Overall WordPress security Issues

Source: Internet
Author: User
Tags wordpress version

In the use of WordPress often encounter a number of security problems let us go crazy, multi-backup to you to summarize a few representative security issues. Let's take a look at them:


1. Disable the use of the Background Code Editor


Hazard: Heike can capture our servers by writing backdoor code in the Code editor when getting an administrator password.


Forbidden Method: Add a line define (Disallow_file_edit, true) to wp-config.php in the WordPress root directory; or modify file permissions: 1 2 chmod544-r Wp-cont


2. Disable the use of the Background Code Editor


Hazard: Heike can capture our servers by writing backdoor code in the Code editor when getting an administrator password.


Forbidden Method:


In the WordPress root directory wp-config.php added a line define (' Disallow_file_edit ', true); or modify file permissions: 1 2 chmod544-r wp-content/themes/chmod544-r wp-content/plugins/


3. Prohibit uploading directory execution permissions


Harm: Heike Upload executable Trojan file to our uploads directory, execute Trojan file in some way, get the administrator rights of the server.


Forbidden Method: Modify file Permissions


1 Chmod744-r wp-content/uploads/


. htaccess tampered with


Harm: The user by rewriting the directory under the. htaccess file, you can reach the resolution a.jpg the time of the PHP language parsing, so Trojan code can be executed.


Forbidden method: Under Directory, create a new. htaccess file, modify its permissions to chmod 444. htaccess, in case of tampering. If you are not afraid of trouble, you can create this file in each directory, uploads this folder must have a. htaccess file.


4. Database Remote Link


Harm: Heike through some method to get to the MySQL database link password, through the remote way can link to our database, can directly manipulate the database.


Forbidden Method: Disable remote link for MySQL user. Use Grant Alter,delete,create,drop,execute,select,update on dbname. * to ' username ' @ ' localhost ' identified by ' password '; command to prohibit the user.


Administrator weak password


Hazard: Heike through the dictionary mode, the administrator password for WordPress blasting, if set simple password, it is easy to burst out.


Forbidden Method: Use high-strength password, password at least 10 bits, content contains at least number, character, special symbol 3 kinds.


5.WordPress version does not upgrade


Harm: WordPress Version upgrade, is because of WordPress loopholes, so the official patch to the loopholes, you do not upgrade, gave Heike the opportunity to use.


Forbidden Method: Upgrade to the latest version of WordPress.


If everyone on the security of WordPress also has a welcome message to add. About data security, no delay!


Foreign language: How much is wordpress backup? If you want to easily backup, find more backup!


This article is from the "Big Meatball" blog, please make sure to keep this source http://12478147.blog.51cto.com/9663367/1615727

Overall WordPress security Issues

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.