WP Blog system security protection Settings tutorial

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

WordPress is a feature and security is very strong blog CMS system, currently in the global use is very wide. Many personal blogs, corporate blogs and so on are using WordPress platform. Site security should be every webmaster must be aware of, we should first do precautions, rather than wait until the site was black, the database was stolen to think of security. WordPress is the same, although many WordPress users think it is very safe, but it can also be hacker attacks. So this article summarizes a few WordPress bloggers must do the security settings.

The WordPress database Operation permission Security setting

First of all, the security settings of the database. I suggest that you should build a database for WordPress alone, preferably not with other sites or applications to share a database. Because if one of the sites has a vulnerability, the hacker enters the database, which threatens the security of the entire database table. Then you should also set the operating permissions for the WordPress database, such as which accounts may have insert, delete, and create permissions, and only SELECT permissions.

In addition, each database account password must be very strong, it is best to use password management software to generate a string containing numbers, letters and symbols of the random password. For permission settings, you might refer to the following code:

$ mysql-u Root-p

mysql> CREATE database ' MyBlog ';

Mysql> Grant SELECT, INSERT, delete, update, create, DROP, alter on myblog.* to ' bloguser ' @ ' localhost ' identified by ' m Ypassword ';

mysql> flush Privileges;

Mysql> exit;

Second, modify the default Administrator account password

Do not use a name such as admin in the Administrator's username, you can open the database directly with MySQL, directly modify the database administrator user name. The table name is _users. Also be sure to pay attention to the administrator password. Like the password to set up the database above, make it a little more complicated, preferably with uppercase letters, lower-case letters, numbers, and symbols. You can consider using some password management software, such as KeePass, to save your password.

Iii. Access using encrypted paths

This is not very much seen, because many sites generally do not support SSL (HTTPS) access mode, the need to pay. But WordPress is a way to support HTTPS access. If your server supports HTTPS, you must use encryption to access the background. Because if you use normal HTTP, your password may be intercepted by a sniffer software. To enable HTTPS access to the background, you need to add the following code to the wp-config.php:

Define (' Force_ssl_admin ', true);

Iv. upgrade to new version in time

New versions of the release of the new features must also be a bug fix. So when a new version is released, you must be aware of what vulnerabilities are being fixed by this release. To download the latest installation package updates to the new version in time.

Regular backup of WordPress database and files

Be sure to back up the database regularly. Because once the database is compromised, you can recover the database. No one wants to be happy. You can find the WordPress database backup plug-ins, some plug-ins can be set up on a regular basis to automate the backup operation. A plugin called Wp-db Manager can automatically send backups to your Gmail mailbox.

In addition to backing up the database, you should also make a regular backup of the WordPress files. Especially when you make great changes to the code, such as Plug-ins, theme templates, etc., you should do a backup of the source code. In the event of WordPress being attacked, it is much easier to recover.

Vi. Screen folder Directory browsing

Some hosts may be allowed to browse the directory structure, which is a significant security risk. Browsing the directory structure means that the hacker can see all of your file names. The easiest way to do this is to place a index.html file with an empty content underneath each directory. So the visitor can only see a blank page. It is also easy to turn off Apache directory browsing by simply adding this line of code to the. htaccess file in the root directory:

Options all-indexes

Do not output the WordPress version number in the page code

Your WordPress theme code is definitely not showing the version number in the Meta section, but the version number can be read in some way. To add the following line of code to the functions.php file:

If your WordPress does not have this file, you can create one and then add this line of code. Article from Guangzhou website construction http://www.gscpp.net Reprint please keep the link!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.