In the use of WordPress often encounter a number of security problems let us go crazy, multi-backup to you to summarize a few representative security issues. Let's take a look at them:
1. Disable the use of the Background Code Editor
Hazard: Heike can capture our servers by writing backdoor code in the Code editor when getting an administrator password.
Forbidden Method: Add a line define (Disallow_file_edit, true) to wp-config.php in the WordPress root directory; or modify file permissions: 1 2 chmod544-r Wp-cont
2. Disable the use of the Background Code Editor
Hazard: Heike can capture our servers by writing backdoor code in the Code editor when getting an administrator password.
Forbidden Method:
In the WordPress root directory wp-config.php added a line define (' Disallow_file_edit ', true); or modify file permissions: 1 2 chmod544-r wp-content/themes/chmod544-r wp-content/plugins/
3. Prohibit uploading directory execution permissions
Harm: Heike Upload executable Trojan file to our uploads directory, execute Trojan file in some way, get the administrator rights of the server.
Forbidden Method: Modify file Permissions
1 Chmod744-r wp-content/uploads/
. htaccess tampered with
Harm: The user by rewriting the directory under the. htaccess file, you can reach the resolution a.jpg the time of the PHP language parsing, so Trojan code can be executed.
Forbidden method: Under Directory, create a new. htaccess file, modify its permissions to chmod 444. htaccess, in case of tampering. If you are not afraid of trouble, you can create this file in each directory, uploads this folder must have a. htaccess file.
4. Database Remote Link
Harm: Heike through some method to get to the MySQL database link password, through the remote way can link to our database, can directly manipulate the database.
Forbidden Method: Disable remote link for MySQL user. Use Grant Alter,delete,create,drop,execute,select,update on dbname. * to ' username ' @ ' localhost ' identified by ' password '; command to prohibit the user.
Administrator weak password
Hazard: Heike through the dictionary mode, the administrator password for WordPress blasting, if set simple password, it is easy to burst out.
Forbidden Method: Use high-strength password, password at least 10 bits, content contains at least number, character, special symbol 3 kinds.
5.WordPress version does not upgrade
Harm: WordPress Version upgrade, is because of WordPress loopholes, so the official patch to the loopholes, you do not upgrade, gave Heike the opportunity to use.
Forbidden Method: Upgrade to the latest version of WordPress.
If everyone on the security of WordPress also has a welcome message to add. About data security, no delay!
Foreign language: How much is wordpress backup? If you want to easily backup, find more backup!
This article is from the "Big Meatball" blog, please make sure to keep this source http://12478147.blog.51cto.com/9663367/1615727
Overall WordPress security Issues
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
