How to securely reinforce WordPress

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

WordPress is an open source software, everyone can use to build a station, the same people can take to study the software loophole, or directly brute force. As a site owner, we have to protect our WordPress from the very beginning:

1, first check whether there are security risks, through the major mainstream platform to provide detection tools, irregular detection of their own website whether there are loopholes, whether there are security risks.

2, if you are not a master, then as much as possible use of garbage plug-ins, those who evaluate the following 3-star Plug-ins, means that there may be loopholes or backdoor, discreet installation, in principle, as far as possible to use the code to replace the plug-in

3, keep WordPress for the latest version, note that this is not only refers to WordPress itself, but also includes a lot of plug-ins, as well as the theme you use, so at least to ensure that the official known loopholes have been patched.

4, the use of complex user name and password, a lot of Webmaster Day IP has been good hundreds of, with the account or admin, or even password is admin, we all know that you have a love for the admin, but this will make you hard to build the site instantly destroyed

5, good at using the. htaccess file to protect the Wordpress,.htaccess file is located in the root directory of the configuration file, it can help us achieve a lot of functions, which allow/block specific user or directory access, prohibit directory listing features, The following two types of common security configurations are available:

A, in. htaccess, add the following configuration allow from Xx.xx.xx.xx/xx, for example, you just want the public network IP 123.123.123.0/24 all IP access to this segment, you can allow from 123.123.123.0/24, If you only want to 123.123.123.123 this IP access, then: Allow from 123.123.123.123/32

b, close the directory list share view function, this is very important, many people easily overlooked, this means that you enter your URL + directory, such as: Http://diysifangcai.com/wp-content/plugins this connection, Will list all the plugins folders in the current directory, the site directory structure is exposed, which of course is dangerous, so you need to add options-indexes in the. htaccess.

6, limit the number of landings, through a plug-in can achieve the limit of landing times, such as login lockdown, Limit login attempts, and so on, by enabling the configuration plug-in after landing errors more than a certain number of times, the IP will be blacklisted to prohibit landing, so you can avoid violent cracking

7, if the site is to use the operating system of the server, virtual servers, and so on, you need to further security of the operating system to strengthen the detailed method of reference to strengthen the official document

8, the installation of security protection Plug-ins to protect your WordPress, Common plug-ins have Acunetix WP security, WordPress Security Scan to further strengthen your WordPress

The above several methods can let you further strengthen your own WordPress, do security reinforcement at the same time, also want to develop the habit of regular backup site, now many plug-ins can realize automatic backup, some plug-ins support direct backup to cloud space, such as Baidu Cloud space.