Överhopp som ska tillfredsställas

9 lätta väg att säkra din WordPress blog

Blogging Säkerhet

Denna artikel skisserar 9 olika väg som du kan säkra din WordPress blog/plats. Säkerhet är ofta en förbisedd aspekt av blogging, men några noterar att se till att saker är den säkra canräddningen dig timmar och timmar av `- fixande', om någon avgör att röra med din plats.

  1. Nedladda och installera wp-bildläsare plugin. Det utför honom efter säkerhetskontroller:
    1. WordPress versionkontroll (stöttar för närvarande 7 versionkontroller). Ska framtida frigörare inkluderar en kontroll för sparaexistensversion, för de blogs som har tagit bort deras version specificerar.
    2. Testar den WordPress temamallen för grundläggande XSS-sårbarhetar
    3. Enumerates WordPress Plugins. Ska framtida frigörare utför extra testar i detta område.
  2. Another som är plugin att installera, är Inloggning LockDown. Det antecknar IPet address och tidsstämpeln av varje missat WordPress inloggningsförsök. Om mer än ett visst nummer av försök avkänns inom en kort tidsperiod från den samma IPEN, spänna, då fungerar inloggningen är rörelsehindrad för alla förfrågan från det spänner. Detta hjälper att förhindra den djuriska styrkalösenordupptäckten. Det är mycket rättframt och lätt att använda - jag ger upp det stora tum.
  3. Arguably är min favorit- plugin WordPress säkerhet Det AskApache lösenordet skyddar. Det tillfogar ett 2nd lagrar av säkerhet till din blog, genom att kräva en username och ett lösenord att ta fram något i den /wp-admin/ mappen. Och det gör det, genom automatiskt att skapa, och plockning alla högra inställningar för .htpasswden och .htaccessen sparar (däribland räddninglägena), men du kan lätt ändra de inställningar till något som du önskar, rätt från din WordPress Admin panel.
  4. Från Matt Cutts presentation - ta bort märka i din header.php som visar strömversionen av WordPress. Det är:

    <metaname=” generator” content=” WordPress <? phpbloginfo (' version'); ?>”, /,>

    Or, you can just modify it so that the version number isn’t displayed, to something like

    <meta name=”generator” content=”Powered by WordPress” />

  5. Again, from Matt Cutts – put a blank index.html file in your /wp-content/plugins/ directory. By default, you can actually view the contents of this folder, so everyone in the world knows which plugins you have installed.
  6. I won’t bother with the “always use the latest version of WordPress” tip, because that’s just too obvious. However, I will mention that the Automatic Upgrade Plugin can keep your version of WordPress current, and you don’t have to do anything other than install it. I happen to prefer to upgrade WP manually, so I don’t use this one, but I’ve heard nothing but good things about it.
  7. If you have a ‘contact me’ page, make sure it’s a secure one. No one likes spam. Secure Form Mailer is great.
  8. Keep your web server updated. Though this isn’t WordPress specific, no matter how secure WordPress is, if there’s a vulnerability in your actual web server, it won’t matter. So keep an eye out for updates to your web server (ie. litespeed, Apache etc).
  9. Consider bookmarking http://blogsecurity.net (or subscribing to their RSS feed) – they have some great posts and provide info on insecure plugins etc as soon as they find out about them.

Posted in Blogging, Security.

24 comments

By Ross McKillop September 10, 2007

Related Posts:

Best of Blog Action Day
7 plugins to install immediately after WordPress
WordPress Plugin: MyTechnorati
How to easily install WordPress in a virtual environment
How to install WordPress on your Windows PC

24 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Webomatica says

    Cool… I just tried most of the above – the wp-scanner found something up with my search form. Fixed!

    September 14, 2007, 7:19 pm
  2. paul says

    wow, thanks so much for these. I hadn’t heard of any of those plugins and I work with WP a lot. I really like the AskApache plugin. thanks again!

    December 17, 2007, 7:35 am
  3. 鬼故事 says

    呵呵,帮顶!来听听鬼故事……

    June 13, 2008, 11:44 am
  4. 返利 says

    呵呵,帮你PP顶!也请来返利看看……

    June 14, 2008, 7:30 am
  5. the_guv says

    Well, some points are a little out of date now, with 2.7+.

    I’ve added a security video tutorial which hopefully makes a nice accompanyment to this piece, Ross.

    Must admit, I did include the one about updating to the latest version though! Plus some about my favorite security plugins…

    Video How-to: 10 Tips To Make WordPress Hack-Proof

    http://guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/

    February 24, 2009, 5:25 am
  6. about me says

    Of course, what a great site and informative posts, I will add backlink – bookmark this site? Regards, Reader.

    March 9, 2009, 5:15 am

Continuing the Discussion

  1. Iron Wil » Blog Archive » WordPress Protection - No, I don’t mean Maffia linked to this post on September 14, 2007

    [...] over at SimpleHelp has recently posted a “9 easy ways to secure your WordPress blog“. Personally, I am looking forward to implementing some of them in my own blogs. I [...]

  2. Site Update - Don’t panic we’re still here and working hard.. linked to this post on September 15, 2007

    [...] 9 easy ways to secure your WordPress blog [...]

  3. Link Sharing, 9/19/07 » Webomatica - Technology and Entertainment Digest linked to this post on September 19, 2007

    [...] 9 Ways To Secure Your WordPress Blog: A partial cure for Blog Paranoia. [...]

  4. 13 Ways I Protected My Blog From Attacks : Elaine Vigneault linked to this post on September 23, 2007

    [...] most of the recommendations in this recent article about blog security as well as this [...]

  5. RodeWorks » WordPress security — what you can do linked to this post on November 5, 2007

    [...] 9 easy ways to secure your WordPress blog – Simplehelp [...]

  6. Secure WordPress - How to prevent your blog from being hacked linked to this post on May 21, 2008

    [...] easy ways to secure your WordPress Blog http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/ WordPress Security White Paper [...]

  7. GUYA.NET » Blog Archive » My blog has been hacked linked to this post on June 16, 2008

    [...] 9 easy ways to secure your WordPress blog [...]

  8. 5 Useful WordPress Posts | Port 16 linked to this post on June 20, 2008

    [...] 9 Easy Ways to Secure your WordPress Blog – This time, a list about security. This list tells you how to lock it down a little more. [...]

  9. phipster » Blog Archive » Secure your Wordpress Blog linked to this post on July 18, 2008

    [...] 9 easy ways to secure your Wordpress blog. Go. Do it [...]

  10. The end of the 90DC for me - probably - Internet Marketing Forums linked to this post on September 8, 2008

    [...] sites. You have to take a few minutes to keep your sites out of their reach. Thsi article may help: 9 easy ways to secure your WordPress blog – Simple Help If you plan on sticking around, you have to get your own hosting. You can get unlimited domains [...]

  11. Step By Step Guide for WordPress Total Security (Hacker Free) what would you pay ? - Page 2 linked to this post on October 3, 2008

    [...] on securing your WordPress: WordPress Security Whitepaper 10 Ways to Secure your Wordpress Install 9 easy ways to secure your WordPress blog Bad Neighborhood – Login LockDown WordPress Security Plugin So I am going to vote $0. Want about [...]

  12. Check Your Wordpress Security | Online Marketing | Search Engine Marketing | SEO | PushON blog linked to this post on February 18, 2009

    [...] 9 Easy ways to secure Wordpress [...]

  13. How to Secure Your WordPress Website :: Christopher Ross linked to this post on March 2, 2009

    [...] Ross McKillop [...]

  14. Datensicherung für WP-Blogs? « Grautigers Spielwiese linked to this post on March 10, 2009

    [...] gibt’s doch einige Bugs”…) – Besser scheint mir, dieser Übersicht zu folgen: http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/ Miserable deutsche Übersetzung davon: [...]

  15. RodeWorks » Blog Archive » WordCamp Ed: Northeast Speaker Presentations linked to this post on April 24, 2009

    [...] 9 easy ways to secure your WordPress blog, SimpleHelp.net, Ross McKillop, 9/10/09, http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/ [...]

  16. 9 easy ways to secure your WordPress blog linked to this post on June 11, 2009

    [...] Read more: 9 easy ways to secure your WordPress blog [...]

  17. 9 easy ways to secure your WordPress blog – Simple Help « wp-popular.com linked to this post on July 1, 2009

    [...] See the original post: 9 easy ways to secure your WordPress blog – Simple Help [...]

  18. Configure the Settings on a WordPress Blog (Tutorial) linked to this post on July 7, 2009

    [...] 9 easy ways to secure your WordPress blog [...]



Some HTML is OK

or, reply to this post via trackback.