Update Date: october1,2016 WordPress security debate should end at one time. Despite all doubts, the WordPress core is undoubtedly one of the most secure platforms for deploying sites. period After january24,2013, no major vulnerabilities were found in the core of WordPress. That is to say, all the latest word press installed on all hosting companies on the Internet have not found any vulnerability in the core of word press. This is unprecedented in open source software. If so, it is reasonable. Sometimes it’s hard to ignore rumors. But I will try my best to study this problem and change everyone’s mind. I worked closely with the Dreamhost security team and spent most of my teenage years running in the hacker community in the Los Angeles wide area. I also want to spend my spare time installing and running exploits and attacks on my own website. I know everything about WordPress security. The
Before moving on to the follow-up topic of the joint responsibility security debate, I want to tell you how important it is to remember that security is a joint responsibility between you, users and WordPress. Word press will play that role, but you should also play your role. To ensure optimal security, site owners must take three simple but necessary steps. Always run the latest version, set strong passwords, and pay close attention to security. As long as you have these three options, the WordPress site will be locked, and you can rest assured. Let’s break it down separately. The
Run the latest version. The first and most basic step taken to protect the WordPress site is to always update to the latest release. Word press update process is simple and fast. You need help to fix security vulnerabilities. Whenever all new versions of word press are released, the details and vulnerabilities of the latest security bug fixes will be disclosed. After the update, the dashboard will be upgraded automatically. The old version of word press is no longer used because the latest security patches cannot be accessed. The same is true of plug-ins. The plug-in must be updated whenever a new version is available. If there are unused plug-ins, remove them from the dashboard. The
Please set a strong password. One of the most common mistakes people make about passwords in WordPress is that during installation, the WordPress administrator password generated by WordPress is actually very strong, so they think that the site can be protected from attacks. However, even if this particular password is strong, your site will not be fully protected now. To ensure password security, you must ensure that the ftp\/cpanel password in the domain is also strong. The ftp\/cpanel password of the domain is as important as the administrator password. If someone can access cPanel, the user can delete the word press database from cPanel > database >mysql database. No. The conclusion is that all entry points use strong passwords. In addition, the password must contain at least 12 characters, and it is recommended to change it occasionally. The
Another factor to consider is dual authentication. It sets the second layer of defense. Set as plug-in. My favorite two are clef two factor and Google authenticator. Pay attention to safety. There are a few things you can do as long as you are alert to safety. An excellent plug-in for security is the WP updates notifier. After installation and activation, WP updates notifier will detect core, plug-in or topic updates and notify users by email. teeth
