10 Effective Methods to Lock down Your WordPress Website Against Hack Attacks

如果你有一个WordPress网站, there’s a good chance it’s under attack at this very moment by all manner of hackers, 网络钓鱼者, 恶意软件, 以及其他制造混乱的恶意企图. It’s not a matter of IF the cyber attack will come but WHEN. 你所要做的就是看看这些数字:

• 有超过2000万个活跃的WordPress网站
• 从2015年到2016年，黑客攻击次数增加了32%
• Neither of the preceding statistics is expected to decline

It doesn’t take a brainiac to realize that all WordPress站点 owners need to be thinking right now how to secure their website. Rather than regurgitate the same suggestions to install a plugin or two, we’re going to dig deeper and more directly into the heart of the matter.

The reality is that the actual WordPress framework is pretty secure out of the gate. The problem is when you start adding 3rd-party plugins, themes, and code customizations. You need a way to combat all the security holes this additional code creates.

Here are 10 Effective Methods to Lock Down Your Website Against Hack Attacks.

#1. 限制插件

It’s probably unrealistic to ask WordPress owners to refrain completely from 3rd-party plugins and themes, but at least delete the ones you’re not using and think very hard before adding any more. The 功能 and features available are almost irresistible but understand you increase the chances of a successful hack with each new installation.

#2. 远离海盗

撇开道德考虑不谈, downloading a premium plugin from a torrent or illegal site leaves you wide open to the malicious code that a hacker could easily have added. 当你把它安装在 WordPress站点你邀请了野蛮人到你家里来. 确定, it costs something to buy it directly from the developer, 但内心的平静是值得的.

#3. 定期更新

It’s a good idea to update your WordPress installation with each new version released. It’s so easy to do, and the people at WordPress will plaster a reminder all over your dashboard. 这样想. All the security flaws associated with an older installation are known to the general public, 包括黑客. 不要让他们的邪恶计划容易执行.

#4. 清除编辑器!

我知道这听起来很严重, but unless you’re the kind of developer who’s always tweaking plugins and theme code, 为什么不完全禁用这些编辑器呢? 原因很简单. Authorized WordPress higher-ups have access to these editors, 如果他们的账户被黑了, 你的马上就有危险了. 所需要的只是插入一小段代码 wp-config.php 文件如下:

define('DISALLOW_FILE_EDIT'， true);

#5. 跟踪仪表板活动

Whether it’s just you using the website or you have a team of editors and administrators, it’s a good idea to log keystrokes of what everyone is doing. The goal is not necessarily to catch bad people doing bad things, though that’s a benefit. The real gain here is to be able to track accidental missteps one click at a time to see what caused a breakage. 这个任务的一个伟大的插件是 WP安全审计日志.

下载 二维码

WP活动日志

开发人员: Melapress

价格: 免费的

#6. 终止PHP错误报告

A malfunctioning plugin or theme normally generates an error report. This seems like a good thing but can create a hole in your security if a hacker is able to view these reports that probably include a path that leads straight to your server. With that information, there’s no limit to the amount of trouble he or she could create. 最好完全禁用错误报告. 这是放入的代码 wp-config.php 文件:

error_reporting (0);

@ini_set (display_errors, 0);

#7. 修改登录页面地址

从标准重命名您的登录页面 www.websitename.com/wp-admin 这是一种未被充分利用但有效的挫败黑客的方法吗. 因为很多攻击都是自动化的, 蛮力变化, simply changing your login URL increases your security immensely. In case you have no clue how to accomplish this, check out either 锁定WP管理员 or any of the other popular WordPress security plugins.

下载 二维码

锁定WP管理员

开发人员: 肖恩·费雪

价格: 免费的

#8. 你的虚拟主机很重要

You can work your fingers to the bone-protecting your website against every cyber threat that rears its ugly head, but if your web host doesn’t take security as seriously, you might as well put a flashing HACK ME sign on your front page and supply login credentials to the world. Look for companies that are familiar with what a WordPress站点 needs and show a solid security track record.

#9. 不要忘记电脑更新

The third leg of the security triangle is the computer you use to access the Internet. Secure WordPress software and a security-minded web host won’t do you much good if your computer, 移动PC, or mobile device has security holes the size of Swiss cheese. Keep an eye peeled for operating system upgrades as well as software patches and (obviously) install a free anti-virus program like 停住 or AVG 运行常规的病毒和恶意软件扫描.

#10. 不要泄露作者用户名

By default, WordPress makes it easy for a hacker to find out each author’s username. Since the main author is often the administrator as well, you’re handing information to a bad guy or gal on a silver platter. 的几行代码 功能.php 文件将结束这个软件的弱点:

add_action(‘template_redirect’, ‘bwp_template_redirect’);
 bwp_template_redirect()函数
 {
 如果(is_author ())
 {
 wp_redirect( home_url() ); exit

最终的想法

The preceding WordPress security recommendations come with the caveat that you’ve already taken no-brainer actions like not using “admin” for a user name, 经常更改密码，使其变得复杂, 限制登录次数, 定期备份你的网站, and using a WordPress scanner to check the actual software for 恶意软件. 如果你做了这些, you’re ahead of the trusting masses who are lambs being led to the hacker’s slaughter. Implement them all and that makes you one smart cookie.

读也

你应该知道的DIY WordPress安全提示!

如何提高我的WordPress网站的安全性?

WordPress黑客风格你的博客主题

如何 学习一个被黑的WordPress网站

简单指南恢复你的黑客WordPress网站