我从指导世界上最好的加速器的初创公司中学到的东西 如何将你的爱好变成有利可图的商业冒险 最大的公司名称更改 (信息图) 如何找到您的电子商务业务利基 初创公司可以从数字化转型中学到的5件事 战时企业家的生活故事 如何确定您的医疗索赔计费服务的最佳市场 大多数初创公司都知道不会犯的明显错误 (但无论如何还是会犯) 如何找到你有利可图的想法 为了增加成功的机会,进入一个你知道的行业 为什么我给我的团队买了100双运动鞋 在迈向企业家之前,您必须回答8个棘手的问题 使用 “事实” 方法来提出正确的想法 30岁前你应该学到的7个商业课程 成功餐饮活动的提示 在为时已晚之前申请商标 管理远程团队的7个技巧 (信息图) 创业投资者在投资前寻找的5件事 成功启动中西部创业的4个技巧 在迈向企业家之前,您必须回答8个棘手的问题 创业投资者在投资前寻找的5件事 3种策略,使您的产品在走出阴影之前达到最佳状态 管理远程团队的7个技巧 (信息图) 3甚至证明荒谬想法的网站都可以成为在线赚钱的人 2使命驱动的企业家分享他们的成功之路 赢得商业和生活的3个关键 如果你不想成为企业家也没关系 对幸福的不懈追求 创业或发展企业时的14种省钱方法 杰西卡·阿尔芭和莎拉·米歇尔·盖拉的重要创业课程 一方: 建立你的单人公司 创业创业的8条财务提示 企业家必须了解有关Cap表管理的12条规则 在线商务教练的隐患 你的商业计划必须回答的6个问题 辞职或被搞砸了之前必须做的7件事 企业家犯的6个最大的创业错误 为您的创业公司寻找创意员工的4种明智方法 帮助您经营多个企业的4个技巧 当你不能辞职时如何创业 这些标志是您成为企业家的正确时机 自制的成功故事是否说服某些大学没有必要? 每个小企业网站应该具备的5个关键要素 你应该创办一家公司而不是创办一家初创公司的4个理由 今天赚100美元的50种方法 2个兄弟如何复兴他们家庭的田纳西州威士忌酒厂 建立了150万美元的演讲厅的人的6个成功秘诀 开展业务时需要打电话的5个好处 在将自由职业者转变为代理机构之前要知道的6件事 “Catpreneurs” 在纽约的第一届 “猫营” 研讨会上团结起来
您的位置:首页 >综讯 >

Is Your WordPress Site at Risk of Attack?

2021-05-30 12:11:03 来源:

This past October, the Wordpress security team used an internal feature to push a security update to a popular plugin. The ability to forcibly push an update was unknown to many, even among experienced developers.

The bug found in the Loginizer plugin, used by more than a million sites, was categorized as one of the worst security issues affecting a Wordpress plugin in recent memory, which is why the security team at Wordpress felt the action was necessary.

Not everyone appreciated Wordpress’s proactive approach, users complained on Loginzer’s forum and the Wordpress.org site. Some were surprised to learn it was even possible to update a plugin with disabled automatic updates. Users complained in 2015 as well, after Wordpress first used the forced update feature.

58003 The vulnerability could have enabled hackers to take over Wordpress sites using outdated versions of Loginizer, which ironically provides security enhancements for the Wordpress login page.

Wordpress update

About two weeks later, Wordpress rolled out the Wordpress 5.5.2 security and maintenance release for Wordpress core. This update contains ten security fixes, and Wordpress recommends all users update their sites immediately.

As of 2016, Wordpress powered about34% of the 1.2 billion websites on the internet. A content management system (CMS), Wordpress is preferred by web developers of basic and advanced skill levels, primarily due to its ease of use. With so many installs, it is a constant target for cybercriminals, and site owners around the world have fallen prey to a continual string of brute force and other types of attacks. These regular security updates from Wordpress are critical to keeping these sites safe and available.

Wordpress ecosystem

Not only does Wordpress attract nefarious hackers, but it also attracts entrepreneurs. Companies such as Astra, iThemes, Sucuri, and Bullet have built their businesses on solving security issues for Wordpress website owners.

Along with the ease of use of this popular CMS comes simple customization. No matter what type of site you wish to build, there is a plugin to provide ready-made customization. At last count,Wordpress.org listed more than 58,000 solutions, but these plugins and themes are often the entry point for attacks.

Wordpress, plugins, and themes are most often vulnerable to:

Brute Force Attacks - entering different username and password combinations until gaining entry.

Cross-Site Scripting - hackers entice victims to a site that contains malicious JavaScript codes.

File Inclusions - exploitation of vulnerabilities in the Wordpress pHp code.

Malware - code injected into the site to facilitate, for example, unauthorized redirects or allow high-level access to your hosting account.

SQL Injections - attackers look for unsecured databases and access them using MySQL injections, which gives them control over all the data and enables them to create admin accounts or insert content into the database such as links to other sites that contain malware.

Why is your Wordpress website at risk?

58003

Simple passwords

To impede brute force attacks, create complicated passwords by using 12 or more characters, mixing symbols, letters, and numbers, and ensuring the password is unique to your Wordpress site. password vault applications such as Lastpass and 1password make this easy.

No authentication

Multi-factor authentication provides an additional layer of security that, when added to other best practices, will help keep hackers from accessing your website. There are several applications, such as Google Authenticator for your mobile device to authenticate authorized access attempts.

Unused plugins and themes

Other points of entry for Wordpress websites are outdated plugins and themes. 58003 The abandoned plugins are left behind and updates ignored. Over time, websites may accumulate dozens of unused plugins and themes.

Exercise caution when installing new plugins and themes. Always download from trustworthy websites such as ThemeForest, CodeCanyon, and Wordpress.org. Use fewer plugins by choosing those with multiple functions rather than several single-function plugins.

Delete themes by logging in to your hosting account or using FTp software. Also, check the database for table orphans created by plugins you’re no longer using.

No security plugin

Every site should have a security plugin, and there are many good ones. These are your first line of defense should hackers attempt to access your site. You will often find Sucuri, iThemes Security, All In One Wp Security & Firewall, Bulletproof Security, Jetpack, Secupress, Cerber Security, and Wordfence on top-ten lists along with other lesser-known options.

No hosting security

Many hosting companies have security features included or available as an add-on service. Conp the software (and your Wordpress security plugin) for regular scans—daily is not too often—and to alert you of any anomalies.

A backup plan

While every website owner should follow security best practices, the chance of having a site hacked still exists. Backup plans are the fail-safe when all that can go wrong does. Enable regular backups based upon how often you make changes to the site. If it’s a daily task, create daily backups. Store them off-site and keep a week’s worth in case you don’t discover an attack right away and need to go back several days to find a clean backup.

The developers behind Wordpress work tirelessly to keep websites safe, but owners must take responsibility for ensuring their software is up to date, and passwords are secure. In the same way Wordpress has made developing sites easy, it has also made security as easy. Install updates, use complicated passwords, add authentication, and schedule backups to keep your site running and earning money.

免责声明:本网站所有信息仅供参考,不做交易和服务的根据,如自行使用本网资料发生偏差,本站概不负责,亦不负任何法律责任。如有侵权行为,请第一时间联系我们修改或删除,多谢。

今日中国财经