Faixa clara ao índice

9 maneiras fáceis fixar seu blog de WordPress

Blogging Segurança

Este artigo esboça 9 maneiras que diferentes você pode fixar seus blog/local de WordPress. A segurança é frequentemente um aspecto negligenciado de blogging, mas algumas coisas certificando-se dos minutos são lata segura excepto você horas e horas do `que reparam' se alguém se decidir mess com seu local.

  1. Download e instale wp-varredor plugin. Executa-o verificações seguindo da segurança:
    1. Verificação da versão de WordPress (suporta atualmente 7 verificações da versão). As liberações futuras incluirão uma verificação da versão da existência da lima, para aqueles blogs que removeram seus detalhes da versão.
    2. Testa o molde do tema de WordPress para vulnerabilities básicos de XSS
    3. Enumerates encaixes de WordPress. As liberações futuras executarão testes adicionais nesta área.
  2. Outro plugin para instalar é Início de uma sessão LockDown. Grava o IP address e o timestamp de cada tentativa falhada do início de uma sessão de WordPress. Se mais do que um determinado número de tentativas forem detectadas dentro de um período de tempo curto da mesma escala do IP, a seguir a função do início de uma sessão é disabled para todos os pedidos dessa escala. Isto ajuda impedir a descoberta brute da senha da força. É muito direto e fácil usar-se - eu dou-lhe os polegares grandes acima.
  3. Arguably minha segurança favorita de WordPress plugin é A senha de AskApache protege. Adiciona uma 2a camada de segurança a seu blog requerendo um username e uma senha alcançar qualquer coisa no dobrador de /wp-admin/. E faz aquele automaticamente criando e escolhendo todos os ajustes direitos para as limas de .htpasswd e de .htaccess (posições de salvaguarda including), mas você pode fàcilmente mudar aqueles ajustes a qualquer coisa que você quer, endireita de seu painel de WordPress Admin.
  4. De Apresentação Matt de Cutts - remova o Tag em seu header.php que indica a versão atual de WordPress. É:

    <gerador” content=” WordPress do name=” do meta <? bloginfo do php (' versão'); ?>” />

    Or, you can just modify it so that the version number isn’t displayed, to something like

    <meta name=”generator” content=”Powered by WordPress” />

  5. Again, from Matt Cutts – put a blank index.html file in your /wp-content/plugins/ directory. By default, you can actually view the contents of this folder, so everyone in the world knows which plugins you have installed.
  6. I won’t bother with the “always use the latest version of WordPress” tip, because that’s just too obvious. However, I will mention that the Automatic Upgrade Plugin can keep your version of WordPress current, and you don’t have to do anything other than install it. I happen to prefer to upgrade WP manually, so I don’t use this one, but I’ve heard nothing but good things about it.
  7. If you have a ‘contact me’ page, make sure it’s a secure one. No one likes spam. Secure Form Mailer is great.
  8. Keep your web server updated. Though this isn’t WordPress specific, no matter how secure WordPress is, if there’s a vulnerability in your actual web server, it won’t matter. So keep an eye out for updates to your web server (ie. litespeed, Apache etc).
  9. Consider bookmarking http://blogsecurity.net (or subscribing to their RSS feed) – they have some great posts and provide info on insecure plugins etc as soon as they find out about them.

Posted in Blogging, Security.

24 comments

By Ross McKillop September 10, 2007

Related Posts:

Best of Blog Action Day
7 plugins to install immediately after WordPress
WordPress Plugin: MyTechnorati
How to easily install WordPress in a virtual environment
How to install WordPress on your Windows PC

24 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Webomatica says

    Cool… I just tried most of the above – the wp-scanner found something up with my search form. Fixed!

    September 14, 2007, 7:19 pm
  2. paul says

    wow, thanks so much for these. I hadn’t heard of any of those plugins and I work with WP a lot. I really like the AskApache plugin. thanks again!

    December 17, 2007, 7:35 am
  3. 鬼故事 says

    呵呵,帮顶!来听听鬼故事……

    June 13, 2008, 11:44 am
  4. 返利 says

    呵呵,帮你PP顶!也请来返利看看……

    June 14, 2008, 7:30 am
  5. the_guv says

    Well, some points are a little out of date now, with 2.7+.

    I’ve added a security video tutorial which hopefully makes a nice accompanyment to this piece, Ross.

    Must admit, I did include the one about updating to the latest version though! Plus some about my favorite security plugins…

    Video How-to: 10 Tips To Make WordPress Hack-Proof

    http://guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/

    February 24, 2009, 5:25 am
  6. about me says

    Of course, what a great site and informative posts, I will add backlink – bookmark this site? Regards, Reader.

    March 9, 2009, 5:15 am

Continuing the Discussion

  1. Iron Wil » Blog Archive » WordPress Protection - No, I don’t mean Maffia linked to this post on September 14, 2007

    [...] over at SimpleHelp has recently posted a “9 easy ways to secure your WordPress blog“. Personally, I am looking forward to implementing some of them in my own blogs. I [...]

  2. Site Update - Don’t panic we’re still here and working hard.. linked to this post on September 15, 2007

    [...] 9 easy ways to secure your WordPress blog [...]

  3. Link Sharing, 9/19/07 » Webomatica - Technology and Entertainment Digest linked to this post on September 19, 2007

    [...] 9 Ways To Secure Your WordPress Blog: A partial cure for Blog Paranoia. [...]

  4. 13 Ways I Protected My Blog From Attacks : Elaine Vigneault linked to this post on September 23, 2007

    [...] most of the recommendations in this recent article about blog security as well as this [...]

  5. RodeWorks » WordPress security — what you can do linked to this post on November 5, 2007

    [...] 9 easy ways to secure your WordPress blog – Simplehelp [...]

  6. Secure WordPress - How to prevent your blog from being hacked linked to this post on May 21, 2008

    [...] easy ways to secure your WordPress Blog http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/ WordPress Security White Paper [...]

  7. GUYA.NET » Blog Archive » My blog has been hacked linked to this post on June 16, 2008

    [...] 9 easy ways to secure your WordPress blog [...]

  8. 5 Useful WordPress Posts | Port 16 linked to this post on June 20, 2008

    [...] 9 Easy Ways to Secure your WordPress Blog – This time, a list about security. This list tells you how to lock it down a little more. [...]

  9. phipster » Blog Archive » Secure your Wordpress Blog linked to this post on July 18, 2008

    [...] 9 easy ways to secure your Wordpress blog. Go. Do it [...]

  10. The end of the 90DC for me - probably - Internet Marketing Forums linked to this post on September 8, 2008

    [...] sites. You have to take a few minutes to keep your sites out of their reach. Thsi article may help: 9 easy ways to secure your WordPress blog – Simple Help If you plan on sticking around, you have to get your own hosting. You can get unlimited domains [...]

  11. Step By Step Guide for WordPress Total Security (Hacker Free) what would you pay ? - Page 2 linked to this post on October 3, 2008

    [...] on securing your WordPress: WordPress Security Whitepaper 10 Ways to Secure your Wordpress Install 9 easy ways to secure your WordPress blog Bad Neighborhood – Login LockDown WordPress Security Plugin So I am going to vote $0. Want about [...]

  12. Check Your Wordpress Security | Online Marketing | Search Engine Marketing | SEO | PushON blog linked to this post on February 18, 2009

    [...] 9 Easy ways to secure Wordpress [...]

  13. How to Secure Your WordPress Website :: Christopher Ross linked to this post on March 2, 2009

    [...] Ross McKillop [...]

  14. Datensicherung für WP-Blogs? « Grautigers Spielwiese linked to this post on March 10, 2009

    [...] gibt’s doch einige Bugs”…) – Besser scheint mir, dieser Übersicht zu folgen: http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/ Miserable deutsche Übersetzung davon: [...]

  15. RodeWorks » Blog Archive » WordCamp Ed: Northeast Speaker Presentations linked to this post on April 24, 2009

    [...] 9 easy ways to secure your WordPress blog, SimpleHelp.net, Ross McKillop, 9/10/09, http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/ [...]

  16. 9 easy ways to secure your WordPress blog linked to this post on June 11, 2009

    [...] Read more: 9 easy ways to secure your WordPress blog [...]

  17. 9 easy ways to secure your WordPress blog – Simple Help « wp-popular.com linked to this post on July 1, 2009

    [...] See the original post: 9 easy ways to secure your WordPress blog – Simple Help [...]

  18. Configure the Settings on a WordPress Blog (Tutorial) linked to this post on July 7, 2009

    [...] 9 easy ways to secure your WordPress blog [...]



Some HTML is OK

or, reply to this post via trackback.