WordPress security protection, how much do you know

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Recently WordPress security issues have been small series I am concerned about, how can we do to maximize the protection of our WordPress program is not attacked by hackers? Maybe a lot of technology Daniel is accustomed to, but after all, there are many rookie do not know, This post for a WordPress security protection of the literacy bar, to help you as much as possible to enhance the security of the WordPress program! Hands-on experience, here is a small series of finishing a few aspects:

Wo-login file

WordPress's own system, The most direct harm is wp-login.php this background path is no longer what the secret, the best solution is nothing but how to the background path to shield or replace a more hidden address, where small set said the simplest, small white can also understand the method:

First, find the WordPress root directory under the wp-login.php file, with the code to write software open, edit the code, search Wp_shake_js Find

if ($shake _error_codes && $wp _error->get_error_code () && In_array ($wp _error->get_error_code () , $shake _error_codes))

Add_action (' Login_head ', ' Wp_shake_js ', 12);

Add code after this paragraph

if ($_get["AA"]!= "BB") {header (' location:/404 ');}

One of the AA, BB replacement for their own content, and then WordPress backstage address into the HTTP://WWW.2ZZT.COM/WP-LOGIN.PHP?AA=BB structure, which became the only way to your WordPress backstage, All other paths jump to page 404! In this way, the malicious hack of the portal is blocked.

Background Account Admin

In order to be more secure, we suggest that you should not admin also as a Web site Management account login, which gives the violence to break the convenience!

Wp-admin Directory

The question extends to a deeper question: how do we protect the Wp-admin directory? The small part of the method, although a little trouble, but absolutely safe, That is to create a new one in the Wp-admin directory. htaccess let only you an IP can access, this method trouble on the trouble if your network is dynamic IP, then you have to enter. htaccess Modify IP once to access, but this method is definitely safe enough. The contents of htaccess are:

Order deny, allow

Allow from 888.888.888.8888 #Your IP address

Deny from all

In exchange for their own IP can, then wp-admin directory only you can access! Speaking of this, the background directory path problem is secure!

WordPress header Information

Hide the head unnecessary information, such as the WordPress version number and so on, the violent attackers have mastered our version of WordPress can be based on the current known vulnerabilities to attack, The solution is to add the following information in the functions.php of our theme folder to conveniently hide the information that WordPress doesn't need to appear, and also bring benefits to the website optimization!

Remove extra information from the head

Remove_action (' Wp_head ', ' wp_generator ');

Remove_action (' Wp_head ', ' rsd_link ');/removing rel= "Edituri" in head

Remove_action (' Wp_head ', ' wlwmanifest_link ');/removing rel= "wlwmanifest" in head

Remove_action (' Wp_head ', ' Adjacent_posts_rel_link_wp_head ', 0);//rel=pre

Remove_action (' Wp_head ', ' Wp_shortlink_wp_head ', 0);//rel=shortlink

Remove_action (' Wp_head ', ' rel_canonical ');

Absolute path Leak repair

WordPress system itself, there are 4 of files will be out of the Web site under the absolute path of the server, this information if the malicious use of the consequences is also very serious! In order not to be found our site absolute path, we need to the following four files to operate, respectively:

1,/wp-includes/registration-functions.php

2,/wp-includes/user.php

3,/wp-admin/admin-functions.php

4,/wp-admin/upgrade-functions.php

The solution is very simple, open these files separately, and then in the header of the file

error_reporting (0);

Can mask the error, of course, if we use the server, not the virtual host, it is also best to the server under the php.ini file to shut down PHP error, general php.ini file path in/usr/local/php/etc, Modify php.ini File Display_errors = off to block the entire server PHP error!

Speaking of which, our WordPress should have been very strong, at least the common problems have been resolved, the mountains outside the mountains, people outside this is also no way, the last small part of the proposal if you are in the use of server VPs, as little as possible beginning mouth, generally open a 80 and 22 ports can! The more ports, The more vulnerabilities, the more security is discounted! This article from WordPress Theme station www.2zzt.com share