Lao Zuo saw the annual official report of WordPress that more than 30% of websites around the world use WordPress programs. In fact, we also see the current mainstream blog CMS program( Evaluation of the advantages and disadvantages of the current mainstream free and open source personal blog system and views on selection )It is true that there are the most documents, themes and plug-ins in. Basically, we use WP programs for personal blogs and personal websites. It also benefits from the continuous upgrading and updating provided by the government, including the continuous optimization of security.
This morning, Lao Zuo saw a netizen in the group who had not upgraded WordPress to the latest version, or perhaps because the BT panel had not been upgraded, resulting in server failure and many files in the root directory of the website. Therefore, when we use WordPress, the security of the program is also very important. Here I list the latest 11 ways to improve the security of WordPress.
First, keep the latest version
Unless we have special version requirements, Lao Zuo suggests that we should update to the latest version whenever new versions of WP appear. Especially when it is prompted that the security version must be upgraded, it must be updated and upgraded in a timely manner.
Second, use strong password protection
Our friends who have used earlier versions of WP programs should know that the default user name was admin and the password was set by ourselves. Today's new version users are all self defined, and have to use their own unique user names. At the same time, our password can also use the strong password recommended by the system's own prompt. Do not set a simple password.
Third, use security plug-ins to protect
We can select some available WP security plug-ins or secondary password protection plug-ins to improve the security of the account. But the most important thing is that plug-ins must use the official recommended genuine version, and plug-ins also need to be updated and updated in a timely manner to the latest version.
Fourth, server firewall settings
If necessary or conditional, you can set the server security, including WAF, CDN, port pass, etc., to ensure the further security of the server and website.
Fifth, certain restrictive measures
For example, when we log in to the administrator, we can set restrictions on the IP address or user login in the website plug-in. Some of our server panels also provide settings that require users with a specific IP address to access and log in. This depends on the fixed IP address used by our website login administrator. If your IP address is always changing, it will be troublesome.
Sixth, secure plug-ins and themes
The website does have our favorite themes and plug-ins, of course, some are cracked versions. The paid version is more expensive. What should I do? For security reasons, we recommend that we either buy the genuine version or replace it with a free security version of other products. Do not use cracked themes and plug-ins.
Seventh, regularly backup data
If it is relatively easy to back up the website, for example, the server panel or server provides regular snapshot backups. We can also use scripts and panel tools to back up to third-party object storage platforms. Data is very important.
VIII. Do not use the default user name
Now we don't have this problem. The default user name is admin. Now we can not create it. If there are still any, we need to disable the user or set permissions.
Ninth, setting of login background
We can set a separate background login portal for WordPress login. If the administrator is not the login URL address set by us, he or she cannot login. We can search for related codes. Sometimes we have our own theme, such as the robin theme that Lao Zuo has in use.
Tenth, set file read/write permissions
When the server uses users, some directories of the WP program need to be set with read/write permissions. It is wrong for some people to set all 777 permissions. We need 755 or 644 permissions. Generally, the file permissions are 755 and the folder permissions are 644.
XI. Login Reminder Function
This old left saw that some friends set email reminder function when logging in to websites and servers, and even added SMS reminder. This requires a little technology, and it is unnecessary for the general webmaster to add it.
The above is a summary and refers to some articles. We can use our WordPress website to ensure the security of our account and website. The most important regular backup and update program version is the most important.
Scan the code to follow the official account
Get more news about webmaster circle!
Entrepreneurship, operation and new knowledge
