10个简单的技巧来保护您的WordPress网站免受黑客攻击

文章作者:WHSR客人
  • 安保
  • 更新:Oct 13,2020

Having your site hacked can be one of the worst nightmares of all website owners.网站遭到黑客入侵可能是所有网站所有者最糟糕的噩梦之一。 Being open-source and the most popular content management system (CMS) in the industry (accounting for作为开源和业界最受欢迎的内容管理系统(CMS) 38.1%的网站),WordPress比其他漏洞更容易受到攻击。

其实你知道吗 近90,000万次攻击 on WordPress sites every other minute?每隔一分钟在WordPress网站上显示一次? This can be quite the cause for concern for many site owners, to say the least.至少可以说,这可能是引起许多网站所有者关注的原因。 Fortunately, many easy-to-perform fixes can safeguard your e-commerce site from attacks.幸运的是,许多易于执行的修复程序可以保护您的电子商务网站免受攻击。

为了节省您的麻烦,您可以通过以下十种方法来保护WordPress网站免受黑客攻击。

1.选择优质的托管服务提供商

You can consider your web host as the street on which your website lives.您可以将您的虚拟主机视为您的网站所在的街道。 The reputation and security of the host determine how secure your website is.主机的信誉和安全性决定了您网站的安全性。 As a rule of thumb, consider a quality web host who continually updates their services and tools.根据经验,可以考虑一个不断更新其服务和工具的优质Web主机。

Additionally, make sure that the host offers 24/7, 365 days a year support.此外,请确保主机一年XNUMX天,每天XNUMX/XNUMX提供支持。 That way, you will have the needed assistance in case things don't go well.这样,万一事情进展不顺利,您将获得所需的帮助。 Try staying away from cheap hosting providers as, in most cases, they might尽量远离廉价的托管服务提供商,因为在大多数情况下,它们可能 在质量和安全性上妥协.

Tip: Want to know who's hosting your favorite website?提示:是否想知道谁在托管您喜欢的网站? Use the site checker tool at WHSR to reveal infrastructure and web technology information of any website.使用WHSR的站点检查器工具可以显示任何网站的基础结构和Web技术信息。
Tip: Want to know who's hosting your favorite website?提示:是否想知道谁在托管您喜欢的网站? Use the site checker tool at WHSR to reveal infrastructure and web technology information of any website.使用WHSR的站点检查器工具可以显示任何网站的基础结构和Web技术信息。

2。 保持您的网站更新

Regularly updating your website can increase its performance and reduce the chances of security breaches.定期更新您的网站可以提高其性能,并减少安全漏洞的可能性。 Ideally, it's a good practice to keep tabs on available updates every month.理想情况下,最好每月保持一次可用更新的标签。

要检查最新更新,请转到信息中心上的“更新”菜单。

3.远离空主题

保护您的WordPress网站免受黑客攻击的有效方法之一是明智地选择主题。

Although free themes can get you started for “free,” they have lesser options and customizability as compared to premium themes.尽管免费主题可以使您从“免费”入手,但与高级主题相比,它们的选项和可定制性要差一些。 Additionally, premium themes undergo multiple WordPress checks before they are presented to you and guarantee full support from the developers.此外,高级主题在提交给您之前会经过多次WordPress检查,并保证开发人员的全力支持。

To save a few bucks, getting a cracked version of premium themes available via illegal means might seem tempting.为了节省一些钱,通过非法手段获得高级主题的破解版本似乎很诱人。 But the very act can但是这种行为可以 使您的网站处于高风险。 These themes may contain malware that can exploit your database within seconds.这些主题可能包含恶意软件,可以在几秒钟内利用您的数据库。 Stay away from such themes by all means.务必远离此类主题。

4.保护wp-config.php文件

wp-config.php文件包含有关WordPress安装的重要信息,并且是网站根目录中的基本文件之一。 To make the file inaccessible for the hackers, try moving it to a higher level than your root directory.要使黑客无法访问该文件,请尝试将其移到比您的根目录更高的级别。

5.切换到HTTPS

HTTP是一种协议,可以在任何浏览器和您的网站之间传输信息。 However, it had some security flaws and was susceptible to data interception by hackers.但是,它存在一些安全漏洞,容易受到黑客拦截。

HTTPS解决了与HTTP相关的安全问题,并保护了您的网站处理的敏感客户信息。 To switch to HTTPS, you'll first require an要切换到HTTPS,您首先需要 SSL / TLS证书。 Even though most web hosting providers deliver SSL certificates, you can quickly get one online.即使大多数网络托管提供商都提供SSL证书,您也可以快速获得一个在线证书。

6.小心您添加的插件

Although readily available plugins are an attractive feature of WordPress, it can be disastrous if you opt for the wrong ones.尽管现成的插件是WordPress的一项吸引人的功能,但是如果您选择了错误的插件,则可能会造成灾难性的后果。 Developers with the least experience in building plugins may end up creating insecure and unreliable ones.在构建插件方面经验最少的开发人员可能最终会创建不安全且不可靠的插件。

To ensure you choose the right set of plugins, always look into their customer reviews, number of downloads, and whether they are frequently updated.为确保您选择正确的插件集,请始终查看其客户评论,下载次数以及是否经常更新。 You can also visit the您也可以访问 WPScan WordPress漏洞数据库进攻安全的漏洞利用数据库存档 检查插件是否易受攻击。

此外,养成定期更新插件和网站主题的习惯。

7.禁止文件编辑

If a hacker obtains admin access, one of the first things they'll do is modify or delete your website files.如果黑客获得管理员访问权限,他们要做的第一件事就是修改或删除您的网站文件。 By files, we mean any files relating to your WordPress installation, granted the hackers gain administrator access.所谓文件,是指与黑客安装有关的任何文件,只要黑客获得管理员访问权限即可。

To stop this from happening, you can disallow file editing so that no one will be able to edit any of the files.要阻止这种情况的发生,您可以禁止文件编辑,以使任何人都无法编辑任何文件。 For that, towards the end of the wp-config.php file add:为此,在wp-config.php文件的末尾添加:

define('DISALLOW_FILE_EDIT',true);

8.限制登录尝试

By default, WordPress websites allow users to perform login attempts multiple times.默认情况下,WordPress网站允许用户多次执行登录尝试。 Although this can be a life-saver when you're struggling with remembering your password, it is an opportunity for hackers to damage your website to irreparable levels.尽管这在您记住密码时可能会节省很多时间,但它为黑客提供了将您的网站损坏到无法修复的水平的机会。

Try limiting the login attempts to a healthy number, and you may save the hassle of being hacked.尝试将登录尝试次数限制为正常数值,这样可以避免被黑客入侵的麻烦。 You can use a plugin like您可以使用类似的插件 登录锁定, 限制登录尝试重新加载, 或 WP限制登录尝试 记录每次失败登录尝试的IP地址并限制尝试次数。

9.更改管理员用户名

During the WordPress installation, most site owners may stick to using the administrator username as “admin”.在WordPress安装期间,大多数网站所有者可能会坚持使用管理员用户名作为“ admin”。 Hackers are fully aware of such instances and will then have to focus on finding just the password.黑客充分意识到了这种情况,然后将只专注于查找密码。

Make sure you never use “admin” in any of the usernames.确保不要在任何用户名中使用“ admin”。 Additionally, while choosing an admin username and password, stay away from easy-to-guess names and use something completely unrelated and unguessable.此外,在选择管理员用户名和密码时,请避免使用容易猜测的名称,并使用完全无关且不可猜测的内容。 If it's too hard to memorize, write it down somewhere or use a password manager.如果很难记住,请将其写下来或使用密码管理器。

10.使用WordPress安全插件

Regularly checking your website for malware can be time-consuming, let alone tiring, especially if you have minimal coding knowledge.定期检查您的网站上的恶意软件可能很耗时,更不用说累人了,特别是如果您对编码的知识很少。 Fortunately, there are numerous WordPress security plugins available that will scan and monitor your website 24/7.幸运的是,有许多可用的WordPress安全插件可以XNUMX/XNUMX全天候扫描和监视您的网站。 Sucuri, Wordfence, Jetpack的安全忍者 是WordPress安全插件的出色示例。

底线

WordPress专家日新月异地发现较新的漏洞,要完全保护自己免受黑客攻击是一项挑战。 However, these ten great ways to protect your WordPress website from hackers can undoubtedly reduce the chances of your site being hacked due to common vulnerabilities.但是,这十种保护WordPress网站免受黑客攻击的好方法无疑可以减少您的网站由于常见漏洞而被黑客入侵的可能性。

定期更新和监视您的电子商务网站尤为重要,因为遭到黑客入侵的网站将花费数小时甚至数天的时间来试图消除损害。


关于作者:塞缪尔·格里菲斯(Samuel Griffith)

Samuel Griffith是一位经验丰富的Web开发人员和创始人 SamBuildsSites.com。 He has gained his expertise in Web Hosting, Content Management, Website Design, and Development.他在网络托管,内容管理,网站设计和开发方面获得了专业知识。 His insights on the latest happenings in the tech industry have been featured in some of the popular blogs on the internet.他对技术行业最新动态的见解已在互联网上一些流行的博客中发表。 He helps his clients build their dream website.他帮助客户建立理想的网站。

关于WHSR嘉宾

本文由客座撰稿人撰写。 以下作者的观点完全是他或她自己的观点,可能无法反映WHSR的观点。