★ Welcome to The Guardian God · V Classroom, website address: http://v.huweishen.com
★ Guardian God · V Classroom is a Web site dedicated to providing server instructional video for the Guardian God, updated weekly video.
★ This section we will lead you: WordPress security settings.
This section is mainly about how to prevent hackers to upload Trojan horse and the site, as for the installation of WordPress is not described in this section
Range!
This section of the WordPress system has been installed, the site is: http://localhost/, website installation directory:
D:\wwwroot\WordPress\web
It is important to note that:
· PHP5.3 Previous versions (such as 5.2.17) do not have the same requirements for permissions, this section focuses on PHP5.3 and later versions.
• This section applies to servers or cloud hosts, and if you are using a virtual host, you cannot use the following methods to resolve security issues;
Fortunately, you can use the Nine Network connected "safe host" to solve the WordPress security problem; "Ping An host" is a national
The only one can be 100% anti-hanging horse virtual host products.
Below we start to do WordPress security settings.
1. Create a website run account: hws_wordpress
This account can only belong to the Guests group, password please do not too simple, otherwise easy to become a hacker exploit the loophole!
2, set the WordPress Site Directory permissions, can only have the following permissions:
Administrators and System: Full Control permissions
Iis_iusrs and hws_wordpress: Read permissions
Hws_wordpress: Traverse Folder/Execute file (applies only to: This folder and subfolders)
3, add sub-directory permissions, the following are only to increase the Hws_wordpress account permissions, if your site installed plug-ins, plug-ins
If you need to have read and write access to a specific directory, please add it.
Wp-content/uploads: Write, delete
(Note: If your site also need to add plug-ins, modify themes, etc., please directly to the Wp-content folder with Write permissions, processing
After that, remove the write and delete permissions.)
4. Set up IIS
Anonymous account usage for the website: hws_wordpress
Remove script execution permissions from the Wp-content/uploads directory
5. Testing the website
Website access is normal, background upload pictures, files are normal.
At this point, WordPress security settings have been completed, after Setup, although the hacker may also upload Trojan, but can not run
Has greatly improved the site's security.
If you can work with security aids again, the level of security can continue to improve.
6. Safety Aid Tools
It is recommended to use the "security package" developed by the Guardian God to prevent intrusion from system vulnerabilities, software vulnerabilities, website vulnerabilities, etc.
Fully address the various security threats to servers and websites.
We demonstrate one of the modules: Web password lock
As the name implies, is to set a password on the Web page, only through the password authentication, to access the Web page, mainly used in the site backstage
。
The advantage is that even if our back-end account and password are hacked, hackers will not be able to access our backstage.
Now that this section is over, please visit the Guardian God website (www.huweishen.com) for more instructional videos.
Reprint please indicate the source (http://v.huweishen.com/video/48.html) Thank you!
[Windows Server 2012] WordPress Security Settings method