Protecting Your WordPress Admin Panel From Hackers With .htaccess Zaščita Vaš WordPress Admin Panel Od Hackers With. Htaccess
If you are using WordPress as the platform behind your blog or website you probably know that there have been a lot of security holes, not just in the software itself, but also in the plugins as well. Če uporabljate WordPress kot platforma zadaj svoj blog ali spletni strani verjetno veste, da je bilo veliko varnostnih lukenj, ne samo v programsko opremo, temveč tudi v čep tudi. In light of these problems, we'll look at how to prevent hacking attempts by locking down your administration folder. V luči teh problemov, bomo pogledali, kako preprečiti Isjeckan poskusi z zaklepanjem niz vaš uprave mapo.
The Apache web server has a built-in mechanism that allows you to assign a required password for a folder, which is separate from your WordPress password. Spletni strežnik Apache ima vgrajen mehanizem, ki vam omogoča, da dodeliti potrebna gesla za mapo, ki je ločen od svoje geslo WordPress.
Quick Blog Security Tips Quick Blog Security Nasveti
Security is important enough that I felt it necessary to include some extra tips here. Varnost je pomemben dovolj, da sem se počutil, da je treba vključiti nekaj dodatnih nasvetov tukaj. This is by no means a complete list, but you should look into them anyway. To nikakor ni popoln seznam, vendar morate pogledati v njih vseeno.
- Make sure you are running the latest version of WordPress and all your plugins. Poskrbite, da imate nameščeno najnovejšo različico WordPress in vse vaše čep.
- You should consider subscribing to Ti bi morala razmisliti, da se naročijo BlogSecurity.net BlogSecurity.net , a blog that attempts to cover security news about blogging platforms. , Blog, ki poskuša zajemal varnostne novice o blogging platform.
- Make sure that your file permissions are set correctly according to the Prepričajte se, da so vaše datoteke dovoljenja pravilno nastavljen v skladu z WordPress guidelines WordPress smernice . .
- Make sure you are using tough passwords for all accounts. Poskrbite, da rabiš težke gesla za vse račune.
- Make sure that you are backing up your entire WordPress installation and database. Prepričajte se, da ste varnostno kopiranje celotnega WordPress namestitev in podatkovne baze.
- Lock down your administration folder with .htaccess rules (covered here) Lock Vaš uprave mapo. Htaccess pravil (ki tukaj)
Assigning a Password to wp-admin Directory Manually Določanje Geslo za wp-admin Directory Ročno
Create a file named .htaccess in your wp-admin directory, and add the following contents: Ustvarite imenom datoteke. Htaccess v vašem imeniku wp-admin, in doda naslednje vsebine:
AuthName “Restricted Area” AuthName "omejeno območje"
AuthType Basic AuthType Basic
AuthUserFile /var/full/web/path/.htpasswd AuthUserFile / var / polni / web / path / .htpasswd
AuthGroupFile /dev/null AuthGroupFile / dev / null
require valid-user zahtevajo veljavna uporabnika
You'll need to adjust the AuthUserFile line to use the full path to the .htpasswd file we'll create in the next step. Boste morali prilagoditi AuthUserFile vrstica za uporabo v celoti pot. Htpasswd datoteko bomo ustvarili v naslednjem koraku. You can find the full path by using the pwd command from the shell prompt. Lahko najdete polno pot z uporabo pwd ukaz lupine uren.
Next you'll need to use the htpasswd command line utility to create the password file. Nato boste morali uporabiti htpasswd ukazne vrstice korist za ustvarjanje gesla datoteke. I would also advise that you use a different user account and password than you use for your WordPress installation. Jaz bi tudi svetoval, da uporabite drug uporabniški račun in geslo, kot ga uporabljate za namestitev WordPress.
$ htpasswd -c .htpasswd myusername $ Htpasswd-c. Htpasswd myusername
New password: Novo geslo:
Re-type new password: Ponovno vpišite novo geslo:
Adding password for user myusername Dodajanje geslo za uporabnika myusername
You'll want to make sure you are in the directory specified by AuthUserFile, and change “myusername” to something unique for your site. Boste želeli, da se prepričajte, da ste v imeniku, ki ga AuthUserFile, in spremembe "myusername" za nekaj posebnega za vašo spletno stran. This will create a file with contents similar to the following: To bo ustvarilo datoteko z vsebino, podobno naslednjemu:
myusername:aJztXHCknKJ3. myusername: aJztXHCknKJ3.
At this point you should be prompted for a password when you navigate to your WordPress administration panel. Na tej točki morate biti pozove za geslo, ko si izberite svojo upravo WordPress plošči. You'll notice that “Restricted Area” is the text from the .htaccess file, which could be changed to anything else. Opazili boste, da je "območje omejenega gibanja" je besedilo. Htaccess datoteka, ki se lahko spremeni v karkoli drugega.
If you get a server error instead, you should probably remove the .htaccess file and start over. Če dobite napake na strežniku, namesto da bi si verjetno odstraniti. Htaccess datoteko in začeti znova.
Lastly, you should make sure that you remove write permissions to both files with the chmod command as one more layer of security. Končno, bi se prepričajte, da ste odstraniti dovoljenja za pisanje tako datotek s chmod ukaz kot eno plast varnosti.
chmod 444 .htaccess chmod 444. htaccess
chmod 444 .htpasswd chmod 444. htpasswd
.htaccess Password File Generator . htaccess Geslo File Generator
There's a great tool from Dynamicdrive that will do all the hard work of creating the file for you. There's a velik orodje iz Dynamicdrive, da bo storila vse trdo delo za ustvarjanje datoteke za vas. This is especially useful if you don't have shell access to your server, because you can just upload the files via your FTP/SFTP client. To je še posebej uporabno, če nimate shell dostop do strežnika, ker lahko samo upload datotek preko vašega FTP / SFTP client.
http://tools.dynamicdrive.com/password/ http://tools.dynamicdrive.com/password/
You should still make sure that you remove write access once the files are uploaded. Morate vedno poskrbite, da odstranite pisanje, ko se naložijo datoteke.
Daily Email Updates Dnevni Email Updates
You can get our how-to articles in your inbox each day for free. Lahko dobite našo kako do člankov v vašo mapo »Prejeto vsak dan brezplačno. Just enter your name and email below: Preprosto vpišite vaše ime in e-pošto spodaj:
This is great advice. To je super nasvet. It should be pointed out, however, that not everyone has access to create a .htaccess file with password. Treba je poudariti, pa je, da ne vsakdo ima dostop do ustvariti. Htaccess datoteko z geslom. Many hosting services don't give their users this kind of access. Veliko hosting storitev, ne da njihovi uporabniki te vrste dostopa.
This may be a stupid question, I don't know. To je lahko neumno vprašanje, ne vem. I recently signed up for a new Wordpress account. Pred kratkim sem prijavili za nov račun Wordpress. The blog is hosted on their server. Blog je gostišče na njihovem strežniku. I didn't download anything or install it on my web server. Nisem nič ne prenesete ali namestite na svoj spletni strežnik. So, is any of this necessary? Torej, je vse to potrebno?
Do you mean Wordpress.com? Ali mislite Wordpress.com? If so then you won't be able to do this. Če je tako potem ne boste mogli to storiti.
@JasonS: This refers to Wordpress.org, which is the actual CMS software. @ JasonS: To se nanaša na Wordpress.org, ki je dejansko software CMS. You are thinking of Wordpress.com, which is a free hosting service built around the Wordpress.org CMS. Ste mislih Wordpress.com, ki je brezplačno gostovanje storitev, zgrajena okoli Wordpress.org CMS. So no. Tako no. Most free blog hosts will not allow you to mess with .htaccess. Večina free blog domačini, ne bo vam omogočajo, da nered s. Htaccess.
Trying to set up a password protection with .htaccess, can find no clear instructions of correct path in AuthUserFile. Poskus, da vzpostavijo zaščito z geslom. Htaccess lahko našli nobenih jasnih navodil za pravilno pot v AuthUserFile. Is the following style of path correct Ali je naslednje slog pravilne poti
/c:/Program Files/Apache…..etc / c: / Program Files / Apache ... itd ..
every tutorial gives examples such as vsak tutorial so primeri, kot so
/var/full/web/path/.htpasswd / var / full / web / path / .htpasswd
or ali
/home/file/…. / home / file / ....
which make no sense to me. ki nobenega smisla z mano.
Thanks Hvala
Examples like /var/path/.htpasswd are for Unix-like systems (Linux). Primeri, kot so / var / path / .htpasswd so za Unix-like sistemih (Linux).
This only works on Linux and Unix-like systems, it DOES NOT work on Windows. Ta deluje le na Linux in Unix-like sistemih, ne deluje v operacijskem sistemu Windows.
is it possible in joomla? je to možno v joomla?
Thanks for the good info, it wil protect WP Hvala za dobre info, se wil zaščito WP