Mareegaha WordPress oo sugan

1] Hubi in kombayutarka Windows-^{(Windows computer)} kaagu uu ka xoroobay malware-ka. Ma jiro xad ammaan ah oo ku jira WordPress ama server-kaaga mareegaha wax farqi ah haddii uu jiro keylogger sharci-darro ah oo lagu rakibay kumbuyuutarkaaga.

2] Had iyo jeer iska hubi inaad haysato noocii ugu dambeeyay^{(latest version)} ee WordPress iyo Plugins-kaaga oo lagu rakibay. Adeegahaaga shabakadu sidoo kale waxa uu yeelan karaa nuglaanta. Sidaa darteed, iska hubi in Martigeliyahaaga Shabakadda^{(Web Host)} uu ku shaqaynayo noocyadii ugu dambeeyay, badbaado, xasilloon ee software-ka server-ka. Si ka sii wanaagsan, iska hubi inaad isticmaalayso martigeliyaha la aamini karo oo arrimahan adiga kuu xanaaneeya.

3] Isticmaal magac isticmaale^{(strong username)} oo xooggan iyo furaha sirta ah^{(strong passwords)} ee xooggan . Waxa ugu fiican in la raadiyo ereyada sirta ah ee isku dhafan iyadoo la adeegsanayo xarfaha sare, kuwa hoose, tirooyinka iyo xarfo gaar ah oo dhererkoodu ka sarreeyo 15 xaraf. Ku dhaqan geli^(Enforce) isticmaalka furaha sirta ah ee dhammaan qorayaashaada sidoo kale.

4] Ka beddel magaca isticmaalaha maamulaha^{(Change the Administrator username)} ee rakibaada WordPress oo ka beddel maamulka caadiga ah una^(admin) beddel wax xooggan oo aan xidhiidh la lahayn magacaaga ama boggaga. Waxaad samayn kartaa koonto maamuleed kale, u gal sidii isticmaale maamule oo cusub oo aad tirtiri kartaa koontada hore ee maamulaha ee caadiga ah. Ama waxaad isticmaali kartaa beddelaha magaca isticmaale ee Admin^{(Admin username changer)} ama plugin renameer kordhinta^{(Admin renamer extended)} ama mid ka mid ah pluginsyada amniga ee hoos ku xusan si aad dib ugu magacawdo isticmaaleha maamulaha caadiga ah.

5] U isticmaal^(Use) Captcha ujeeddooyin^(Captcha) soo gal.

Qalabka Captcha ee BWS^{(Captcha plugin from BWS)} waa mid wanaagsan oo laga yaabo inaad rabto inaad eegto. Waxay kuu ogolaanaysaa inaad doorato hawlgallada iyo heerarka kakanaanta.

6] Xaddidaadda Isku dayga Soo Gelida^{(Limit Login Attempts)} plugin waxay xaddidi doontaa heerka isku dayga gelitaanka, habka cookies, IP kasta. Waxa ay ogolaan doontaa oo kaliya tirada habaysan ee isku dayo ka dib isticmaaluhu waa la xidhi doonaa. Waxaad u habayn kartaa dhammaan goobaha ay ka kooban tahay sida tirada isku dayga la oggol yahay, muddada xannibaadda, dib-u-isku dayga la oggol yahay iyo wixii la mid ah. Plugin Tani waxay faa'iido u leedahay ka hortagga weerarrada xoogga ah^{(brute force attacks)} .

Haddii isticmaaluhu isticmaalo magac isticmaale ama erayga sirta ah ee khaldan, isaga ama iyada ayaa arki doona fariintan.

7] U beddel URL- ka galitaanka Panel Panel ee asalka ^{(Change the WordPress Panel login URL)}/wp-admin/ wax kale adoo isticmaalaya Rename wp-login plugin. Plugin-gani wuxuu faa'iido u leeyahay ka hortagga weerarrada xoogga ah sidoo kale.

8] Adeegso plugin Scanner Security^{(Security Scanner plugin)} si aad u sawirto faylalkaaga rakibaadda WordPress wakhti wakhti. ^(WordPress)Sucuri Security – SiteCheck Malware Scanner^{(Sucuri Security – SiteCheck Malware Scanner)} plugin waxa ay awood kuu siinaysaa in aad iskaan karto boggaga WordPress adiga oo isticmaalaya Sucuri SiteCheck isla saxan dashboardkaaga WordPress . Waxay hubisaa malware, spam, liiska madow, .htaccess redirects, qarsoon eval code, iyo arrimaha kale ee ammaanka.

Intaa waxaa dheer, waxay hubisaa haddii WordPress iyo PHP ay yihiin kuwo casri ah oo ka qarinaya nooca WordPress ee dadweynaha, iwm haddii goobtaada uu ilaaliyo Firewall Web^{(Web Firewall)} . Waxa kale oo ay ilaalisaa Tusahaaga Uploads^{(Uploads Directory)} , waxay xaddidaysaa wp-content iyo wp-waxaa ku jira gelitaanka addoo adkeynaya oggolaanshaha faylka, iyo hubinta daacadnimada faylashaaga WordPress ee asaasiga ah. ^(WordPress)Waxay la socotaa tiro badan oo ficilo ah, oo ay ku jiraan, Isku dayga Login , Galitaanka Fashilmay^(Logins) , Isbedelka Faylka^{(File Changes)} , iyo wixii la mid ah.

Sucuri waxa kale oo ay hubisaa haddii goobtaadu ku jirto liiska madow meel kasta sida Google Safe Browsing , Norton Safe Web , Phish Tank , SiteAdvisor , Eset , Yandex , iwm oo ku wargeliya.

Marka laga reebo Sucuri, Secure WordPress plugin, Scanner Scanner^{(Exploit Scanner)} , WordFence Security , WordPress Sentinel , Quttera , VIP Scanner , iThemes Security (oo hore u ahaa Better WP Security),  BulletProof Security iyo All In One WP Security & Firewall ayaa ka mid ah sawirada kale ee wanaagsan iyo plugins amniga waxaa laga yaabaa inaad rabto inaad eegto. Inta badan plugins-yadan, marka laga reebo in aad goobtaada ka baarto malware, waxay sidoo kale kaa caawin doonaan Oggolaanshaha Faylka^{(Harden File Permissions)} Adag , tirtirida faylasha ReadMe , qarin noocyada WordPress , iyo in ka badan.

Xusuusnow^(Remember) inaad kaydiso xogtaada ama goobta buuxda ka hor inta aanad samaynin wax isbedel ah oo la taaban karo oo ku saabsan rakibaadda WordPress maadaama qaar ka mid ah 1-guji hagaajinta laga yaabo inay jebiyaan qaar ka mid ah shaqeynta goobtaada. Markaa fadlan halkan ka taxaddar.

8] Isticmaal shabakada gudbinta macluumaadka bilaashka ah ee Cloudflare si aad u shaandheyso dhammaan taraafikadaada oo ay yarayso halista ^(Cloudflare)degelkaaga WordPress^(WordPress) inuu noqdo bartilmaameed, maadaama ay u shaqeyso sidii wakiil ka dhexeeya booqdayaashaada iyo serverka mareegahaaga lagu martigeliyo. Aasaaska Cloudflare^(Cloudflare) waa lacag la'aan, laakiin haddii aad bixiso qaddar magac ah, waxaad sidoo kale ka faa'iidaysan kartaa adeeggeeda Codsiga Webka ee Firewall^{(Web Application Firewall)} . Waxay joojisaa weerarrada waqtiga-dhabta ah sida duritaanka SQL , qoraal-qorista-goobaha, faallaynta spam iyo xadgudubyada kale ee cidhifka shabakadda. Waxaan u isticmaalnaa Sucuri Firewall halkan. Sucuri waxay bixisaa dab-damis weyn, laakiin bilaash maaha. Google Project Shield wuxuu bixiyaa DDoS bilaash ahilaalinta si loo doorto mareegaha.

9] Yaree tirada plugins ee^{(number of plugins)} aad isticmaasho. Dami^(Deactivate) ama kaba sii fiican, tirtir kuwa aadan isticmaalin.

10] Sii wad abuurista kaydinta^(backups) goobtaada wakhtiyo joogto ah, oo ku dheji qaar ka mid ah adeega Cloud iyo/ama miiskaaga. BackWPUp , VaultPress , BackupBuddy , DropBox for WordPress, BackUpWordPress ayaa ka mid ah plugins Backup -ka wanaagsan ee laga yaabo inaad rabto inaad hubiso.

Inkastoo tani ay ku filnaan karto inta badan bogagga WordPress , haddii aad u baahan tahay inaad sii socoto, waxaad akhrin kartaa qoraalkan WordPress.org .

Akhri: ^(Read:) Waa maxay sababta loo jabsado mareegaha ?

Qaarkiin ayaa laga yaabaa inay rabaan inay fiiriyaan boostadayda talooyinka waxtarka leh ee bloggers cusub^{(Useful tips for new bloggers)} .^{(Some of you might want to check out my post on Useful tips for new bloggers.)}

Protect and secure WordPress website from Hackers

Secure WordPress website

1]  Make sure your Windows computer is free of malware. No amount of security in WordPress or on your web server will make any difference if there is an illegal keylogger installed on your computer.

2] Always make sure that you have the latest version of WordPress and your Plugins installed. Your web server can have vulnerabilities too. Therefore, make sure that your Web Host is running latest, secure, stable versions of server software on it. Better still, make sure you are using a trusted host that takes care of these things for you.

3] Use a strong username and a strong passwords. Best to go for mixed complex passwords using upper, lower case alphabets, numerals and special characters of length exceeding 15 characters. Enforce usage of strong passwords for all your Authors too.

4] Change the Administrator username of your WordPress installation from the default admin to something strong and unrelated to your own or sites name. You can create another administrator account, login as new administrator user and delete the old default admin username account. Or you could use Admin username changer or Admin renamer extended plugin or one of the security plugins mentioned below to rename the default admin username.

5] Use a Captcha for login purposes.

The Captcha plugin from BWS is a good one you may want to have a look at. It lets you choose the operations and the complexity levels.

6] The Limit Login Attempts plugin will limit the rate of login attempts, by way of cookies, for each IP. It will allow only the configured number of attempts after which the user will get locked out. You can configure all its settings like the number of attempts allowed, lockout period, allowed re-tries and so on. This plugin is useful in preventing brute force attacks.

If a user uses an incorrect username or password, he or she will see this message.

7] Change the WordPress Panel login URL from default /wp-admin/ to something else using Rename wp-login plugin.  This plugin is useful in preventing brute force attacks too.

8] Use a Security Scanner plugin to scan your WordPress installation files periodically. The Sucuri Security – SiteCheck Malware Scanner plugin enables you to scan your WordPress site using Sucuri SiteCheck right in your WordPress dashboard. It checks for malware, spam, blacklisting, .htaccess redirects, hidden eval code, and other security issues.

Furthermore, it verifies if WordPress and PHP are up-to-date and hides the WordPress version from the public, etc if your site is protected by a Web Firewall. It also protects your Uploads Directory, restricts wp-content and wp-includes access by hardening file permissions, and checks for the integrity of your core WordPress files. It monitors a large number of actions, including, Login attempts, Failed Logins, File Changes, and so on.

Sucuri also checks if your site has been black-listed anywhere like Google Safe Browsing, Norton Safe Web, Phish Tank, SiteAdvisor, Eset, Yandex, etc and informs you about it.

Apart from Sucuri, Secure WordPress plugin, Exploit Scanner, WordFence Security, WordPress Sentinel, Quttera, VIP Scanner, iThemes Security (formerly Better WP Security), BulletProof Security and All In One WP Security & Firewall are among the other good scanners and security plugins you may want to have a look at. Most of these plugins, apart from scanning your site for malware, will also help you Harden File Permissions, delete ReadMe files, hide WordPress versions, and more.

Remember to back up your database or full site before making any notable changes to your WordPress installation as some of these 1-click fixes could potentially break some functionality of your site. So please be careful here.

8] Use Cloudflare free content delivery network to filter all your traffic and minimizes the risk of your WordPress website from becoming a target, as it acts as a proxy between your visitors and the server your website is hosted on. Cloudflare basic is free, but if you pay a nominal amount, you can also avail of its Web Application Firewall service. It stops real-time attacks like SQL injection, cross-site scripting, comment spam and other abuse at the network edge. We use Sucuri Firewall here. Sucuri offers a great firewall, but it is not free. Google Project Shield offers free DDoS protection to select websites.

9] Minimize the number of plugins you use. Deactivate or even better, delete the ones you don’t use.

10] Keep creating backups of your site at regular intervals, and upload them to some Cloud service and/or to your desktop. BackWPUp, VaultPress, BackupBuddy, DropBox for WordPress, BackUpWordPress are among the good Backup plugins you may want to check out.

While this may be enough for most WordPress sites, if you need to go further, you could read this post on WordPress.org.

Read: Why are websites hacked?

Some of you might want to check out my post on Useful tips for new bloggers.

Related posts

• Qiimaynta ugu fiican ee martigelinta mareegta shaqsiga ah ee bilaashka ah

• Sida loola tacaalo Been-abuurka iyo Xatooyada Macluumaadka Onlineka ah

• Liiska Blogs-yada ugu sarreeya Hindiya ee taraafikada

• Talooyin wax ku ool ah oo Blogging ah oo loogu talagalay bloggers cusub & kuwa bilowga ah

• Soo hel xiriiriyeyaasha jaban, ka xaqiiji HTML & CSS mareegahaaga addoo isticmaalaya DeepTrawl

• Sida mawduuc loogu rakibo WordPress

• Abuuritaanka Mawduuca Ilmaha ee WordPress

• Isticmaalayaasha ka jiheeya bogga 404 ee WordPress

• Tus qoraalka bogga hoyga ee blogka WordPress

• Sida Loo Isticmaalo Lumen5 Si Loogu Bedelo Boostada Blog-ga Muuqaal

• 11-ka ugu Fiican WordPress Podcast Plugins

• Sida Gacanta Loogu Sameeyo WordPress Domain

• Waa maxay AMP ee WordPress iyo sida loo rakibo

• Sida Loo Dardar Geliyo Mareeg Kasta Oo WordPress Ah Isticmaalka .HTACCESS

• Sida Loo Helo Adminkaaga WordPress Login

• 8 mawduucyo WordPress ah oo bilaash ah oo lagu rakibo

• Sida Looga Saaro Malware-ka Mareegahaaga WordPress

• Sida Loo Bedelo URL Login-kaaga WordPress si loo helo Ammaan Wanaagsan

• 9 Waa in uu leeyahay Plugins loogu rakibo WordPress Cusub

• Qoraaga Tooska ah ee Furan waa beddelka weyn ee Writer Windows Live