WordPress: Ayyuka 10 masu kyau dangane da tsaro don shafukan yanar gizo

Linux Post Install

10 minti

WordPress: Ayyuka 10 mafi kyau a cikin al'amuran tsaro

WordPress: Ayyuka 10 mafi kyau a cikin al'amuran tsaro

WordPress (WP) an san shi da mashahuri CMS, a tsakanin abubuwa da yawa, an tsara su tare da girmamawa kan amfani, aiki, da sauƙin amfani, kasancewa cikin ci gaba mai gudana (5.2 na yanzu, suna da babbar ƙungiyar masu amfani a cikin harsuna da yawa kuma suna da babbar damar keɓancewa ta hanyar amfani da jigogi na wani ko ɓangare na uku da ƙari.

Har ila yau don kasancewa lafiya, amma don wannan, kamar yadda yake a kowane aikace-aikace ko tsarin, dole ne a bi kyawawan halaye don cimma amintaccen aiwatarwa na dogon lokaci. Kuma a cikin wannan sakon muna son samar da wasu shawarwari na asali game da wannan.

Gabatarwar

WP kasancewa mafi shahararren CMS don ginin gidan yanar gizo, Har ila yau yawanci ana yawan kai hare-hare ta kwamfuta, don haka baya ga sabuntawa koyaushe, yana buƙatar kulawa akai-akai, sabuntawa, da hanyoyin tsaro para don haka guji rauni saboda rauni a cikin add-ons, kalmomin shiga marasa ƙarfi, software da ta tsufa, tsakanin sauran dalilai da yawa, wannan shine, cimma yana rage raunin ku ga duk wani harin da aka nufa ko tsammani.

Bugu da kari, WP kamar kowane tsarin Gudanar da Abun Cikin (CMS) yana baku damar hanzarta ingantaccen ginin gidan yanar gizo sannan sanya shi akan layi. Capacityarfin ƙarfinsa na aiki da haɓaka, ta hanyar ɗigogi, jigogi masu haɗawa, yana sauƙaƙa sauƙi fiye da kowane lokaci don cimma wannan aikin amma ba tare da buƙatar dogon shekaru na ilmantarwa waɗanda yawanci ake buƙata don wannan ba.

Duk da haka, sakamako mai illa babu wani abin farin ciki da zai iya tashi daga wannan, yana iya zama cewa wasu manajoji na kayan aikin da aka faɗi, yawanci kewaye, matakan da ake buƙata don tabbatar da cewa gidan yanar gizon da aka ƙirƙira ko kiyaye shi amintacce ne. Saboda wannan, yana da mahimmanci a tuna da wasu matakai na musamman da takamaiman (kyawawan halaye), game da WP ko kowane CMS da gidan yanar gizo don kiyaye shi lafiya.

Ayyuka masu kyau

1.- Ka karfafa tsaron ka gaba daya

Tabbas WP yana da sauƙi ya wuce 30% na tushen yanar gizo mai aiki akan Intanet a yau, wanda ya sa ya zama manufa mafi soyuwa ga maharan da / ko maharan (hackers / crackers) da kyakkyawar niyya ko mara kyau. Saboda haka, sanannen kuma wanda aka rigaya ya sami nasarar amfani da yanayin rauni a kan irin wannan WP ɗin za a yi ƙoƙari akan sauran rukunin WP ɗin.

WordPress: 1st Kyakkyawan iceabi'a

Don haka idan kuna sarrafawa da / ko amfani da ɗaya ko fiye yanar gizo (s) tare da WP ku tabbata kun kasance da hankali, sosai kuma kuna da masaniya game da tsaron kan layi. Ka tuna cewa yawancin abubuwan da aka keta dokokin tsaro da aka ruwaito akan yanar gizo tare da WP ba su da komai ko kaɗan game da ainihin aikace-aikacen kanta, amma da yawa game da duk abin da ya shafi aiwatarwa, daidaitawa da kiyayewa gaba ɗaya, ana aiwatar da shi ba daidai ba ta masu ci gaba ko masu gudanarwa. '

WordPress: Kyakkyawan Practabi'a

2.- Sanin raunin ka

WordPress yana da kusan sanannun raunin tsaro 4.000, rarraba kamar haka: WP Core (37%), Plugins (52%) da Jigogi (11%), a cewar wani rahoto na kwanan nan daga gidan yanar gizon WPScans, wanda yanzu ake kira WPSec (tun daga 01-05-2019). Bincika raunin tsaro da ke fuskantar gidan yanar gizon ku kuma sami mafita don magance waɗancan matsalolin. Guji yin amfani da sigar rashin tsaro na WP Core, ko kuma abubuwan da take kunshe da su.

Mayar da hankali kan batutuwan tsaro masu zuwa akan WP ko gidan yanar gizon ku, ma'ana, akan Daban-daban na Hare-hare daga:

  • Utearfin ƙarfi: Securityarfafa tsaro akan shafin shiga.
  • Hada fayil: Thearfafa tsaro na fayil ɗin wp-config.php ɗinku.
  • Allurar SQL: Thearfafa tsaro na bayanan MySQL ɗin da ke hade da WP.
  • Rubutun Giciye: Starfafa tsaro na abubuwan WP da aka yi amfani da su.
  • Cutar Malware: Thearfafa cikakken tsaro na gidan yanar gizon ku don hana samun izini mara izini, shigar da malware da tarin bayanan sirri ta waɗannan lambobin masu ƙeta. Mafi yawan Malware ko hare-hare galibi nau'ikan nau'ikan ne: doorofar baya, Spam SEO, HackTool, Mailer, Defacement da Phishing. Duba don kare rukunin yanar gizonku ga kowane ɗayan waɗannan nau'ikan ɓarna ko hari.

Ka tuna cewa da zarar kowane rukunin yanar gizo ya keta, matsayin SEO zai iya wahala. Saboda injunan bincike suna hanzarta shiga gidajen yanar sadarwar ta yadda masu bincike za su ba baƙi alamun gargaɗi ko kuma toshe ikon yin amfani da waɗannan rukunin yanar gizon.

WordPress: Kyakkyawan Practabi'a

3.- Ka san kayayyakin aikin da kake samarwa

Idan gidan yanar gizan ku yana amfani da tallatawa ta waje, ma'ana, an dauke shi aiki a wajen kayan aikin ku, kar a rage tsada don tabbatar da ingancin aiki daga mai ba da bakuncin ku. Fiye da duka, idan ya ɗauki bakuncin rukunin yanar gizon sa a ƙarƙashin tsarin "haɗin gizon".

Tunda rashin ingancin 'raba tallatawa' na iya sanya rukunin yanar gizonku ya zama mai rauni lokacin da aka lalata ɗaya daga cikin rukunin yanar gizon da aka adana akan sabar ɗaya. Wato, idan aka yiwa yanar gizo kutse a sabar tare da "hada-hadar tallace-tallace", maharan na iya samun damar shiga wasu shafukan yanar gizon da bayanan su.

WordPress: Na 4 Kyakkyawan iceabi'a

4.- Sanin ebayanan fasaha na yanar gizo daga mai ba da sabis

Idan ya zo ga kimanta mai ba da sabis, abubuwan more rayuwa ba komai bane. Specificayyadaddun bayanan gidan yanar sadarwar da mai ba ku sabis ya yi amfani da su don samun kyakkyawan tsaro na rukunin yanar gizon yana da mahimmanci. Tabbatar cewa yana bin ƙa'idodin tsaro masu bada shawarar don ɗaukar gidan yanar gizonku:

  • Sauƙi shigarwa na takaddun shaidar SSL
  • Gudanar da aiki na nau'ikan software na sabar yanar gizo.
  • Kariyar Firewall
  • Rubuce na samun dama zuwa gidan yanar gizo
  • Odit na tsaro na yau da kullun
  • Gano ayyukan ƙeta
  • Tallafi ga SFTP (ba FTP kawai ba), TLS 1.2 da 1.3, kuma don PHP 5.6, aƙalla, kodayake an ba da shawarar 7.0 zuwa.

Duk wannan ya zama dole, aƙalla, don haɓaka tsaron gidan yanar gizonku tare da ko ba tare da WP azaman CMS mai amfani ba.

WordPress - Jigogi da ƙari: ugari

5.- Yi hankali da Jigogi da Gamawa da aka yi amfani da su

Abubuwan haɗin da jigogin da aka girka suna da matsala sosai a matakin tsaro. Neman yin amfani da WP kawai na hukuma ko jigogi da fitattun Al'umma da kari, sanannun wuraren kasuwanci ko kuma kai tsaye daga manyan masu haɓaka. Tunda da yawa daga cikinsu (basu da tabbas) na iya ƙunsar lambar ƙeta.

Babu matsala yadda zaka kare gidan yanar gizon ka daga WP idan ka girka malware. Yi bincikenku kafin zazzagewa da girka kowane jigogi da ƙari, ko mai haɓakawa ko gidan yanar gizon mai talla, kuma ku sami rarar ku tare da kyauta ko ragi.

WordPress: Na 5 Kyakkyawan iceabi'a

6.- Ka yi kokarin sabunta CMS dinka akai-akai

Sabuntawa ga dandalin yanar gizonku suna da matukar mahimmanci don tsaron ku. Ko dai WP CMS ɗinka ko a'a, tsoffin nau'ikan Core, Theme, ko plugins na iya jagorantarka zuwa haɗar sanannun lamuran yanar gizonku. Dangane da WP, wanda yake buɗaɗɗen tushe ne, akwai ƙungiyar da aka keɓe musamman ga wannan batun a cikin Maɓallin aikace-aikacen.

Duk wata matsalar rashin tsaro da aka gano a WP ana gyara ta kuma kawar da ita kai tsaye domin magance kowace sabuwar matsalar tsaro da aka gano a WP. Saboda wannan sabuntawa WP da duk jigogin sa da kuma abubuwanda aka samar dashi a sabon juzu'i wani muhimmin bangare ne na dabarun tsaro mai nasara.

WordPress: Na 6 Kyakkyawan iceabi'a

7.- Na sami kalmar sirri mai dacewa

Inganci ko ƙarfin kalmomin mu a shafukan yanar gizo suna da mahimmanci. Shiga cikin rukunin yanar gizon mu shine manufa da aka fi so don amfani da rauni, saboda yana samar da hanya mafi sauƙi ga shafin gudanarwar gidan yanar gizon ku.

Hare-haren zalunci sune hanyar da aka fi amfani dasu don amfani da hanyar shiga ku, gano sunan mai amfani da haɗin kalmar sirri don samun damar shiga gidan yanar gizon. A cikin takamaiman lamarin WP, ta tsohuwa ba ta iyakance adadin yunƙurin shiga da wani bai yi nasara ba wanda wani zai iya yi, saboda haka, abin da aka fi ba da shawara shi ne amfani da kalmar sirri mai rikitarwa don shiga mai gudanarwa na WP ɗinku.

Lokacin zabar kalmar sirri, yi la'akari da waɗannan mahimman buƙatun 3 bisa tsarin CLU (Hadaddiyar, Doguwa ce, Musamman):

  • Hadaddun: Kalmomin shiga ya zama bazuwar-wuri kuma mafi kusanci da Mai Gudanarwar Yanar Gizo ko Yanar Gizo.
  • Tsawon lokaci: Dole kalmomin shiga su zama haruffa 12 ko sama da haka a tsayi. Kuma an ƙarfafa shi tare da ƙuntatawa ko iyakancewa akan adadin ƙoƙarin haɗin haɗin da bai yi nasara ba.
  • KAWAI: Kada a sake amfani da kalmomin shiga. Kowane kalmar sirri dole ne ta zama ta musamman a cikin lokaci. Wannan doka mai sauƙi tana taƙaita tasirin kowane kalmar sirri da aka samu matsala.

Shawara: Yi amfani da manajan kalmar shiga kamar “LastPass” (kan layi) da “KeePass 2” (wajen layi) don samarwa da adana dukkan kalmomin shiga cikin tsarin ɓoyayyiyar hanya.

WordPress: Kyakkyawan Practabi'a

8.- Koyaushe ka shirya shirin ka na yaki da bala'i

Idan kayi amfani da WP ka tuna cewa bashi da tsarin adanawa a ciki. Oneara ɗaya a matsayin fifiko, don haka koyaushe kuna da adreshin yanar gizonku na yau da kullun. Ajiye bayanan suna da mahimmanci kuma babbar dabara ce ta tsaro don aiwatarwa.

Kar ka manta cewa ya kamata ba kawai ba adana bayanan da kuka yi amfani da su na yanar gizoamma duka saitunan na dukkan sabar ta hanyar ayyuka na atomatik tare da rubutu ko tsarin hotunan hoto, don sauƙaƙe maidodi da sabunta shigarwa a cikin mafi karancin lokaci.

WordPress: Kyakkyawan Practabi'a

9.- Kara tsaro ta amfani da 2FA

Arfafa shigarwar gudanarwa na WP ko gidan yanar gizonku ta amfani da hanyar tabbatar da abubuwa biyu (2FA), wanda shine ɗayan mafi kyawun hanyoyi don amintar da gidan yanar gizonku a yau. Tabbatar da abubuwa biyu yana ƙara ƙarin kariya ga shiga yanar gizonku, ta hanyar buƙatar yin amfani da kalmar wucewa ta buƙatar ƙarin lambar da ke da matukar damuwa daga wata na'ura, kamar su wayoyin ku, don shiga cikin nasara.

A game da WP wannan baya bayar da wannan aikin ta tsoho saka iri ɗaya ta amfani da pluginkamar iThemes Tsaro don ƙara iri ɗaya.

WordPress: Kyakkyawan Practabi'a

10.- Yi amfani da duk wani kayan haɗi na tsaro

Yawancin CMS kamar WP suna amfani da plugins don haɓaka ƙarfin tsaro na kansu. A takamaiman lamarin WP, ana bada shawarar yin amfani da kayan aikin tsaro wanda ake kira iThemes Security. don ƙara ƙarin kariya ga gidan yanar gizonku. Wannan fulogin yana toshe WP, yana gyara ramuka sanannu, yana dakatar da kai hare-hare ta atomatik, yana ƙarfafa takardun shaidan mai amfani.

Yana da sigar kyauta (iThemes Tsaro) da sigar biyan kuɗi (iThemes Security Pro) wanda a fili yake samar da ƙarin abubuwan tsaro kamar su 2FA, shirye-shiryen malware, rajistar mai amfani, da sauran abubuwa.

ƙarshe

Ko ya kasance akan WP ko wata CMS, zaku iya guje wa yawancin matsalolin tsaro na yanar gizo kawai ta bin waɗannan kyawawan ayyukan tsaro ko kyawawan halaye. Gidan yanar gizonku ya cancanci kuma dole ne ya sami matakan tsaro da suka dace don tabbatarwa ko rage girmanta a cikin waɗannan lokutan don damuwa da ayyukan masu fashin kwamfuta da masu fashin kwamfuta.

A ƙarshe kuma azaman ƙari, muna ba da shawarar ka karanta wannan labarin a shafinmu akan batun don karfafa tsaron gidan yanar gizonku, wanda ake kira: Izini na Linux don Masu Gudanar da Tsarin Tsarin Tsarin Tsarin Tsarin Tsarin Tsarin Tsarin Tsarin Tsarin Mulki da Gudanarwa.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.