I-WordPress: izindlela eziyi-10 ezinhle maqondana nokuphepha kwamawebhusayithi

I-WordPress: izindlela eziyi-10 ezihamba phambili maqondana nezokuphepha

I-WordPress: izindlela eziyi-10 ezihamba phambili maqondana nezokuphepha

I-WordPress (WP) yaziwa njenge i-CMS ethandwa kakhulu, phakathi kwezinto eziningi, zenzelwe ukugcizelela ukufinyeleleka, ukusebenza, nokusebenziseka kalula, ukuthuthuka okuqhubekayo (inguqulo yamanje 5.2), Unomphakathi omkhulu wabasebenzisi ngezilimi eziningi futhi unamandla amakhulu wokwenza ngokwezifiso ngokusebenzisa izingqikithi zakho noma ezivela eceleni nezengezo.

Futhi ngokuphepha kakhulu, kepha ngalokho, njenganoma yiluphi uhlelo noma uhlelo, izindlela ezinhle kufanele zilandelwe ukufeza ukusetshenziswa okuphephile kwesikhathi eside. Futhi kulokhu okuthunyelwe sifuna ukuhlinzeka ngezincomo eziyisisekelo maqondana nalokhu.

Isingeniso

I-WP iyi-CMS ethandwa kakhulu yokwakha amawebhusayithi, futhi kuvame ukubhekiswa kakhulu ekuhlaselweni ngamakhompyutha, ngakho-ke ngaphandle kokuvuselelwa kwayo njalo, kudinga ukugcinwa njalo, ukuvuselelwa, kanye nezinqubo zokuphepha ukuze ngakho-ke gwema ubuthakathaka ngenxa yobuthakathaka kuzengezo, amaphasiwedi abuthakathaka, isoftware ephelelwe yisikhathi, phakathi kwezinye izizathu eziningi, ukufeza ukunciphisa kakhulu ukuba sengozini kwakho kunoma yikuphi ukuhlaselwa okuhlosiwe noma okungalindelekile.

Ngaphezu kwalokho, i-WP njenganoma iyiphi enye i-Content Management Systems (i-CMS) ikuvumela ukuthi wakhe iwebhusayithi ngokushesha nangokuphumelelayo bese uyibeka ku-inthanethi. Umthamo wayo omkhulu womsebenzi nokukhula, usebenzisa amamojula, izingqikithi ezihambisanayo, kwenza kube lula kunanini ngaphambili ukufeza lo msebenzi kodwa ngaphandle kwesidingo seminyaka emide yokufunda esivame ukudingeka kulokhu.

Nokho, umphumela ohlangothini akukho okujabulisayo okungavela kulokhu, kungenzeka ukuthi abanye abaphathi bethuluzi elishiwoyo, imvamisa ukweqa, izinyathelo ezidingekayo zokuqinisekisa ukuthi iwebhusayithi eyenziwe noma igcinwe ivikelekile. Ngalesi sizathu, kubalulekile ukugcina engqondweni ezinye izindlela ezijwayelekile nezicacisiwe (imikhuba emihle), mayelana ne-WP noma enye i-CMS newebhusayithi ukuyigcina iphephile.

Imikhuba emihle

1.- Qinisa ukuphepha kwakho kukonke

I-WP ngokuqinisekile idlula kalula i-30% yesisekelo samawebhusayithi asebenzayo kwi-Intanethi namuhla, okwenza kube yitshe eliyintandokazi labahlaseli kanye / noma abahlaseli (abahlaseli / abahlaseli) ngezinhloso ezinhle noma ezimbi. Ngakho-ke, ubungozi obwaziwayo nobusivele buxhashazwe ngempumelelo kusayithi elifanayo le-WP bazozama kwamanye amasayithi we-WP afanayo.

I-WordPress: Ukuzijwayeza okuhle kokuqala

Ngakho-ke uma uphatha futhi / noma usebenzisa iwebhusayithi eyodwa noma ngaphezulu nge-WP qiniseka ukuthi uqaphela kakhulu, ucophelela futhi uyakwazi ukuphepha kwabo ku-inthanethi. Hlala wazi ukuthi ukwephulwa kwezokuphepha okuningi okuhlaziyiwe nokubikwa kumawebhusayithi ane-WP akunalutho noma akuhlangene nomnyombo wohlelo uqobo, kepha kuningi okuphathelene nakho konke okuphathelene nokuqaliswa kwalo, ukumiswa nokulungiswa okujwayelekile, okwenziwe ngokungalungile ngonjiniyela noma abaphathi. '

I-WordPress: Ukuzijwayeza okuhle kwe-2nd

2.- Yazi ubuthakathaka bakho

I-WordPress inokukhubazeka okuphephile okungaba ngu-4.000, okusatshalaliswe kanjena: WP Core (37%), Plugins (52%) and Themes (11%), ngokusho kombiko wakamuva ovela kuwebhusayithi ye-WPScans, manje ebizwa manje I-WPSec (kusukela ngo-01-05-2019). Phenya ubungozi bokuphepha obhekene newebhusayithi yakho bese uthola isisombululo sokuxazulula lezi zinkinga. Gwema ukusebenzisa izinhlobo ezingavikelekile ze-WP Core, noma ama-plugins nezindikimba zayo.

Gxila kulezi zihloko zokuphepha ezilandelayo ku-WP yakho noma kuwebhusayithi, okungukuthi, ku- Izinhlobo ezihlukile ze Ukuhlaselwa kusuka:

  • Brute force: Ukuqinisa ukuphepha ekhasini lakho lokungena ngemvume.
  • Ukufakwa kwefayela: Ukuqinisa ukuphepha kwefayela lakho lokumisa le-wp-config.php.
  • Umjovo we-SQL: Ukuqinisa ukuphepha kwe-database yakho ye-MySQL ehlotshaniswa ne-WP.
  • Ukubhalwa kwesiza esiphambanweni: Ukuqinisa ukuphepha kwama-plugins we-WP asetshenzisiwe.
  • Ukutheleleka kwe-Malware: Ukuqinisa ukuphepha okujwayelekile kwewebhusayithi yakho ukuvimbela ukufinyelela okungagunyaziwe, ukufakwa kwe-malware nokuqoqwa kwedatha eyimfihlo ngalezi zimodi ezinonya. I-Malware noma ukuhlaselwa okuvame ukwedlula konke kohlobo: iBackdoor, i-SEO Spam, iHackTool, i-Mailer, i-Defacement ne-Phishing. Bheka ukuvikela isayithi lakho kulolu hlobo ngalunye lwe-malware noma ukuhlaselwa.

Khumbula ukuthi uma noma iyiphi iwebhusayithi seyonakalisiwe, izinga layo le-SEO lingahlupheka. Ngoba izinjini zokusesha zivame ukungena ngokushesha kumawebhusayithi afakwe engozini ukuze iziphequluli zinikeze izivakashi izimpawu zokuxwayisa noma zivimbele ngokuphelele ikhono lokuzulazula kulawo masayithi.

I-WordPress: Ukuzijwayeza okuhle kwesithathu

3.- Yazi ingqalasizinda yomhlinzeki wakho wokusingathwa

Uma iwebhusayithi yakho isebenzisa ukusingathwa kwangaphandle, okungukuthi, kuqashwe ngaphandle kwengqalasizinda yakho, unganciphisi izindleko ukuqinisekisa ikhwalithi yensizakalo evela kumhlinzeki wakho wokubamba. Ngaphezu kwakho konke, uma ephethe isiza sakhe ngaphansi kohlelo "lokubamba ngokuhlanganyela".

Kusukela 'ukusingathwa okwabiwe' kwekhwalithi empofu kungenza isayithi lakho libe sengozini kakhulu lapho elinye lamawebhusayithi agcinwe kuseva efanayo lifakwa engozini. Okusho ukuthi, uma iwebhusayithi igqekezwe kuseva nge- "host shared", abahlaseli bangathola ukufinyelela kwamanye amawebhusayithi nemininingwane yabo.

I-WordPress: Ukuzijwayeza okuhle kwe-4

4.- Yazi i-eUkucaciswa kobuchwepheshe bewebhu kusuka kumhlinzeki wakho wokusingathwa

Uma kukhulunywa ngokuhlola umhlinzeki wokusingathwa, ingqalasizinda yayo akuyona yonke into. Ukucaciswa kwewebhu yezobuchwepheshe okusetshenziswa ngumhlinzeki wakho wokusingathwa ukufeza ukuphepha okungcono kwamawebhusayithi abanjwe nakho kubalulekile. Qiniseka ukuthi ilandela izinkombandlela ezilandelayo ezinconyiwe zokuphepha zokubamba iwebhusayithi yakho:

  • Ukufakwa okulula kwezitifiketi ze-SSL
  • Ukuphathwa okusebenzayo kwezinguqulo zesoftware yewebhu.
  • Ukuvikelwa kwe-Firewall
  • Ukurekhodwa kokufinyelela kuwebhusayithi
  • Ukuhlolwa njalo kwezokuphepha
  • Ukutholwa komsebenzi onobungozi
  • Ukusekelwa kwe-SFTP (hhayi i-FTP kuphela), i-TLS 1.2 ne-1.3, ne-PHP 5.6, okungenani, yize kunconyelwa 7.0 phambili.

Konke lokhu kuyadingeka, okungenani, ukukhulisa ukuphepha kwewebhusayithi yakho ngeWP noma ngaphandle kwayo njenge-CMS esetshenzisiwe.

I-WordPress - Izindikimba nama-plugins: Ama-plugins

5.- Qaphela izingqikithi nokuqedwa okusetshenzisiwe

Ama-plugins nezindikimba ezifakiwe zibaluleke kakhulu ezingeni lokuphepha. Hlela ukusebenzisa kuphela izingqikithi ezisemthethweni ze-WP noma zomphakathi nama-plugins, izinqolobane ezaziwayo ezentengiselwano noma ngqo kusuka kubathuthukisi abaziwayo. Njengoba eziningi zazo (ezingaqinisekisiwe) zingaqukatha ikhodi enonya.

Akunandaba ukuthi uyivikela kangakanani iwebhusayithi yakho kwi-WP uma ufaka i-malware. Yenza ucwaningo lwakho ngaphambi kokulanda nokufaka noma yiziphi izingqikithi nama-plugins, noma i-webhusayithi yonjiniyela noma umgqugquzeli, futhi ube nokubhuka kwakho nalabo mahhala noma abanesaphulelo.

I-WordPress: Ukuzijwayeza okuhle kwe-5

6.- Zama ukuvuselela i-CMS yakho njalo

Ukuvuselelwa kupulatifomu yakho yewebhu kubaluleke kakhulu ekuphepheni kwakho. Noma kunjalo I-WP i-CMS yakho noma cha, izinhlobo eziphelelwe yisikhathi zeCore yakho, iTimu, noma ama-plugins zingakuholela ekutheni ubambe ubungozi obaziwayo kuwebhusayithi yakho. Endabeni ye-WP, okungumthombo ovulekile, kunethimba elizinikele ngokukhethekile kulolu daba ngaphakathi kweCore yesicelo.

Konke ukuba sengozini kwezokuphepha okutholwe ku-WP kuyalungiswa futhi kususwe ngokushesha ukuze kuxazululwe inkinga ngayinye entsha yokuphepha etholwe ku-WP. Ngenxa yalokho kuvuselelwa I-WP nazo zonke izingqikimba zayo nama-plugins kwinguqulo yakamuva kuyisici esibalulekile secebo lokuphepha eliphumelelayo.

I-WordPress: Ukuzijwayeza okuhle kwe-6

7.- Ngithole iphasiwedi efanelekayo

Ikhwalithi noma amandla wamaphasiwedi ethu kumawebhusayithi kubaluleke kakhulu. Ukungena kumawebhusayithi ethu kuyisisekelo esiyinhloko sokusebenzisa ubungozi, ngoba kunikeza ukufinyelela okulula ekhasini lokuphatha lewebhusayithi yakho.

Ukuhlaselwa ngamandla Brute kuyindlela ejwayelekile yokuxhaphaza ukungena kwakho ngemvume, ukuthola inhlanganisela yegama lomsebenzisi nephasiwedi ukuthola ukufinyelela kuwebhusayithi. Endabeni ethile ye-WP, ngokuzenzakalela ayilinganisi inani lemizamo yokungena ngemvume ehlulekile umuntu angayenza, ngakho-ke, okunconyelwa kakhulu ukusetshenziswa kwephasiwedi eyinkimbinkimbi yokungena ngemvume komlawuli wakho we-WP.

Lapho ukhetha iphasiwedi, cabanga ngalezi zidingo eziyisisekelo ezi-3 ngokuya ngefomethi ye-CLU (Kuyinkimbinkimbi, Kude, Kuhlukile):

  • INKIMBINKIMBI: Amaphasiwedi kufanele ahlelwe ngokungahleliwe ngangokunokwenzeka futhi ahlobene kancane noMlawuli Wewebhu noma iWebhusayithi.
  • ISIKHATHI ESIDE: Amaphasiwedi kufanele abe nezinhlamvu eziyi-12 noma ngaphezulu ngobude. Futhi iqiniswe ngemikhawulo noma ukulinganiselwa kunombolo yemizamo yokuxhumeka ehlulekile.
  • KUPHELA: Ungaphindi usebenzise amaphasiwedi. Iphasiwedi ngayinye kufanele ihluke ngesikhathi. Lo mthetho olula ulinganisela kakhulu umthelela wanoma iyiphi iphasiwedi eyonakalisiwe.

Isincomo: Sebenzisa umphathi wephasiwedi onjenge- “LastPass” (online) ne- “KeePass 2” (okungaxhunyiwe ku-inthanethi) ukukhiqiza nokugcina onke amaphasiwedi wakho ngendlela ebetheliwe.

I-WordPress: Ukuzijwayeza okuhle kwe-7th

Hlala njalo ulungiselele uhlelo lwakho lokulwa nenhlekelele

Uma usebenzisa i-WP khumbula ukuthi ayinayo uhlelo lokusekelayo olwakhelwe ngaphakathi. Faka eyodwa njengokuza kuqala, ukuze uhlale unesipele esesikhathini sewebhusayithi yakho. Izipele zibaluleke kakhulu futhi kuyisu elijwayelekile lokuphepha okufanele lisetshenziswe.

Ungakhohlwa ukuthi akufanele wenze kuphela yenza isipele amawebhusayithi kanye nemininingwane yakho oyisebenzisilekodwa konke izilungiselelo kwiseva yonke ngemisebenzi ezenzakalelayo enesikripthi noma amasistimu wesithombe ahlanganisiwe, ukwenza lula ukubuyiselwa okudingekayo kanye nokufakwa kabusha ngesikhathi esifushane kakhulu.

I-WordPress: Ukuzijwayeza Okuhle kwesi-8

9.- Khulisa ukuphepha kwakho usebenzisa i-2FA

Qinisa ukungena ngemvume komlawuli wakho we-WP noma iwebhusayithi yakho usebenzisa indlela yokuqinisekiswa kwezinto ezimbili (2FA), okungenye yezindlela ezinhle kakhulu zokuvikela iwebhusayithi yakho namuhla. Ukuqinisekiswa kwezinto ezimbili kunezela isendlalelo esingeziwe sokuvikelwa ekungeneni ngemvume kuwebhusayithi yakho, ngokudinga ukuthi ukusetshenziswa kwephasiwedi yakho kudinge ikhodi eyengeziwe ezwela isikhathi kusuka kwenye idivayisi, njenge-smartphone yakho, ukuze ungene ngempumelelo. .

Endabeni ye-WP lokho akunikeli lokhu kusebenza ngokuzenzakalela shumeka okufanayo ngokusebenzisa i-pluginnjengeThemes Security ukwengeza okufanayo.

I-WordPress: Ukuzijwayeza okuhle kwe-9th

10.- Sebenzisa noma iziphi izesekeli zokuphepha ezidingekayo

Ama-CMS amaningi afana ne-WP asebenzisa ama-plugins ukukhulisa amandla awo okuphepha. Endabeni ethile ye-WP, ukusetshenziswa kwe-plugin yezokuphepha ebizwa nge-iThemes Security kuyanconywa. ukufaka ukuvikelwa okungaphezulu kwewebhusayithi yakho. Le plugin ivimba i-WP, ilungisa izimbobo ezaziwayo, imise ukuhlaselwa okuzenzakalelayo, futhi iqinise izifakazelo zomsebenzisi.

Inenguqulo yamahhala (iThemes Security) nenguqulo ekhokhelwayo (iThemes Security Pro) okusobala ukuthi inikezela ngezici eziningi zokuphepha ezifana ne-2FA, ukuskena kwe-malware okuhleliwe, ukubhaliswa komsebenzisi, phakathi kwezinye izinto.

Isiphetho

Noma ngabe sekuphelile i-WP noma enye i-CMS, ungagwema izinkinga eziningi zokuphepha zewebhusayithi ngokumane ulandele le mikhuba emihle yokuphepha noma imikhuba emihle. Iwebhusayithi yakho ifanelwe futhi kufanele ibe nezinyathelo zokuphepha ezidingekayo ukuze kuqinisekiswe noma kuncishiswe ukungaphumeleli kwayo kulezi zikhathi ezikhathazwe kakhulu umsebenzi wabaduni nabaqhekezi.

Ekugcineni futhi njengokungeza, sincoma ukuthi ufunde le enye indatshana kubhulogi yethu esihlokweni ukuqinisa ukuphepha kwewebhusayithi yakho, ebizwa: Izimvume ze-Linux zabaPhathi BeSistimu Nonjiniyela.


Yiba ngowokuqala ukuphawula

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.