sites on the network only \14: use local anti-virus \15: enable Google search console \16: bulletproof WordPress security plug-in WordPress security \17: recover from backup if all other methods fail
Part II: protect the WordPress website for a security monster. This is not a security monster in itself. These are some of the more advanced word press Security techniques, but usually you only need to know how to install plug-ins, how to adjust a few files around, and how to deal with the possibility of problems. If this happens, be prepared to restore the backup# 18: Restrict login attempts \19: enable dual authentication \20: verify that the file permissions are correct \21: change the default table prefix \22:wordpress has a secret authentication key set \23:php disable running \24:wordpress database separation \25: database user permission restrictions \26: disable file editing \27:wp config. PHP file protection \28:xml-rpc disabled (if not used) \29:php error reporting disabled \30: Firewall installation \31: use content transfer network firewall \32: security log monitoring WordPress security
Sound updates can be enabled. Important points Rae write\/f3bc81335177aef8d09cbb02e550b311 loading. This is WordPress. Available only for plug-ins ed from org. All commercial plug-in updates must be handled through their own update mechanism. Don’t be too lazy to update plug-ins. Keep the plug-in membership active to always receive the latest updates# 4: As the number of plug-ins installed by the disabled or unused plug-ins increases, the risk of discovering a vulnerability in one of the plug-ins also increases. Sometimes we forget to install plug-ins to test their functionality and then remove them from the site. If vulnerabilities are found in these plug-ins, your site will become sluggish (especially if you always update the plug-ins instead of following the above recommendations). Even if these plug-ins are not available when installed on the website, the website is still fragile. The safest way to minimize risk is to completely remove unused plug-ins. There is a very simple way to know which plug-ins are not being used. In the WordPress administrator’s plug-in section, it appears inactive. Delete. In addition, remove all plug-ins that are active but not actually used. Better yet, when testing plug-ins, do not test them on real-time sites. Instead, create a test copy of the site (separate from the local test server or field server). Please perform a plug-in test on this site instead of the live site# 5: Confirm whether all topics are up-to-date. The same logic applicable to the core update and plug-in update of word press also applies to topics. Protecting WordPress means that all themes must be updated to the latest version. Otherwise, the modified security vulnerability will become a problem for the site. Now you can consider all the changes you made to the theme and how those changes would stop if you performed a theme update. In fact, topic changes should be made through sub topics rather than directly changing the actual topic. This allows you to receive the latest changes and security updates without breaking the changes. If you want to relax completely, you’d better delete the topics you don’t use. Themes that need to be updated can be found in the shapes > themes section of the WordPress administrator. In addition, function. In the PHP file, change WordPress with the following: Org can also enable automatic background updates for topics. Important points Rae writes\/c910badb28a14aadafcd703e602e9de loading. This is WordPress. For themes ed from org. All commercial topic updates must be handled through their own update mechanism. Please keep your subscription active to receive all security updates. Note: WP config. PHP and functions. If you don’t like adjusting your PHP files, you can choose to use the word press plug-in advanced automatic update to activate all automatic background updates. With advanced automatic update, you can adjust the automatic update settings and activate all of the above# 6: Install themes, plug-ins, and scripts only on official sources. Sometimes, when time is difficult, compared with well-known websites, those brought from * coughing * may be tempted to \
Installed. This allows hackers to remotely control sites that use themes or plug-ins for malicious reasons. Are you going to give the money to a known liar? I wouldn’t think so. The same is true on your website. Don’t trust the \
You can also change the administrator user name by executing. Key points during raewrite\/ab92d3559f7d72dcce5d91f73badd848 loading, this fast and simple word press security technique may frustrate many simple hacker attempts# 10: When you always use a strong password, I like to provide them with personal information and divert my attention from the keyboard when I see the male and female clients enter the administrator password. But a few years ago, I was not careful to look away quickly enough when they entered the password. Disappointingly, I saw them enter the following: 123456 saying I’m afraid is underestimation. Another login and password combination I often come across (almost) makes people cry. This username and password combination is as follows: The administrator \/ administrator has a more serious reason to create a strong password besides that a person like me who looks on my shoulder will immediately pick up the password. Hackers know that humans tend to forget passwords and also tend to use simple passwords. Easy to guess password. They have a list of the most commonly used passwords, so they will use it profitably and try again and again. This is called indifference substitution cipher. Some people use this password, so it is essentially a number game. Therefore, always use a strong password. The following is an example of a strong password: Thizi5alongstr*ngbuzzw00rd$should all passwords be as complex as this? Maybe# 11: Do not reuse your password. You must not reuse your password at 10:5. Listen to you. Generally speaking, it is convenient to use a (strong) password. You don’t need to remember many passwords, but this is very wrong on many levels. Third, hackers know that this is human weakness. That is, if one of the accounts is corrupted, you can access all the remaining accounts. There are many password administrators who can create and securely store various passwords. These are positive recommendations. This is not just word press security. This is common sense# 12: It is a well-known fact (and a sad reality) that there are all kinds of interception for Internet traffic to prevent ordinary text password transmission and password protection. Sensitive data such as credit cards and passwords cannot be transmitted in unencrypted form. Data has many eyes (and analyzers). Use the following preventive techniques to protect passwords: Do not send passwords via email, chat, social networking, or other unencrypted transport formats. Implement HTTPS on the word press site (especially the back end) to ensure that passwords are not transmitted as plain text. In the article on how to use SSL and HTTPS on WordPress, you can learn everything about HTTPS implementation. Do not use regular FTP when accessing sites. Use SSH or FTPS. FTP protocol was created in the dark period of the Internet and is not safe to use. Passwords and files are transmitted in plain text and are not encrypted at all. In contrast, FTPS or Secure FTP actually encrypts data transmission through FTP. To do this, you must first set up the FTPS account on the managed server. Of course, passwords cannot be shared among users or saved in plain text no matter how convenient. The practice of logging in and sharing passwords faces security and responsibility# 13: Sometimes, we tend to take a convenient way to find free Internet Wi Fi as a gift from God. But paranoid security monsters (like me) are on unreliable networks,
I want to update, so I tend to shiver. Open Wi Fi connections are very easy to listen to. By visiting the WordPress administration site from an unreliable network, you can get much more than you think you can get. Update sites only on reliable networks such as home and office# 14: Use local anti-virus to imagine that you are a computer virus sitting on a desktop workstation. Just a moment, please. Remember that the primary goal of a virus is to spread as widely as possible. There is no better way than to copy the virus to the website. Pretty handsome? This is a tactic widely used by viruses. Many workstations are infected at any time. Many of these workstations are used by WordPress administrators. Is the worst combination The virus on the desktop will spread rapidly, leading to site infection. In addition, you can listen for passwords, credit cards, and other personal information. Make sure you are running the updated excellent anti-virus software to prevent the local workstation from being infected and spreading to the website# 15: Enabling the Google search console is not a strict WordPress security recommendation, but to enhance WordPress security, you can improve the steps you have taken. Google and other search engines are interested in checking websites for malware. Therefore, if the website starts hosting malicious files, the Google search console will notify you. This is not an ideal situation where your site has been attacked by hackers. However, instead of taking measures to prevent your WordPress site from being attacked by hackers, it is better to detect malware on your site. This can solve the following problems: As soon as possible. Male Google search console is a free service provided by Google to help monitor and maintain the existence of the website# 16: As a bulletproof WordPress security plug-in, many steps of WordPress security maleallogeneic crystal are not simple. They may also need to make some technical changes to the WordPress website to blow up WordPress rather than protect it. But we covered you up. Defender is a simple and reliable way to protect the text imprinter with little or no user effort. Our security plug-in can identify all word press security issues that currently affect your website and provide a solution guide. Defender thinks this is one of the best choices for people familiar with wpmudev, but there are many other options for word press security. The two most popular options are Sucuri and wordfence. It works very differently. The former is a completely cloud based solution that can connect to firewalls and CDNs, while the latter actually runs directly on the site (plug-ins). We are collectionray Com has examined these two situations. If you want to make a choice based on the information, please refer to the relevant articles. Male defender searches the website for vulnerabilities through one click. After fixing the problem, you can also run a scan to check the topic or plug-in for known vulnerabilities. In this way, you can take measures to solve these problems before they become the main problems of the site. In addition to installing defender for the first time, you can also schedule regular inspections of the website. If you are like me, one day you will be crazy about WordPress security, but if you are busy with your work, the security will go backstage. Automatic scanning prevents word press security from loosening. Blacklist monitoring and alerts, vulnerability reporting and customization
. They will also jump out of the folder and look for ways and means to mess up the rest of the site. Typically, files must have permissions of 644 and folders must have permissions of 755. WP config PHP files must have 400 or 440 permissions. If others say different things to you, please be very careful. My proposal is to stop trading with another proposer. How to determine valid file permissions? The defender mentioned above is a word press security plug-in, which can check and modify file permissions as needed# 21: the prefix of the default table has been changed. This is another remnant of previous versions of WordPress. Previously, the WordPress table name of the database began with the prefix wp_. Although this is no longer the default behavior, some people still prefer to return to this (unsafe) convention, but of course previous versions still need to make a living from it. Strictly speaking, this is WordPress security implemented through obfuscation, but if you change the table name with a different prefix in wp_, you can still prevent some attempted SQL injection attacks. Renaming an existing wp_; table can only be performed by trusted WordPress developers# 22:wordpress confirms whether the secret authentication key androg WP config is set. You may find these 8 WordPress security and authentication keys in your PHP file and wonder what they are. You may never have seen or heard of them. As follows: Automatically generated word press security key. Essential, these are random variables that are used to make it harder to guess or crack your WordPress passwords This is because it adds an element of randomness to the way that passwords are stored in your database which makes them much harder to crack by brute force Although most self hosted sites do not have these in place, you should actually implement them This is a relatively easy procedure: 1 Generate a set of keys using the WordPress random generator 2 Edit your wp Config file and in the authentication unique keys section you should find a place where to add the unique keys generated in step 1 do not share or make these keys publicly available It defeats their purpose# 23: disable PHP execution androg one of the first things a hacker would do if they got some kind of access to your site would be to execute PHP from within a directory But if you were to disable this, even if a vulnerability exists on your WordPress website, this protection would seriously crimple the rest of a hacker’s attempts to take over your site This is quit a strong WordPress security step and may break some themes and plugins that might requ
Nistrators have the rights to edit PHP files Once your website has been developed and is live, you’ll have much less need to edit these files However, allowing administrators to edit files is a security issue This is because if a hacker manages to login to your site, they’ll immediately have edit privileges and they’ll be able to change files to suit their malicious needs You can (and should) disable file editing for WordPress administrators after your website goes live through the following command in the WP config PHP file: loading gist raewrites\/ea5715f5c66184b0088c6b1a7d42af7d \27: secure your WP config PHP file androg if your WordPress files were to be analytical to the human body, the WP config PHP file would be the heart I won’t go into too much detail about WP config PHP here – we’ve already covered it quite extensibly in the WordPress WP config file: a comprehensive guide But the fact that it stores such important stuff such as the login details for the database used with your WordPress installation, hashing password sals and other important configuration settings, supply to say this file is very important Clearly, you don’t want anyone poking around this file I strongly recommend implementing specific security measures to safeguard this critical WordPress configuration file There are disagreements about whether this file should be moved away from its root location, however, most agree this file must be secured If you have’t already implemented step \23 above (disable PHP execution), then you can add the following to your Htaccess files: loading gist raewrites\/c7246edad57d441356b8914b5c366db9 \28: disable XML-RPC (if you are’t using it) malewordpress provides the ability for an application to access it remotely via what is known as an application programming interface (or API) This means that applications can access your site (for benefit reasons) A typical example of usage of the XML-RPC is if you are using a mobile application to update your sit
Ing plugin to keep regular audit logs Keeping WordPress secure this ultimate WordPress Security Checklist might give you a bunch of work if you haven’t much thought to securing your WordPress website before The good thing is that these steps don’t require a lot of effort to become part of the process of creating a website WordPress security is something to be taken seriously Hack attacks have become the norm Your website is probably under attack right now OK, so you might not put all of the above in place, but the more of these WordPress security measures you put in place the better Because would’t you rather be safe than sorry? Which of the following steps did you perform to protect the WordPress site? Please share your scores below! Don’t forget to the 32 step PDF checklist. Label: text printing security
