WordPress security is often referred to as \
This article will focus more directly on how to protect site administrators, and in particular how to avoid repeated discussions in all lists. Because security is very important. Did you know that 73% of the popular websites using WordPress in 2013 were considered \
With this in mind, today we will discuss 12 ways to protect the back end of the site to ensure the security of your information (and customers’ information). As I just said, I will not discuss the security solutions that are more generally referenced here. But please list them at least in case the reader of this article is not proficient in word press. Even WordPress experts can refer to this list to help implement security policies on the site. Keep WordPress up to date. Very simple things can have a significant impact on site security. Log in to the dashboard, click the updatable banner each time it displays, and then update the site. If you are worried about fragmentation, please back up before installation. The important thing is that you do it regularly. Information about security vulnerabilities modified in earlier versions will now be made public. This means that old sites are more vulnerable. The
Keep plug-ins and themes up to date. Plug ins and themes should also be updated, just as WordPress core is updated regularly. Each plug-in and theme installed on the site is the same as the back door of the site administrator. Unless properly protected (thorough investigation, regular updates, etc.), plug-ins and themes are like open doors. Remove unused plug-ins or themes. If you remove unwanted plug-ins or themes according to the ideas listed above, the possibility of hacking will be reduced. If you do not use it, you do not want to update it, so it is better to delete it. Read: disabling the plug-in is not enough. In fact, you must click delete. The
plug-ins and themes only from known sources. If you can, WordPress. ing plug-ins and themes from org is actually the best way. This is because the topic directory or plug-in directory will be thoroughly checked before it is allowed. If you need advanced themes or plug-ins, just them from well-known sources such as themeforest or the websites of respected developers. Change file permissions. Do not use 777 permissions to configure directories. WordPress Org says you should choose 755 or 750 instead. Over there
Set the file to 640 or 644, WP config. Set PHP to 600. The
Do not use \
The password is very powerful because it specially handles the next version of word press 4.3. Ensure that the user has a strong username and password. There is no problem with creating a good user name and password, but if the user does not create it, personal efforts will not be a problem, and the site will become equally vulnerable. Add step 2 validation. A really good way to prevent indiscriminate college entrance examination attacks is to set up two-level authentication. This means that you need a password and a verification code sent to your mobile phone to log in to your website. The second login code is often sent via SMS. You can add this functionality using multiple plug-ins, including clef, Google authenticator, and duo 2-phase authentication. The
Install a firewall on your computer. An additional step. Yes, but it’s easy to do. Once installed, it will provide another layer of protection against hackers and security vulnerabilities. Several firewall software providers to be confirmed include Comodo, Norton Internet Security and ZoneAlarm free firewall. Restrict login. Indiscriminate attack is a hacker’s tactic \1. If allowed, attempts to log in to the site will continue until decryption. Because the fierce attack is merciless, it is called the reason of \
Restrict user access. Sometimes, this is a very simple reason to grant access to people whose site is too secure. Based on experience, it is recommended that only the necessary people be granted access and only the minimum permissions to complete the assigned tasks be granted. Granting administrative rights to all participants will only cause problems. Backup site. I just don’t mean occasionally. I mean according to the expected schedule. Retaining a backup is an essential part of all site security policies because it can easily be restored to the pre corruption version if the site is damaged. Choose an automated solution, such as vaultpress, blogvault, backupbuddy, or WordPress backup, with simple backup and built-in restore options. The
Check the authenticity of the topic and perform a secure search. WordPress must also install a scanner, just like installing anti-virus software on a computer, to identify malware. The security scanner will check the plug-ins, core files and plug-ins for malicious code to ensure that there are no changes. There are several scanners to consider, including Sucuri sitecheck, codeguard, theme authentication checker, and antivirus. Now, we have summarized the relevant knowledge of WordPress website security,
You can move to unexpected parts and more ambiguous parts. The
But first is the function. You must create a subtopic before changing the PHP file. 1. reduce the use of plug-ins: as far as I know, it has been mentioned in the above list to delete plug-ins and themes that do not use plug-ins. It is worth noting, however, that you must strive to limit the total number of plug-ins installed from scratch. To ensure site security, note the conditions used to select the plug-in. This is not just about security. Site speed and performance are also important. If too many plug-ins are used to load the site, the speed may be greatly reduced. Therefore, if the site can work without a specific plug-in, skip. Alternatively, in the required features list, find the plug-in that selects multiple items. The fewer plug-ins, the less chance hackers will have to access your information. How many plug-ins do you really need? 2. do not high-end plug-ins for free. Although you fully understand what a business person with a budget is like, it is a bad idea to try to high-end plug-ins from other places instead of where they are officially sold. In any case, ing illegally copied plug-ins is a lame duck. However, if more suppression measures are required, malware will usually be damaged when fully legitimate plug-ins arrive at illegal sites. In other words, an excellent advanced plug-in contains excellent code. Now it is the way for hackers to directly connect to the back end of the site. And for what? Because you want to save money quickly. The illegal version of advanced plug-ins usually contains malicious code. Skip illegal and torren. Don’t do it. 3. considering the automatic core update, I have talked about the importance of updating the WordPress installation every time a new version is released, but it must be repeated. In fact, if you are running WordPress earlier than the latest version, the security flaws of all running versions are well known. In other words, hackers also have the corresponding information, which can be used to attack websites. However, updating the site may not be enough. This is especially true if the site is not maintained regularly. In this case, the more automated these tasks are, the better. Although not for everyone, automatic updates are a good option for those who want easier access to site management but want a secure site. Small updates are installed automatically, but major updates still need to be approved. After WordPress 3.7, minor WordPress updates will occur automatically. However, major updates still require approval. But WP config. You can configure your site to insert a little code into your PHP file to automatically install major core updates. This has not become easy. As long as it is inserted into the file, a major core update occurs in the background without approval. Loading summary 1ae341a8798f8bd 90436, but especially when running plug-ins or themes that are incompatible with the latest version, automatic updates may damage the site. If you still do not log in to the site regularly, setting up automatic updates may be risky. Male 4 Set the plug-ins and themes to update automatically. Now I realize that this is not for everyone, but it is worth mentioning anyway. Typically, plug-ins and themes are items that need to be updated manually. Eventually, updates will be released at different times. However, if you are not the person who regularly maintains the site, you can configure automatic updates to keep all content up to date without immediate intervention. Of plug-ins and themes
The New York Times reported that 41% of the text news websites were hacked because of the host’s own security vulnerabilities. In other words, measures must be taken for the custody plan as soon as possible. To use shared hosting, ensure that account isolation is included in the plan. This prevents the site of others on the server from affecting your site in any way. However, I think it would be a better idea to use the service provided directly to WordPress. Management hosting providers that are specifically responsible for WordPress are more likely to include WP firewalls, the latest PHP and MYSQL, regular malware checks, servers designed to run WordPress, and customer service teams inside and outside who are familiar with WordPress. Check the managed word press hosting in wpmu dev to ensure that the dedicated managed word press hosting is secure and can meet all requirements. 12. when the computer is also kept up-to-date, hackers may visit the site due to security vulnerabilities in the computer. The best way to prevent this is to keep your computer up to date. After the software patch is released, please install it. Try your best to upgrade the new operating system as soon as possible. Don’t forget to keep the computer up to date. Also, please use anti-virus software regularly. You can run free anti-virus software, such as avast, panda free antivirus, Comodo or AVG, to check and remove viruses or malware on your computer. Protecting the final word press site is more than just installing and leaving the security plug-in. It has the subtle color of creating a complete strategy. Some people knew it before, but some people hope it is a new discovery. Sometimes, deciding the difference between a normal security policy and a good security policy is an unexpected and simple thing. What do you do to protect WordPress sites? Did you miss the details that you thought were important? Please scream freely in the comments below. Labels: administrator text imprint security
