Salto al soddisfare

9 sensi facili assicurare il vostro blog di WordPress

Blogging Sicurezza

Questo articolo descrive 9 sensi che differenti potete fissare il vostri blog/luogo di WordPress. La sicurezza è spesso una funzione trascurata di blogging, ma alcune cose assicurantesi di minuti sono latta sicura risparmi voi ore ed ore di `che riparano' se qualcuno decide scompigliare con il vostro luogo.

  1. Trasferisca ed installi dal sistema centrale verso i satelliti wp-dispositivo d'esplorazione plugin. Lo effettua controlli seguenti di sicurezza:
    1. Controllo di versione di WordPress (attualmente sostiene 7 controlli di versione). I rilasci futuri includeranno un controllo di versione di esistenza della lima, per quei blogs che hanno rimosso i loro particolari di versione.
    2. Verifica la mascherina di tema di WordPress a vulnerabilità di base di XSS
    3. Enumera i collegamenti di WordPress. I rilasci futuri effettueranno le prove supplementari in questa zona.
  2. Un altro plugin installare è Inizio attività LockDown. Registra il IP address ed il timestamp di ogni tentativo guastato di inizio attività di WordPress. Se più di un certo numbero di tentativi sono rilevati durante un periodo corto di tempo dalla stessa gamma del IP, quindi la funzione di inizio attività è disabled per tutte le richieste da quella gamma. Ciò contribuisce ad impedire la scoperta di parola d'accesso di forza bruta. È molto diretto e facile da usare - gli dò i pollici grandi in su.
  3. La mia sicurezza favorita di WordPress plugin è discutibilmente La parola d'accesso di AskApache protegge. Aggiunge un secondo strato di sicurezza al vostro blog richiedendo un username e una parola d'accesso accedere a qualche cosa nel dispositivo di piegatura di /wp-admin/. E fa quello automaticamente generando e selezionando tutte le giuste regolazioni per le lime di .htaccess e di .htpasswd (posizioni risparmi comprese), ma potete cambiare facilmente quelle regolazioni a qualche cosa che desideriate, che radrizziate dal vostro pannello di WordPress Admin.
  4. Da Presentazione opaca di Cutts - rimuova la modifica nel vostro header.php che visualizza la versione corrente di WordPress. È:

    <generatore„ content=„ WordPress del name=„ del meta <? bloginfo del php (' versione'); ?>„ />

    Or, you can just modify it so that the version number isn’t displayed, to something like

    <meta name=”generator” content=”Powered by WordPress” />

  5. Again, from Matt Cutts – put a blank index.html file in your /wp-content/plugins/ directory. By default, you can actually view the contents of this folder, so everyone in the world knows which plugins you have installed.
  6. I won’t bother with the “always use the latest version of WordPress” tip, because that’s just too obvious. However, I will mention that the Automatic Upgrade Plugin can keep your version of WordPress current, and you don’t have to do anything other than install it. I happen to prefer to upgrade WP manually, so I don’t use this one, but I’ve heard nothing but good things about it.
  7. If you have a ‘contact me’ page, make sure it’s a secure one. No one likes spam. Secure Form Mailer is great.
  8. Keep your web server updated. Though this isn’t WordPress specific, no matter how secure WordPress is, if there’s a vulnerability in your actual web server, it won’t matter. So keep an eye out for updates to your web server (ie. litespeed, Apache etc).
  9. Consider bookmarking http://blogsecurity.net (or subscribing to their RSS feed) – they have some great posts and provide info on insecure plugins etc as soon as they find out about them.

Posted in Blogging, Security.

24 comments

By Ross McKillop September 10, 2007

Related Posts:

Best of Blog Action Day
7 plugins to install immediately after WordPress
WordPress Plugin: MyTechnorati
How to easily install WordPress in a virtual environment
How to install WordPress on your Windows PC

24 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Webomatica says

    Cool… I just tried most of the above – the wp-scanner found something up with my search form. Fixed!

    September 14, 2007, 7:19 pm
  2. paul says

    wow, thanks so much for these. I hadn’t heard of any of those plugins and I work with WP a lot. I really like the AskApache plugin. thanks again!

    December 17, 2007, 7:35 am
  3. 鬼故事 says

    呵呵,帮顶!来听听鬼故事……

    June 13, 2008, 11:44 am
  4. 返利 says

    呵呵,帮你PP顶!也请来返利看看……

    June 14, 2008, 7:30 am
  5. the_guv says

    Well, some points are a little out of date now, with 2.7+.

    I’ve added a security video tutorial which hopefully makes a nice accompanyment to this piece, Ross.

    Must admit, I did include the one about updating to the latest version though! Plus some about my favorite security plugins…

    Video How-to: 10 Tips To Make WordPress Hack-Proof

    http://guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/

    February 24, 2009, 5:25 am
  6. about me says

    Of course, what a great site and informative posts, I will add backlink – bookmark this site? Regards, Reader.

    March 9, 2009, 5:15 am

Continuing the Discussion

  1. Iron Wil » Blog Archive » WordPress Protection - No, I don’t mean Maffia linked to this post on September 14, 2007

    [...] over at SimpleHelp has recently posted a “9 easy ways to secure your WordPress blog“. Personally, I am looking forward to implementing some of them in my own blogs. I [...]

  2. Site Update - Don’t panic we’re still here and working hard.. linked to this post on September 15, 2007

    [...] 9 easy ways to secure your WordPress blog [...]

  3. Link Sharing, 9/19/07 » Webomatica - Technology and Entertainment Digest linked to this post on September 19, 2007

    [...] 9 Ways To Secure Your WordPress Blog: A partial cure for Blog Paranoia. [...]

  4. 13 Ways I Protected My Blog From Attacks : Elaine Vigneault linked to this post on September 23, 2007

    [...] most of the recommendations in this recent article about blog security as well as this [...]

  5. RodeWorks » WordPress security — what you can do linked to this post on November 5, 2007

    [...] 9 easy ways to secure your WordPress blog – Simplehelp [...]

  6. Secure WordPress - How to prevent your blog from being hacked linked to this post on May 21, 2008

    [...] easy ways to secure your WordPress Blog http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/ WordPress Security White Paper [...]

  7. GUYA.NET » Blog Archive » My blog has been hacked linked to this post on June 16, 2008

    [...] 9 easy ways to secure your WordPress blog [...]

  8. 5 Useful WordPress Posts | Port 16 linked to this post on June 20, 2008

    [...] 9 Easy Ways to Secure your WordPress Blog – This time, a list about security. This list tells you how to lock it down a little more. [...]

  9. phipster » Blog Archive » Secure your Wordpress Blog linked to this post on July 18, 2008

    [...] 9 easy ways to secure your Wordpress blog. Go. Do it [...]

  10. The end of the 90DC for me - probably - Internet Marketing Forums linked to this post on September 8, 2008

    [...] sites. You have to take a few minutes to keep your sites out of their reach. Thsi article may help: 9 easy ways to secure your WordPress blog – Simple Help If you plan on sticking around, you have to get your own hosting. You can get unlimited domains [...]

  11. Step By Step Guide for WordPress Total Security (Hacker Free) what would you pay ? - Page 2 linked to this post on October 3, 2008

    [...] on securing your WordPress: WordPress Security Whitepaper 10 Ways to Secure your Wordpress Install 9 easy ways to secure your WordPress blog Bad Neighborhood – Login LockDown WordPress Security Plugin So I am going to vote $0. Want about [...]

  12. Check Your Wordpress Security | Online Marketing | Search Engine Marketing | SEO | PushON blog linked to this post on February 18, 2009

    [...] 9 Easy ways to secure Wordpress [...]

  13. How to Secure Your WordPress Website :: Christopher Ross linked to this post on March 2, 2009

    [...] Ross McKillop [...]

  14. Datensicherung für WP-Blogs? « Grautigers Spielwiese linked to this post on March 10, 2009

    [...] gibt’s doch einige Bugs”…) – Besser scheint mir, dieser Übersicht zu folgen: http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/ Miserable deutsche Übersetzung davon: [...]

  15. RodeWorks » Blog Archive » WordCamp Ed: Northeast Speaker Presentations linked to this post on April 24, 2009

    [...] 9 easy ways to secure your WordPress blog, SimpleHelp.net, Ross McKillop, 9/10/09, http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/ [...]

  16. 9 easy ways to secure your WordPress blog linked to this post on June 11, 2009

    [...] Read more: 9 easy ways to secure your WordPress blog [...]

  17. 9 easy ways to secure your WordPress blog – Simple Help « wp-popular.com linked to this post on July 1, 2009

    [...] See the original post: 9 easy ways to secure your WordPress blog – Simple Help [...]

  18. Configure the Settings on a WordPress Blog (Tutorial) linked to this post on July 7, 2009

    [...] 9 easy ways to secure your WordPress blog [...]



Some HTML is OK

or, reply to this post via trackback.