Isalathiso senqaku
- 1 Ingcebiso ye-WP yokungena ekhuselekileyo
- 1.1 Ukhuseleko lweakhawunti yomsebenzisi
- 1.2 Ukhuseleko lokungena komsebenzisi
- 1.3 Ukhuseleko lobhaliso lwabasebenzisi
- 1.4 Ukhuseleko lwedatabase
- 1.5 Ukhuseleko lwenkqubo yefayile
- 1.6 I-HTACCESS kunye ne-WP-CONFIG.PHP ifayile yokugcina kunye nokubuyisela
- 1.7 Umsebenzi woluhlu olumnyama
- 1.8 Umsebenzi weFirewall
- 1.9 Ukunqanda uhlaselo lwe-Brute force login
- 1.10 Umbuzo we-WHOIS
- 1.11 iskena sokhuseleko
- 1.12 Phawula ngokhuseleko logaxekile
- 1.13 Ukhuseleko lokukhuphela okubhaliweyo ngaphambili
- 1.14 Uhlaziyo oluqhelekileyo kunye neempawu ezintsha zokhuseleko zongezwa
- 1.15 Isebenza kunye neeplagi ze-WordPress ezidumileyo
- 1.16 Iimpawu ezongezelelweyo
- 2 Imibuzo ebuzwa rhoqo
- 3 Inkonzo ekhawulezileyo ayifumaneki okwexeshana
WordPressUqwalaselo lweplagi yokhuseleko lwewebhusayithi:
Konke kuKhuseleko lweWP enye kunye neFirewall
siyauKhuthazo lweWebhu, sebenzisa iwebhusayithi ukwenzaseoKwintengiso, kunokucinga ukuba ukukhuselwa kokhuseleko lwewebhusayithi kubaluleke kakhulu.
ezinyeiindaba ezintshaAbantu abafuna ukukhusela ukhuseleko lwewebhusayithi ye-WordPress bakhalaza malunga nezi plug-ins zokhuseleko ze-WP:
- 1) Udonga lwamagama
- 2) Ukhuseleko lwe-iThemes
Kwaneyona misebenzi isisiseko yokuthumela ngaphandle kunye nokungenisa useto ifuna inguqulelo yobuchwephesha ehlawulweyo ukuze uyisebenzise, haha!
Ingcebiso ye-WP yokungena ekhuselekileyo
Chen WeiliangKhangela ngokucophelela kwiwebhusayithi esemthethweni yeWP kwaye ufumane ngokukhawuleza leIplagi yeWP:
- 3) Konke kwi-WP enye yoKhuseleko kunye ne-Firewall
Umahluko ophambili ukusuka ezimbini zokuqala kukuba abasebenzisi basimahla banokusebenzisa useto olubanzi lokhuseleko lwewebhusayithi.
Okona kubaluleke kakhulu, ungasebenzisa umsebenzi wokungenisa kunye nokuthumela ngaphandle useto simahla ▼
Ukuseta ukungenisa kunye nokuthumela ngaphandle imisebenzi ye-All In One WP Security & Firewall plug-in, nceda ucofe ukhetho loKhuseleko lweWP "Izicwangciso" ▼
Nalu uluhlu lokhuseleko lwe-WordPress kunye neempawu zomlilo ezibonelelwe yile plugin:
Ukhuseleko lweakhawunti yomsebenzisi
- Khangela ukuba kukho iakhawunti yomsebenzisi enegama lomsebenzisi elithi "admin" elingagqibekanga kwaye utshintshe ngokulula igama lomsebenzisi kwixabiso olikhethileyo.
- I-plugin iya kubona kwakhona ukuba unayo nayiphi na i-akhawunti yomsebenzisi we-WordPress kunye nokungena okufanayo kunye negama lokubonisa. Yisenzo esibi sokhuseleko ukujonga apho igama elibonisiweyo lifana negama lokungena, kuba sele ulazi igama lokungena.
- Izixhobo zamandla egama lokugqitha zikuvumela ukuba wenze amagama ayimfihlo awomeleleyo.
- Misa iphepha lomsebenzisi. Ke abasebenzisi / ii-bots abanakufumana ulwazi lomsebenzisi ngokusebenzisa iipermalinks zababhali.
Ukhuseleko lokungena komsebenzisi
- Sebenzisa uphawu lokutshixa lokungena ukunqanda "uhlaselo lokungena ngenkani ngenkani." Abasebenzisi abaneedilesi ezithile ze-IP okanye uluhlu baya kutshixelwa ngaphandle kwesixokelelwano kangangexesha elimisiweyo ngokusekelwe kwizicwangciso zoqwalaselo, kwaye unokukhetha ukwazisa nge-imeyile abo bavalelwe ngaphandle ngenxa yemizamo emininzi yokungena.
- Njengomlawuli, unokujonga uluhlu lwabo bonke abasebenzisi abatshixiweyo ababoniswe kwitafile efundeka lula kunye nokukhangela, kunye nokuvula idilesi ye-IP yomntu ngamnye okanye ibhetshi ngokucofa iqhosha.
- Nyanzelela ukuphuma kwabo bonke abasebenzisi emva kwexesha elimiselweyo
- Jonga/jonga iinzame zokungena ezingaphumelelanga, ebonisa idilesi ye-IP yomsebenzisi, igama lomsebenzisi/igama lomsebenzisi kunye nomhla/ixesha lokuzama ukungena okungaphumelelanga.
- Beka iliso/jonga umsebenzi we-akhawunti yazo zonke ii-akhawunti zabasebenzisi kwisixokelelwano ngokulandela igama lomsebenzisi, idilesi ye-IP, umhla/ixesha lokungena kunye nomhla/ixesha lokuphuma.
- Ukukwazi ukutshixa ngokuzenzekelayo uluhlu lweedilesi ze-IP ezizama ukungena ngamagama angasebenziyo.
- Ukukwazi ukujonga uluhlu lwabo bonke abasebenzisi abangene ngoku kwiwebhusayithi yakho.
- Ikuvumela ukuba uchaze idilesi enye okanye ezininzi ze-IP kuluhlu olumhlophe oluthile. Iidilesi ze-IP ezimhlophe ziya kuba nokufikelela kwiphepha lokungena kwiWP.
- intandoIkhowudi yokuqinisekisaYongeza kwifomu yokungena kwi-WordPress.
- Yongeza ikhowudi yokuqinisekisa kwi-WP yenkqubo yakho yokungena kwi-Password Forgot Password form.
Ukhuseleko lobhaliso lwabasebenzisi
- Nika amandla ukuvunywa ngesandla kweeakhawunti zomsebenzisi we-WordPress. Ukuba indawo yakho ivumela abasebenzisi ukuba benze ii-akhawunti zabo ngefomu yokubhalisa ye-WordPress, ngoko unokunciphisa ukubhaliswa kwe-spam okanye inkohliso ngokuvuma ngesandla ukubhaliswa ngalunye.
- Ukukwazi ukongeza iikhowudi zokuqinisekisa kumaphepha okubhalisa abasebenzisi be-WordPress ukukhusela ukubhaliswa kwabasebenzisi be-spam.
- Ukukwazi ukongeza i-WordPress kwifomu yokubhalisa yomsebenzisi we-WordPress ukunciphisa iinzame zokubhalisa nge-bots.
Ukhuseleko lwedatabase
- Cwangcisa isimaphambili seWP esingagqibekanga kwixabiso olikhethileyo ngokucofa iqhosha.
- Cwangcisa ii-backups ezizenzekelayo kunye nezaziso ze-imeyile, okanye uthathe i-backups yesiseko sedatha ngoko nangoko ngokucofa nje.
Ukhuseleko lwenkqubo yefayile
- Chonga iifayile okanye iifolda ezinoseto lwemvume engakhuselekanga kwaye usete iimvume kumaxabiso akhuselekileyo acetyiswayo ngokucofa iqhosha.
- Khusela ikhowudi yakho ye-PHP ngokukhubaza ukuhlelwa kwefayile kwindawo yolawulo lwe-WordPress.
- Jonga ngokulula kwaye ubeke iliso kuzo zonke iilog zenkqubo ye-host kwiphepha elinye lemenyu kwaye uhlale unolwazi ngayo nayiphi na imiba okanye imiba eyenzekayo kwiseva yakho ukuze uzisombulule ngokukhawuleza.
- Vimbela abasebenzisi ekufikeleleni kwi-WordPress site's readme.html, license.txt, kunye neefayile ze-wp-config-sample.php.
I-HTACCESS kunye ne-WP-CONFIG.PHP ifayile yokugcina kunye nokubuyisela
- Gcina ngokulula iifayile zakho zangaphambili ze-htaccess kunye ne-wp-config.php xa ufuna ukuzisebenzisa ukubuyisela ukusebenza okwaphukileyo.
- Guqula imixholo ye-htaccess esebenzayo ngoku okanye ifayile ye-wp-config.php esuka kwiqela lenjongo yolawulo ngonqakrazo nje olumbalwa
Umsebenzi woluhlu olumnyama
- Abasebenzisi banqatshelwe ekuchazeni uluhlu lwe-IP ngokuchaza idilesi ye-IP okanye ukusebenzisa i-wildcards.
- Vala abasebenzisi ngokuchaza iarhente yomsebenzisi.
Umsebenzi weFirewall
Ukuba ungenisa ngaphandle useto kwezinye iiwebhusayithi kwaye ujonge "Vumela i-404 IP yokuFumana kunye nokutshixa": Nceda qiniseka ukuba useta i-"404 Lockout Redirect URL (404 Lockout Redirect URL)" URL kukhetho luka-"Firewall", kungenjalo iya kuthunyelwa kwezinye iiwebhusayithi ▼
Le plugin ikuvumela ukuba ungeze ngokulula ukhuseleko olubanzi lwe-firewall kwiwebhusayithi yakho ngeefayile ze-htaccess. Ngaphambi kokuba nayiphi na enye ikhowudi kwiwebhusayithi yakho iqhutywe, iseva yakho yewebhu iqhuba ifayile ye-htaccess.
Ngoko ke, le mithetho ye-firewall iya kuthintela izikripthi ezinobungozi ekubeni nethuba lokufikelela kwikhowudi ye-WordPress kwiwebhusayithi yakho.
- Amaziko olawulo lokufikelela.
- Yenza ngoko nangoko uluhlu lweseto lwe-firewall ukusuka kwisiseko, esiphakathi kunye nesiphambili.
- Yenza edume "5G blacklist" imithetho firewall.
- Izimvo zearhente azivumelekanga ukuba ziposwe.
- Vala ukufikelela kwiifayile zelog yokulungisa iimpazamo.
- Khubaza ukulandelela kunye nokulandela.
- Yala imitya yombuzo enobungozi okanye ekhohlakeleyo.
- Thintela ushicilelo lwendawo enqamlezileyo (XSS) ngokwenza izihluzo ezibanzi ezinzulu zomtya.
Okanye ii-bots ezinobungozi ngaphandle kweekuki ezikhethekileyo kwisikhangeli. Wena (umlawuli wewebhusayithi) uya kukwazi ukuseta le cookie ekhethekileyo kwaye ukwazi ukungena kwiwebhusayithi yakho. - Inqaku lokhuseleko le-WordPress PingBack. Olu phawu lomlilo luvumela abasebenzisi ukuvala ukufikelela kwifayile ye-xmlrpc.php ukuthintela ubuthathaka obuthile ekusebenzeni kwe-pingback. Oku kwakhona kunceda ukumisa i-bots ekufikeleleni rhoqo kwifayile ye-xmlrpc.php kunye nokuchitha izixhobo zeseva yakho.
- Ukukwazi ukumisa iiGooglebots zobuxoki ekurhubuluzeni indawo yakho.
- Inokuthintela i-hotlinking yomfanekiso. Sebenzisa oku ukuthintela abanye ekubeni badibanise imifanekiso yakho.
- Ukukwazi ukuloga yonke imicimbi ye-404 kwiwebhusayithi yakho. Unokukhetha kwakhona ukuvala ngokuzenzekelayo iidilesi ze-IP ngee-404 ezininzi.
- Ukukwazi ukongeza imithetho yesiko ukuvala ukufikelela kwizixhobo ezahlukeneyo kwindawo yakho.
Ukunqanda uhlaselo lwe-Brute force login
- Yeka ukuhlasela ngamandla ngoko nangoko nge-cookie-based brute force prevention feature yethu. Eli nqaku lomlilo liza kuvala zonke iinzame zokungena ebantwini kunye ne-bots.
- Ukukwazi ukongeza ikhowudi yokuqinisekisa yemathematika elula kwiifom zokungena kwi-WordPress ukukhusela kuhlaselo lokungena ngamandla.
- Ukukwazi ukufihla iphepha lokungena lomlawuli. Qamba kwakhona i-URL yephepha lakho lokungena kwi-WordPress ukuze i-bots kunye nabahlaseli bangakwazi ukufikelela kwi-URL yakho yokungena ye-WordPress yokwenyani. Eli nqaku likuvumela ukuba utshintshe iphepha lokungena elingagqibekanga (wp-login.php) kwinto oyiqwalaselayo.
- Ukukwazi ukusebenzisa i-honeypots yokungena, eya kunceda ukunciphisa iinzame zokungena kwi-brute force by bots.
Umbuzo we-WHOIS
- Yenza umbuzo we-WHOI womninimzi okrokrelayo okanye idilesi ye-IP kwaye ufumane iinkcukacha ezipheleleyo.
iskena sokhuseleko
- IFayile yokuFumana iScanner inokukulumkisa ukuba kukho naziphi na iifayile kwinkqubo yakho ye-WordPress etshintshileyo. Ungaphanda ukubona ukuba olu ibilutshintsho olusemthethweni, okanye ukuba ikhowudi ethile embi yatofwayo.
- Umsebenzi weskena sedatabase unokusetyenziselwa ukuskena iitafile zesiseko sedata. Ijonge nayiphi na imitya eqhelekileyo ekrokrisayo, iJavaScript, kunye nekhowudi ye-html kwezinye iitafile ezingundoqo ze-WordPress.
Phawula ngokhuseleko logaxekile
- Beka esweni ezona dilesi ze-IP ezisebenzayo ezihlala zivelisa izimvo ezininzi ze-spam kwaye uzithintele ngoko nangoko ngokucofa iqhosha.
- Unokuthintela ukungeniswa kwamagqabantshintshi ukuba awaveli kwisizinda sakho (oku kuya kunciphisa ukuthunyelwa kwe-spam kwindawo yakho).
- Yongeza ikhowudi yokuqinisekisa kwifomu yakho ye-WordPress yokuphawula ukhuseleko olongezelelweyo ngokuchasene nogaxekile wokuphawula.
- Ngokuzenzekela nangokusisigxina iidilesi ze-IP ezidlula inani elithile lezimvo eziphawulwe njengogaxekile.
Ukhuseleko lokukhuphela okubhaliweyo ngaphambili
- Ukukwazi ukukhubaza ukucofa ekunene, ukhetho lokubhaliweyo kunye neenketho zokukhuphela kwi-frontend yakho.
Uhlaziyo oluqhelekileyo kunye neempawu ezintsha zokhuseleko zongezwa
- Ukhuseleko lwe-WordPress luye lwavela ngokuhamba kwexesha. Ababhali be-plugin baya kuhlaziya rhoqo i-plugin yokhuseleko ye-All In One WP kunye neempawu ezintsha zokhuseleko (kunye nezilungiso xa zifunekayo) ukuze uqiniseke ukuba indawo yakho iya kuba phambili kwi-teknoloji yokukhusela ukhuseleko.
Isebenza neyona idumileyoWORDPRESS iplagi-in
- Kufuneka isebenze kakuhle kunye neeplagi ze-WordPress ezidumileyo.
Iimpawu ezongezelelweyo
- Ukukwazi ukususa ulwazi lwe-WordPress generator meta kwikhowudi yomthombo we-HTML yewebhusayithi yakho.
- Ukukwazi ukususa ulwazi lwenguqulo ye-WordPress kwiifayile ze-JS kunye ne-CSS kuquka newebhusayithi yakho.
- Ukukwazi ukuthintela abantu ekufikeleleni kwi-readme.html, license.txt kunye neefayile ze-wp-config-sample.php
- Ukukwazi ukuvala okwethutyana indawo yangaphambili kunye neendwendwe eziqhelekileyo ngelixa usenza imisebenzi eyahlukeneyo yomva (uphanda ngohlaselo lokhuseleko, ukwenza ukuphuculwa kwendawo, ukwenza umsebenzi wokulungisa, njl. njl.).
- Ukukwazi ukuthumela ngaphandle / ukungenisa izicwangciso zokhuseleko.
- Thintela ezinye iiwebhusayithi ekuboniseni umxholo wakho ngeefreyimu okanye iframes.
Imibuzo ebuzwa rhoqo
Inkonzo ekhawulezileyo ayifumaneki okwexeshana
Imposiso: Ngenxa yeenkxalabo zokhuseleko, ukufikelela kwidilesi ye-IP yakho kuvaliwe. Nceda uqhagamshelane nomlawuli.
Ukuba umyalezo ongasentla "Inkonzo ayifumaneki okwethutyana" ibonakala xa ungena kwiwebhusayithi, oko kuthetha ukuba ukufikelela kwidilesi yakho ye-IP kuthintelwe. Nceda uzame ukuthiya ngokutsha iplagi usebenzisa i-FTP. Emva kokuvala iplagin, kufuneka ukwazi ukungena. Ukuba i-FTP ithiya ngokutsha iplagi, awukwazi ukungena:
- Nceda uqinisekise ukuba zonke ezinye iiplagi zakho zivaliwe.
- Emva koko faka ikopi entsha kwaye uvule iplagin, kodwa ungayifaki kwakhona imithetho.
- Emva koko qalisa ukwenza izinto ezifunwa yiwebhusayithi yakho.
Ukuthintela iwebhusayithi yakho ukuba igqekezwe, qalisa ukufaka i-All In One WP Security & Firewall security plugin ngoku! Cofa apha ukuya Konke kuKhuseleko lweWordPress enye kunye neFirewall Iplagi yephepha lokukhuphela
Ndiyathemba Chen Weiliang Blog ( https://www.chenweiliang.com/ ) kwabelwana "I-WordPress i-website yokhuseleko lokhuseleko lwe-plug-in configuration: Yonke kwi-One WP Security & Firewall", eya kuba luncedo kuwe.
Wamkelekile ukwabelana ngekhonkco leli nqaku:https://www.chenweiliang.com/cwl-607.html
Wamkelekile kwisitishi seTelegram sebhlog kaChen Weiliang ukufumana uhlaziyo lwamva nje!
📚 Esi sikhokelo sinexabiso elikhulu, 🌟Eli lithuba elinqabileyo, ungaliphoswa! ⏰⌛💨
Yabelana kwaye uthanda ukuba uyathanda!
Ukwabelana kwakho kunye nezinto ozithandayo ziyinkuthazo yethu eqhubekayo!
Abantu aba-5 bagqabaze "kwiwebhusayithi yeWordPress yokhuseleko lweplagi yokucwangciswa kokhuseleko: Konke kuKhuseleko lweWP enye kunye neFirewall"
Ulwazi oluxabisekileyo.
Inqaku elihle kakhulu!
Kutheni ndingakwazi ukungena emva kokwenza le plug-in kwaye ndenze "Ukhuseleko lokuNgena komsebenzisi"?
Kusenokubakho ingxaki yeseva okanye ingxaki yokuseta iplagi, ngoko ke le plug-in ayikhuthazwa ngoku.
Ngapha koko, kukho ezinye iiplagi zokhuseleko ezingcono ezikhoyo, ezinje: Ukhuseleko lweMixholo
Kuya kufuneka uthethe nge-iThemes Security, akunjalo?
Yeyiphi engcono, uKhuseleko lwe-iThemes okanye Konke kuKhuseleko lweWP enye kunye neFirewall?
Ngaphaya koko, yeyiphi iplagi yokhuseleko eyeyona ilungileyo ngoku kwaye iza nepakethi yolwimi lwesiTshayina? Ngaba iibhloga ziyayicebisa? Kakhulu!
Ukhuseleko lwe-iThemes vs. Konke kuKhuseleko lweWP enye kunye nothelekiso lweFirewall:
Ukhuseleko lwe-iThemes luya kuba lula ukuyisebenzisa kwaye luza nepakethi yolwimi lwesiTshayina.