Eight steps to enhance WordPress site security

Source: Internet
Author: User
Keywords Security WordPress Enhanced forever

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Site security is always a problem that can not be ignored. WordPress itself in the site to do very good security, and then due to the user's own problems, resulting in hackers can easily enter your wordpess site. The harm is obvious, heavy site data loss, not normal access, the site theme template is stolen. The following author combined with WordPress years of deployment experience, talk about how to enhance the security of WordPress site.

First, never use "admin" as the login username

As we all know, in the WordPress installation process by default will use "admin" as the login username. Users in order to save trouble, unwilling to modify, so that hackers easily stepped out of the first step.

Second, provide a unique password

WordPress password is a MD5 algorithm, and a simple password MD5 encrypted using the online free MD5 decryption program can soon be calculated. So for security, a unique password is required. What kind of password is unique: (1) At least 12 bits in length, (2) contains letters and numbers, (3) One of the letters has a case, (4) contains special characters Furu #,@, etc.

Third, install login security plugin

WordPress Plug-in library has a limit login attempts security plug-ins, after the installation of activation, to set up. This plugin can prevent hackers from guessing logins and passwords. You can set three attempts after the failure, you can lock the login. Of course, the expiration time is also set by you.

Iv. update WordPress core files in time

WordPress update is very ordinary. For many users, it is easy to find problems. Once the problem is discovered, WordPress will have a solution to provide updates. It is not necessary for some users to worry that the subject is not suitable for the new version and not be updated. Remember one word: always let your theme adapt to wordpress, rather than WordPress adaptation theme.

V. Update the theme in time

More and more topics are now using Third-party code, such as slides, thumbnails, and so on, which can be a security risk. If you still use the code that has not been patched, this can be easily exploited by hackers if you have found a thumbnail security risk in the previous period. It is also recommended that WordPress do not install topics other than the ones currently in use and the default theme, because some topics may create security vulnerabilities.

Vi. timely updating of plug-ins

Some of the theme developers in order to be afraid of trouble, in the function file shielding plug-in update prompts, this is irresponsible for users. Because Plug-ins also have a certain security risks. When choosing a plugin, do not select a plugin that no one is maintaining. Usually to the official plug-in library to download unless it is a commercial plug-in.

Vii. Management account and publish article account separation

If the administrator account is used to publish articles, your username will be made public to the world. WordPress has already considered this. Allows you to create an edit user. So be good. Use this to hide the administrator account.

Eight, set display name

If you don't want to use an edit user to publish an article, set the display name. This will not show the administrator account when you publish the article.

I think if you pay attention to the above eight steps, your WordPress site will not be easy for hackers to enter.

This article for the original article, the author site Point Gold Theme Network www.dianjin123.com, welcome reprint, but please keep the link.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.