欢迎光临
我们一直在努力

wordpress 黑客_WordPress网站遭到黑客入侵的11个主要原因

wordpress 黑客_WordPress网站遭到黑客入侵的11个主要原因

Recently, one of our readers asked us why do WordPress sites get hacked? It is frustrating to find out that your WordPress site has been hacked. In this article, we will share the top reasons why WordPress site gets hacked, so you can avoid these mistakes and protect your site.

最近,我们的一位读者问我们WordPress网站为什么会被黑客入侵? 令人沮丧的是发现您的WordPress网站已被黑客入侵。 在本文中,我们将分享WordPress网站遭到黑客入侵的主要原因,因此您可以避免这些错误并保护您的网站。

 

wordpress 黑客_WordPress网站遭到黑客入侵的11个主要原因

为什么WordPress会成为黑客的目标? (Why is WordPress Targeted by Hackers?)

First, it is not just WordPress. All websites on the internet are vulnerable to hacking attempts.

首先,不仅仅是WordPress。 互联网上的所有网站都容易受到黑客攻击。

The reason why WordPress sites are a common target is because WordPress is world’s most popular website builder. It powers over 31% of all websites meaning hundreds of millions of websites across the globe.

WordPress网站成为通用目标的原因是因为WordPress是世界上最受欢迎的网站构建器 。 它为所有网站中超过31%的网站提供动力,意味着全球有数亿个网站。

This immense popularity gives hackers an easy way to find websites that are less secure, so they can exploit it.

这种巨大的流行度使黑客可以轻松地找到安全性较低的网站,以便他们可以利用它。

Hackers have different kind of motives to hack a website. Some are beginners who are just learning to exploit less secure sites.

黑客有不同的动机来入侵网站。 有些是初学者,他们只是在学习利用不太安全的网站。

Some hackers have malicious intents like distributing malware, using a site to attack other websites, or spamming the internet.

一些黑客具有恶意意图,例如散布恶意软件,使用网站攻击其他网站或向互联网发送垃圾邮件。

With that said, let’s take a look at some of the top causes of WordPress sites getting hacked, and how to prevent your website from getting hacked.

话虽如此,让我们看一下WordPress网站被黑客入侵的一些主要原因,以及如何防止您的网站被黑客入侵。

1.不安全的虚拟主机 (1. Insecure Web Hosting)

Like all websites, WordPress sites are hosted on a web server. Some hosting companies do not properly secure their hosting platform. This makes all websites hosted on their servers vulnerable to hacking attempts.

与所有网站一样,WordPress网站都托管在Web服务器上。 一些托管公司没有适当地保护其托管平台。 这使得托管在其服务器上的所有网站都容易受到黑客攻击。

This can be easily avoided by choosing the best WordPress hosting provider for your website. It ensures that your site is hosted on a safe platform. Properly secure servers can block many of the most common attacks on WordPress sites.

通过为您的网站选择最佳的WordPress托管提供商,可以轻松避免这种情况。 它可以确保您的网站托管在安全的平台上。 适当安全的服务器可以阻止WordPress网站上的许多最常见攻击。

If you want to take extra pre-caution, then we recommend using a managed WordPress hosting provider.

如果您需要采取额外的预防措施,那么我们建议您使用托管的WordPress托管服务提供商。

2.使用弱密码 (2. Using Weak Passwords)

 

wordpress 黑客_WordPress网站遭到黑客入侵的11个主要原因

Passwords are the keys to your WordPress site. You need to make sure that you’re using a strong unique password for each of the following accounts because they can all provide a hacker complete access to your website.

密码是您的WordPress网站的密钥。 您需要确保为以下每个帐户使用一个唯一的强密码,因为它们都能为黑客提供对您网站的完全访问权限。

  • Your WordPress admin account

    您的WordPress管理员帐户

  • Web hosting control panel account

    虚拟主机控制面板帐户

  • FTP accounts

    FTP帐户

  • MySQL database used for your WordPress site

    用于WordPress网站MySQL数据库

  • Email accounts used for WordPress admin or hosting account

    用于WordPress管理员或托管帐户的电子邮件帐户

All these accounts are protected by passwords. Using weak passwords makes it easier for hackers to crack the passwords using some basic hacking tools.

所有这些帐户均受密码保护。 使用弱密码会使黑客更容易使用一些基本的黑客工具来破解密码。

You can easily avoid this by using unique and strong passwords for each account. See our guide on the best way to manage passwords for WordPress beginners to learn how to manage all those strong passwords.

您可以通过为每个帐户使用唯一且安全的密码轻松避免这种情况。 请参阅有关为WordPress初学者管理密码的最佳方法的指南,以了解如何管理所有这些强密码。

3.无保护地访问WordPress管理员(wp-admin目录) (3. Unprotected Access to WordPress Admin (wp-admin Directory))

The WordPress admin area gives a user access to perform different actions on your WordPress site. It is also the most commonly attacked area of a WordPress site.

WordPress管理区域使用户可以在WordPress网站上执行不同的操作。 它也是WordPress网站最常受到攻击的区域。

Leaving it unprotected allows hackers to try different approaches to crack your website. You can make it difficult for them by adding layers of authentication to your WordPress admin directory.

使其不受保护,使黑客可以尝试不同的方法来破解您的网站。 您可以通过在WordPress管理员目录中添加身份验证层来使他们感到困难。

First you should password protect your WordPress admin area. This adds an extra security layer, and anyone trying to access WordPress admin will have to provide an extra password.

首先,您应该使用密码保护您的WordPress管理区域 。 这增加了一个额外的安全层,任何尝试访问WordPress管理员的人都必须提供额外的密码。

If you run a multi-author or multi-user WordPress site, then you can enforce strong passwords for all users on your site. You can also add two factor authentication to make it even more difficult for hackers to enter your WordPress admin area.

如果您运行多作者或多用户WordPress网站,则可以为您网站上的所有用户强制使用强密码 。 您还可以添加两个因素的身份验证,以使黑客更加难以进入您的WordPress管理区域。

4.不正确的文件权限 (4. Incorrect File Permissions)

 

wordpress 黑客_WordPress网站遭到黑客入侵的11个主要原因

File permissions are a set of rules used by your web server. These permissions help your web server control access to files on your site. Incorrect file permissions can give a hacker access to write and change these files.

文件权限是Web服务器使用的一组规则。 这些权限可帮助您的Web服务器控制对站点文件的访问。 不正确的文件权限可能使黑客有权写入和更改这些文件。

All your WordPress files should have 644 value as file permission. All folders on your WordPress site should have 755 as their file permission.

您所有的WordPress文件的文件权限都应为644。 WordPress网站上的所有文件夹的文件权限均应为755。

See our guide on how to fix image upload issue in WordPress to learn how to apply these file permissions.

请参阅有关如何解决WordPress中的图片上传问题的指南,以了解如何应用这些文件权限。

5.不更新WordPress (5. Not Updating WordPress)

Some WordPress users are afraid of updating their WordPress sites. They fear that doing so would break their website.

一些WordPress用户担心更新其WordPress网站。 他们担心这样做会破坏他们的网站。

Each new version of WordPress fixes bugs and security vulnerabilities. If you’re not updating WordPress, then you are intentionally leaving your site vulnerable.

WordPress的每个新版本均修复了错误和安全漏洞。 如果您不更新WordPress,则有意让您的网站容易受到攻击。

If you are afraid that an update will break your website, then you can create a complete WordPress backup before running an update. This way, if something doesn’t work, then you can easily revert back to previous version.

如果您担心更新会破坏您的网站,则可以在运行更新之前创建完整的WordPress备份 。 这样,如果某些操作不起作用,则可以轻松地还原到以前的版本。

6.不更新插件或主题 (6. Not Updating Plugins or Theme)

Just like the core WordPress software, updating your theme and plugins is equally important. Using an outdated plugin or theme can make your site vulnerable.

就像核心WordPress软件一样,更新主题和插件也同样重要。 使用过时的插件或主题可能会使您的网站易受攻击。

Security flaws and bugs are often discovered in WordPress plugins and themes. Usually, theme and plugin authors are quick to fix them up. However, if a user does not update their theme or plugin, then there is nothing they can do about it.

安全漏洞和错误通常在WordPress插件和主题中发现。 通常,主题和插件作者会很快对其进行修复。 但是,如果用户不更新其主题或插件,那么他们将无能为力。

Make sure you keep your WordPress theme and plugins up to date.

确保您的WordPress主题和插件保持最新。

7.使用普通FTP代替SFTP / SSH (7. Using Plain FTP instead of SFTP/SSH)

 

wordpress 黑客_WordPress网站遭到黑客入侵的11个主要原因

FTP accounts are used to upload files to your web server using an FTP client. Most hosting providers support FTP connections using different protocols. You can connect using plain FTP, SFTP, or SSH.

FTP帐户用于使用FTP客户端将文件上传到Web服务器。 大多数主机提供商使用不同的协议支持FTP连接。 您可以使用普通FTP,SFTP或SSH进行连接。

When you connect to your site using plain FTP, your password is sent to the server unencrypted. It can be spied upon and easily stolen. Instead of using FTP, you should always use SFTP or SSH.

当您使用普通FTP连接到站点时,您的密码将未经加密地发送到服务器。 它可以被监视并且很容易被盗。 不要使用FTP,而应始终使用SFTP或SSH。

You wouldn’t need to change your FTP client. Most FTP clients can connect to your website on SFTP as well as SSH. You just need to change the protocol to ‘SFTP – SSH’ when connecting to your website.

您无需更改FTP客户端。 大多数FTP客户端可以通过SFTP和SSH连接到您的网站。 连接到您的网站时,您只需将协议更改为“ SFTP – SSH”。

8.使用Admin作为WordPress用户名 (8. Using Admin as WordPress Username)

Using ‘admin’ as your WordPress username is not recommended. If your administrator username is admin, then you should immediately change that to a different username.

不建议使用“ admin”作为您的WordPress用户名。 如果您的管理员用户名是admin,则应立即将其更改为其他用户名。

For detailed instructions check out our tutorial on how to change your WordPress username.

有关详细说明,请查看有关如何更改WordPress用户名的教程。

9.空主题和插件 (9. Nulled Themes and Plugins)

 

wordpress 黑客_WordPress网站遭到黑客入侵的11个主要原因

There are many websites on the internet that distribute paid WordPress plugins and themes for free. Sometimes it’s easy to get tempted to use those nulled plugins and themes on your site.

互联网上有许多网站免费分发付费的WordPress插件和主题。 有时候,很容易被诱惑使用您网站上的那些空插件和主题。

Downloading WordPress themes and plugins from unreliable sources is very dangerous. Not only they can compromise the security of your website, but they can also be used to steal sensitive information.

从不可靠的来源下载WordPress主题和插件非常危险。 它们不仅可以危害您网站的安全,还可以用来窃取敏感信息。

You should always download WordPress plugins and themes from reliable sources such as the plugin/theme developers website or official WordPress repositories.

您应该始终从可靠的来源(例如,插件/主题开发者网站或官方WordPress资源库)下载WordPress插件和主题。

If you cannot afford or don’t want to buy a premium plugin or theme, then there are always free alternatives available for those products. These free plugins may not be as good as their paid counterparts, but they will get the job done and most importantly keep your website safe.

如果您负担不起或不想购买高级插件或主题,那么对于这些​​产品,总会有免费的替代品。 这些免费的插件可能不如付费插件,但它们可以完成工作,最重要的是确保您网站的安全。

You can also find discounts for many of the popular WordPress products in the deals section on our website.

您还可以在我们网站的“ 交易”部分中找到许多流行的WordPress产品的折扣。

10.不保护WordPress配置wp-config.php文件的安全 (10. Not Securing WordPress Configuration wp-config.php File)

WordPress configuration file wp-config.php contains your WordPress database login credentials. If it is compromised, then it will reveal information that could give a hacker complete access to your website.

WordPress配置文件wp-config.php包含您的WordPress数据库登录凭据。 如果遭到入侵,它将显示可能使黑客完全访问您的网站的信息。

You can add an extra layer of protection by denying access to wp-config file using .htaccess. Simply add this little code to your .htaccess file.

您可以通过使用.htaccess拒绝对wp-config文件的访问来添加额外的保护层。 只需将此小代码添加到您的.htaccess文件中。

<files wp-config.php>
order allow,deny
deny from all
</files>

11.不更改WordPress表前缀 (11. Not Changing WordPress Table Prefix)

Many experts recommend that you should change the default WordPress table prefix. By default, WordPress uses wp_ as a prefix for the tables it creates in your database. You get an option to change it during the installation.

许多专家建议您更改默认的WordPress表前缀。 默认情况下,WordPress使用wp_作为它在数据库中创建的表的前缀。 您可以选择在安装过程中对其进行更改。

It is recommended that you use a prefix that is a little more complicated. This will make it harder for hackers to guess your database table names.

建议您使用更复杂的前缀。 这将使黑客更难猜测您的数据库表名称。

For detailed instructions, see our guide on how to change the WordPress database prefix to improve security.

有关详细说明,请参阅有关如何更改WordPress数据库前缀以提高安全性的指南。

清理被黑的WordPress网站 (Cleaning up a Hacked WordPress Site)

Cleaning up a hacked WordPress site can be really painful. However, it can be done.

清理被黑的WordPress网站可能真的很痛苦。 但是,可以做到。

Here are some resources to get you started on cleaning up a hacked WordPress site:

以下是一些资源,可帮助您开始清理被黑的WordPress网站:

  • Beginner’s guide to fixing your hacked WordPress site修复被黑的WordPress网站的入门指南
  • How to scan your WordPress site for potentially malicious code如何扫描您的WordPress网站以查找潜在的恶意代码
  • how to find a backdoor in a hacked WordPress site and fix it如何在被黑的WordPress网站中找到后门并进行修复
  • What to do when you are locked out of WordPress admin (wp-admin)当您被锁定WordPress管理员(wp-admin)时该怎么办
  • Beginner’s guide: how to restore WordPress from backup新手指南:如何从备份还原WordPress

奖金提示 (Bonus Tip)

For rock solid security, we use Sucuri on all our WordPress sites. Sucuri provides malware detection and removal services as well as a website firewall that will protect your website against the most common threats.

为了获得坚实的安全性,我们在所有WordPress网站上都使用了Sucuri 。 Sucuri提供恶意软件检测和删除服务以及网站防火墙,可以保护您的网站免受最常见的威胁。

See how how Sucuri helped us block 450,000 WordPress attacks in 3 months

了解Sucuri如何帮助我们在3个月内阻止450,000 WordPress攻击

We hope this article helped you learn the top reasons why WordPress site gets hacked. You may also want to see our ultimate WordPress security guide to protect your WordPress site.

我们希望本文能帮助您了解WordPress网站遭到黑客入侵的主要原因。 您可能还想查看我们的终极WordPress安全指南,以保护您的WordPress网站。

If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.

如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。

 收藏 (0) 打赏

您可以选择一种方式赞助本站

支付宝扫一扫赞助

微信钱包扫描赞助

除特别注明外,本站所有文章均基于CC-BY-NC-SA 4.0原创,转载请注明出处。
文章名称:《wordpress 黑客_WordPress网站遭到黑客入侵的11个主要原因》
文章链接:https://www.xpn.cc/1227/fy.html
分享到: 更多 (0)

热门推荐

评论 抢沙发

登录

忘记密码 ?