I am powering 网站 使用WordPress. What 安全 措施 should I take?

“我在为自己加油。 网站 使用WordPress. What 安全 措施 should I take?” Have you ever ask this question?

This WordPress 安全 tutorial will show you how to protect your site. We are going to show a few simple steps:

I. Use 安全 和 reliable 举办

Secure, protected, trustworthy 举办 是必备的. Take some time to do a research 和 choose host that reflects all your needs 和 has strong 安全 措施. 冲浪之后 互联网 you will see a great variety of WordPress 举办s. We can recommend Bluehost or Siteground. They take extra 措施 to protect their servers against hacker attacks.

II. 保持网站更新

维持你的 网站 安全 更新 WordPress, themes 和 plugins after every new release. 每一个 更新 contains bug fixes, new features 和 安全 fixes.

Make sure to perform all the major 更新s. 不要忽视 更新 管理面板中的消息. You will be notified about new releases in your WP 指示板 更新部分.

获取主题信息 更新 开放 外观 > 主题 页面，并查看插件 更新 消息导航到 插件 > 安装插件 在你的 后端.

确保你 备份 your site before performing any 更新s. 我们会讲到 备份 进一步.

3. Always use strong login details

The most popular way to hack sites is to steal WordPress login details. This task is too easy for a professional hackers 和 could be done using a great variety of additional tools.

• 用户名. Never use “admin” as your username. We strongly recommend using email instead of login. Or use some other username that is not so simple.

  

• 密码. Do you know that the most popular passwords are admin, admin123, qwerty or 123456? Try to avoid such simple login details.

  You can easily generate strong password from your WordPress site admin panel. To access password generator 开放 your 用户配置文件 下 用户 选项卡. 向下滚动页面 账户管理 section to get strong password. 一键点击 生成 button 和 you have new strong pass. Or you can create it by yourself. 确保你r password contains of upper 和 lower case characters, numbers 和 symbols.

  

It’s a good idea to use different access details for WordPress 后端, FTP 和 Cpanel. Different login details allow you to minimize risks.

IV. 限制登录权限

To avoid a brute-force attack you can limit the number of failed login attempts from a single IP地址. There is two possible ways to do that:

• You can find a lot Limit Login Attempts plugins at official WordPress的网站. Those plugins allow you to limit login attempts 和 lock IP地址 after too many failed login attempts.

• Another great way to protect your site is to allow access for one or several IP地址es. To do that add following code to file:

  RewriteEngine上
  rewritecsecond %{REQUEST_URI} ^(.*)?wp-login \.php (.*)$ [OR]
  rewritecsecond %{REQUEST_URI} ^(.*)?wp-admin美元
  RewriteCond % {REMOTE_ADDR} !^123\.123\.123\.123$
  RewriteRule ^ (.*)$ - [R=403,L]

  123\.123\.123\.123 要改成你的吗 IP地址. Once this change is performed you will be the only one person who can access site 后端.

V. 避免免费主题

Using free theme is always a great risk. 这些主题可能包含 垃圾邮件 或者恶意代码. That effects your site 安全. If you don’t use free themes we recommend that you remove from your WordPress install. 你可以在下面做 外观 > 主题 section.

If you really want to use free theme choose those developed by trusted theme companies. Just make sure you delete the stuff you are not using any more. It is not only free themes matter but plugins as well.

VI. Disable file editing via the 指示板

WordPress comes with inbuild file 编辑器. 你可以在下面找到 外观 > 编辑器 页面. It allows you to edit any of your theme files right in the 指示板. In wrong h和s this feature could cause a great troubles. If a hacker managed to access your admin panel, he will be able to manage code from your site 后端. It’s a good idea to disable this option to avoid risks. 要禁用它，请编辑 wp-config.php 文件从您的服务器根目录 目录. 添加以下文件:

//禁止文件编辑
define( 'DISALLOW_FILE_EDIT', true );

7. 做好备份

The last but not least is site 备份. You cannot be 100% sure that your site will not be hacked. 有一个 备份 总是一个好主意吗. You can use 备份s to restore your WordPress site if something bad has happened. Feel free to check a great guide on how to make full 网站 备份..

还有，请随意通过 10 Free WordPress Backup 插件 for Maximum Website Security Against the Unexpected article.