Furitaanka goobtaada WordPress maalmahan waa wax fudud. Nasiib darro, kuma qaadan doonto wakhti dheer in tuugadu bilaabaan beegsiga goobtaada.

Sida ugu wanaagsan ee goobta WordPress looga dhigi karo mid sugan waa in la fahmo qodob kasta oo nuglaanshaha ka imanaya socodsiinta bogga WordPress . Kadibna ku dheji amniga ku habboon si aad u xannibto hackers-ka mid kasta oo ka mid ah qodobbadaas.

Maqaalkan waxaad ku baran doontaa sida ugu wanagsan ee loo sugo boggaaga, login kaaga WordPress , iyo agabka iyo furayaasha la heli karo si loo sugo boggaga WordPress .

Abuur Domain Gaar ah

Aad bay u fududahay maalmahan in la helo goob la heli karo^{(find an available domain)} oo lagu iibsado qiimo aad u jaban. Dadka intiisa badan weligood ma iibsadaan domain addons-ka goobahooda. Si kastaba ha ahaatee, hal wax lagu daro oo ay tahay inaad had iyo jeer tixgeliso waa Ilaalinta Qarsoodiga^{(Privacy Protection)} .

Waxaa jira saddex heer oo aasaasi ah oo ilaalinta asturnaanta oo leh GoDaddy , laakiin kuwan sidoo kale waxay ku habboon yihiin bixinta bixiyayaasha domainka.

• Aasaaska^(Basic) : Qari magacaaga iyo macluumaadkaaga xiriirka WHOIS tusaha. Kani waxa kaliya oo la heli karaa haddii dawladaadu kuu ogolaato inaad qariso macluumaadka goobta internatka.
• Full : Ku beddel xogtaada ciwaan kale oo iimayl ah iyo macluumaadka xiriirka si aad ugu daboosho aqoonsigaaga dhabta ah.
• Ultimate : Nabadgelyo dheeri ah oo xannibaysa iskaanka xaasidnimada leh, oo ay ku jirto la socodka amniga bogga goobtaada dhabta ah.

Caadi ahaan, u cusboonaysiinta boggaaga mid ka mid ah heerarkan amniga waxay u baahan tahay oo kaliya inaad doorato inaad ka cusboonaysiiso hoos u dhaca bogga liiskaaga domain.

Ilaalinta domainka aasaasiga^(Basic) ah waa mid raqiis ah (badanaa ku dhawaad ​​$9.99/sanadii), iyo heerarka sare ee ammaanku aad ugama qaalisana.

Tani waa hab fiican oo aad uga joojin karto spameriyeyaasha inay xoqaan macluumaadkaaga xiriirka ka baxsan xogta WHOIS , ama kuwa kale oo leh ujeedo xaasidnimo ah oo raba inay galaan macluumaadkaaga xiriirka.

Qari^(Hide) wp-config.php iyo .htaccess Files

Marka ugu horeysa ee aad rakibto WordPress^{(install WordPress)} , waxaad u baahan doontaa inaad ku darto aqoonsiga maamulka iyo erayga sirta ah ee kaydka WordPress SQL ee faylka wp-config.php. 

Xogtaasi waa la sifeeyaa ka dib marka la rakibo, laakiin sidoo kale waxaad dooneysaa inaad ka ilaaliso hackers-ka inay awoodaan inay tafatiraan faylkan oo ay jebiyaan boggaaga. Si tan loo sameeyo, hel oo tafatir faylka .htaccess ee ku yaal galka xididka ee goobtaada oo ku dar koodka soo socda xagga hoose ee faylka.

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

Si looga hortago isbedelada .htaccess laftiisa, ku dar kuwan soo socda xagga hoose ee faylka sidoo kale.

# Protect .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>

Kaydi faylka oo ka bax tafatiraha faylka.

Waxa kale oo laga yaabaa inaad tixgeliso inaad midig-gujiso fayl kasta oo aad beddesho oggolaanshaha si aad meesha uga saarto gelida Qor qof walba.^(Write)

Markaad tan ku sameyneyso faylka wp-config.php waa inaysan keenin wax dhibaato ah, ku samaynta .htaccess waxay sababi kartaa arrimo. Gaar ahaan haddii aad waddo wax kasta oo amniga WordPress ah oo laga yaabo inuu u baahdo inuu kuu tafatiro faylka .htaccess.

Haddii aad wax qalad ah ka hesho WordPress , waxaad mar walba cusbooneysiin kartaa oggolaanshaha si aad u oggolaato Ku qor^(Write) galitaanka faylka .htaccess mar kale.

Beddel URL galkaaga WordPress

Maadaama bogga gelitaanka caadiga ah ee goob kasta oo WordPress ah uu yahay yourdomain/wp-admin.php, haakarisku waxay isticmaali doonaan URL-kan si ay isugu dayaan oo ay u jabsadaan goobtaada.

Waxay tan ku samayn doonaan waxa loo yaqaan weerarrada "xoogga xun" halkaasoo ay u diri doonaan kala duwanaanshiyaha isticmaalayaasha iyo ereyada sirta ah ee dad badan ay caadi ahaan isticmaalaan. Hackers-ku waxay rajeynayaan inay nasiib yeelan doonaan oo ay dejiyaan isku darka saxda ah.

Waxaad gabi ahaanba joojin kartaa weeraradan adiga oo u beddelaya URL-kaaga galitaanka WordPress^{(WordPress login URL)} wax aan caadi ahayn.

Waxaa jira plugins badan oo WordPress ah oo kaa caawinaya inaad tan sameyso. Mid ka mid ah kuwa ugu caansan waa WPS Hide Login .

Pluginkani waxa uu ku darayaa qayb tabka Guud ee hoos yimaada ^(General)Settings in WordPress.

Halkaa, waxaad ku qori kartaa URL kasta oo gal ah oo aad rabto oo dooro Badbaadada Badbaadada^{(Save Changes)} si aad u dhaqaajiso. Marka xigta oo aad rabto inaad gasho boggaaga WordPress^(WordPress) , isticmaal URL- kan cusub .

Haddii qof uu isku dayo inuu galo URL^(URL) -kaagii hore ee wp-admin , waxaa loo wareejin doonaa bogga 404 ee boggaaga.

Fiiro gaar^(Note) ah: Haddii aad isticmaasho plugin cache ah, hubi inaad ku darto URL- kaaga cusub ee liiska goobaha ha^(not) kaydin. Ka dib iska hubi inaad nadiifiso kaydka ka hor intaadan dib ugu soo laaban boggaga WordPress mar labaad.^(WordPress)

Ku rakib Plugin Amniga WordPress

Waxaa jira plugins amniga WordPress^{(WordPress security plugins)} oo badan oo laga dooran karo. Dhammaantood, Wordfence waa kan ugu badan ee la soo dejiyo, sabab wanaagsan awgeed.

Nooca bilaashka ah ee Wordfence waxaa ka mid ah mishiin iskaan awood leh oo eegaya hanjabaadaha dhabarka, kood xaasidnimo ah oo ku jira fiilooyinkaaga^{(malicious code in your plugins)} ama goobtaada, hanjabaadaha duridda MySQL , iyo in ka badan. ^(MySQL)Waxa kale oo ka mid ah dab-damis si loo joojiyo hanjabaadaha firfircoon sida weerarrada DDOS . 

Waxa kale oo ay kuu oggolaan doontaa inaad joojiso weerarrada xoogga ah adoo xaddidaya isku-dayga gelitaanka iyo xidhida isticmaalayaasha sameeya isku-dayga gelitaanka ee khaldan ee badan.

Waxa jira dhawr habayn oo laga heli karo nooca bilaashka ah. In ka badan oo ku filan si looga ilaaliyo mareegaha yar yar iyo kuwa dhexe ee weerarada badi.

Waxa kale oo jira bog dashboard-ka faa'iido leh oo aad dib u eegi karto si aad ula socoto hanjabaadihii iyo weerarradii dhawaa ee la xannibay.

Isticmaal furaha sirta ah ee WordPress^{(WordPress Password Generator)} iyo 2FA

Waxa ugu dambeeya ee aad rabto waa in tuugadu si fudud u qiyaasaan eraygaaga sirta ah. Nasiib darro, dad aad u tiro badan ayaa isticmaala furaha sirta ah ee aad u fudud oo ay fududahay in la qiyaaso. Tusaalooyinka qaarkood waxaa ka mid ah isticmaalka magaca bogga ama magaca isticmaalaha oo qayb ka ah erayga sirta ah, ama adigoon isticmaalin wax xarfo gaar ah.

Haddii aad u cusboonaysiisay noocii ugu dambeeyay ee WordPress , waxaad marin u heli kartaa aaladaha badbaadada sirta ah ee xoogga badan si aad u sugo boggaga  WordPress .

Tallaabada ugu horreysa ee lagu hagaajinayo amniga eraygaaga sirta ah waa inaad u tagto isticmaale kasta oo boggaaga ah, hoos ugu dhaadhac qaybta Maareynta Xisaabaadka^{(Account Management)} , oo dooro batoonka Samee erayga sirta ah.^{(Generate Password)}

Tani waxay dhalin doontaa erayga sirta ah ee dheer, aad loo ilaaliyo oo ay ku jiraan xarfo, nambaro, iyo xarfo gaar ah. Ku keydi erayga sirta ah meel badbaado leh, gaar ahaan dukumeenti ku yaal darawal dibadeed oo aad ka jari karto kombayutarka markaad internetka ku jirto.

Dooro Log Out meel kasta^{(Log Out Everywhere Else)} oo kale si aad u hubiso in dhammaan fadhiyada firfircooni ay xiran yihiin.

Ugu dambeyntii, haddii aad ku rakibtay plugin amniga Wordfence , waxaad arki doontaa badhanka Activate 2FA . Dooro kan si aad awood ugu siiso xaqiijinta laba-factor ee isticmaalahaaga.

Haddii aadan isticmaalayn Wordfence , waxaad u baahan doontaa inaad ku rakibto mid ka mid ah plugins-yadan caanka ah ee 2FA.

• Google Authenticator
• Xaqiijinta Laba Qodob^{(Two Factor Authentication)}
• Xaqiijinta Laba-Factor Rublon^{(Rublon Two-Factor Authentication)}
• Xaqiijinta Labada Qodob^{(Duo Two-Factor Authentication)}

Tixgelinnada kale ee muhiimka ah ee Amniga^{(Important Security Considerations)}

Waxaa jira dhawr waxyaalood oo kale oo aad samayn karto si aad si buuxda u sugo boggaaga WordPress^(WordPress) .

Labada plugins ee WordPress^{(WordPress plugins)} iyo nooca WordPress laftiisa waa in la cusboonaysiiyaa mar walba. Hackers-ku waxay inta badan isku dayaan inay ka faa'iidaystaan ​​nuglaanta noocyadii hore ee koodka ee goobtaada. Haddii aadan labadan cusboonaysiin, waxaad uga tagaysaa goobtaada khatar.

1. Si joogto ah u dooro Plugins and Installed Plugins in aad ku jirto maamulka WordPress . Dib u eeg^(Review) dhammaan plugins si aad u hesho xaalad sheegaya in nooc cusub la heli karo.

Markaad aragto mid dhacay, dooro cusboonaysiinta hadda^{(update now)} . Waxa kale oo laga yaabaa inaad tixgeliso inaad karti u yeelatid iskii u-cusboonaynta plugins kaaga. 

Si kastaba ha noqotee, dadka qaarkiis way ka digtoon yihiin inay tan sameeyaan maadaama cusbooneysiinta plugin ay mararka qaarkood jebin karto goobtaada ama mawduucaaga. Markaa had iyo jeer waa fikrad wanaagsan inaad tijaabiso cusbooneysiinta plugin ee goobta tijaabada WordPress^{(local WordPress test site)} ka hor inta aadan awood u siinin goobtaada tooska ah.

2. Marka aad gasho dashboardkaaga WordPress , waxa aad arkaysaa ogaysiis sheegaya in WordPress uu wakhtigiisii ​​dhamaaday haddii aad wado nooc ka sii weyn.

Mar labaad, ku kaydi goobta oo ku shub goobta tijaabada ee kombayutarkaga si aad u tijaabiso in cusboonaysiinta WordPress aanu jebin goobtaada ka hor inta aanad ku cusboonaysiin shabakadaada tooska ah.

3. Ka faa'iidayso sifooyinka amniga bilaashka ah ee martigeliyahaaga. Inta badan martigeliyayaasha webka waxay bixiyaan adeegyo ammaan oo kala duwan oo bilaash ah bogagga aad ku martigeliso halkaas. Waxay tan u sameeyaan sababtoo ah maaha oo kaliya inay ilaaliso goobtaada, laakiin waxay ilaalinaysaa dhammaan serverka ammaan. Tani waxay si gaar ah muhiim u tahay markaad ku jirto koontada martigelinta la wadaago halkaasoo macaamiisha kale ay ku leeyihiin shabakad isku mid ah server-ka.

Kuwaas inta badan waxaa ka mid ah rakibaadda amniga SSL ee bilaashka ah^{(free SSL security)} ee goobtaada, kaydinta bilaashka ah^{(free backups)} , awoodda lagu xannibo cinwaannada IP-ga xaasidnimada ah, iyo xitaa iskaanka goobta bilaashka ah oo si joogto ah u baadha goobtaada kood kasta oo xaasidnimo ah ama dayacan.

Ku socodsiinta degel ma aha mid fudud sida ku rakibida WordPress iyo kaliya dhajinta nuxurka. Waa muhiim inaad ka dhigto degelkaaga WordPress^(WordPress) mid ammaan ah intii suurtagal ah. Dhammaan talooyinka kor ku xusan waxay kaa caawin karaan inaad sidaas sameyso adigoon dadaal badan lahayn.

How to Make a WordPress Site Secure

Launching your own WordPress site theѕe days is pretty еasy. Unfortunately, it won’t take long for hackers to start targetіng your site.

The best way to make a WordPress site secure is to understand every point of vulnerability that comes from running a WordPress site. Then install the appropriate security to block hackers at each of those points.

In this article you’ll learn how to better secure your domain, your WordPress login, and the tools and plugins available to secure your WordPress site.

Create a Private Domain

It’s all too easy these days to find an available domain and purchase it at a very cheap price. Most people never purchase any domain addons for their domain. However, one add-on you should always consider is Privacy Protection.

There are three basic levels of privacy protection with GoDaddy, but these also match offerings of most domain providers.

• Basic: Hide your name and contact info from the WHOIS directory. This is only available if your government allows you to hide domain contact information.
• Full: Replace your own information with an alternative email address and contact info to cloak your actual identity.
• Ultimate: Additional security that blocks malicious domain scanning, and includes website security monitoring for your actual site.

Usually, upgrading your domain to one of these security levels just requires choosing to upgrade from a dropdown on your domain listing page.

Basic domain protection is fairly cheap (usually around $9.99/yr), and higher levels of security aren’t much more expensive.

This is an excellent way to stop spammers from scraping your contact info off of the WHOIS database, or others with malicious intent who want to get access to your contact information.

Hide wp-config.php and .htaccess Files

When you first install WordPress, you’ll need to include the administrative ID and password for your WordPress SQL database in the wp-config.php file. 

That data gets encrypted after installation, but you also want to block hackers from being able to edit this file and break your website. To do this, find and edit the .htaccess file on the root folder of your site and add the following code at the bottom of the file.

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

To prevent changes to .htaccess itself, add the following to the bottom of the file as well.

# Protect .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>

Save the file and exit the file editor.

You might also consider right-clicking each file and changing the permissions to remove Write access entirely for everyone.

While doing this on the wp-config.php file shouldn’t cause any issues, doing it on .htaccess could cause issues. Especially if you’re running any security WordPress plugins that may need to edit the .htaccess file for you.

If you do receive any errors from WordPress, you can always update permissions to allow Write access on the .htaccess file again.

Change Your WordPress Login URL

Since the default login page for every WordPress site is yourdomain/wp-admin.php, hackers will use this URL to try and hack into your site.

They will do this through what’s known as “brute force” attacks where they’ll send variations of typical usernames and passwords many people commonly use. Hackers hope that they’ll get lucky and land the right combination.

You can stop these attacks entirely by changing your WordPress login URL to something non-standard.

There are lots of WordPress plugins to help you do this. One of the most common is WPS Hide Login.

This plugin adds a section to the General tab under Settings in WordPress.

There, you can type in any login URL you want and select Save Changes to activate it. Next time you want to log into your WordPress site, use this new URL.

If anyone tries to access your old wp-admin URL, they’ll get redirected to your site’s 404 page.

Note: If you use a cache plugin, make sure to add your new login URL to the list of sites not to cache. Then make sure to purge the cache before you log back into your WordPress site again.

Install a WordPress Security Plugin

There are a lot of WordPress security plugins to choose from. Of all of them, Wordfence is the most commonly downloaded one, for good reason.

The free version of Wordfence includes a powerful scan engine that looks for backdoor threats, malicious code in your plugins or on your site, MySQL injection threats, and more. It also includes a firewall to block active threats like DDOS attacks. 

It will also let you stop brute force attacks by limiting login attempts and locking out users who make too many incorrect login attempts.

There are quite a few settings available in the free version. More than enough to protect small to medium websites from most attacks.

There is also a useful dashboard page you can review to monitor recent threats and attacks that have been blocked.

Use the WordPress Password Generator and 2FA

The last thing you want is for hackers to easily guess your password. Unfortunately, too many people use very simple passwords that are easy to guess. Some examples include using the website name or the user’s own name as part of the password, or not using any special characters.

If you’ve upgraded to the latest version of WordPress, you have access to powerful password security tools to secure your WordPress site. 

The first step to improve your password security is to go to each user for your site, scroll down to the Account Management section, and select the Generate Password button.

This will generate a long, very secure password that includes letters, numbers, and special characters. Save this password somewhere safe, preferably in a document on an external drive that you can disconnect from your computer while you’re online.

Select Log Out Everywhere Else to make sure all active sessions are closed.

Finally, if you’ve installed the Wordfence security plugin, you’ll see an Activate 2FA button. Select this to enable two-factor authentication for your user logins.

If you aren’t using Wordfence, you’ll need to install any of these popular 2FA plugins.

• Google Authenticator
• Two Factor Authentication
• Rublon Two-Factor Authentication
• Duo Two-Factor Authentication

Other Important Security Considerations

There are a few more things you can do to fully secure your WordPress site.

Both the WordPress plugins and the version of WordPress itself should be updated at all times. Hackers often try to exploit vulnerabilities in older versions of code on your site. If you don’t update both of these, you’re leaving your site at risk.

1. Regularly select Plugins and Installed Plugins in your WordPress admin panel. Review all plugins for a status that says a new version is available.

When you do see one that’s out of date, select update now. You may also consider selecting Enable auto-updates for your plugins. 

However, some people are wary of doing this since plugin updates can sometimes break your site or theme. So it’s always a good idea to test plugin updates on a local WordPress test site before enabling them on your live site.

2. When you log into your WordPress dashboard, you’ll see a notification that WordPress is out of date if you’re running an older version.

Again, backup the site and load it to a local test site on your own PC to test that the WordPress update doesn’t break your site before you update it on your live website.

3. Take advantage of your web host’s free security features. Most web hosts offer a variety of free security services for the sites you host there. They do this because it not only protects your site, but it keeps the entire server safe. This is especially important when you’re on a shared hosting account where other clients have websites on the same server.

These often include free SSL security installs for your site, free backups, the ability to block malicious IP addresses, and even a free site scanner that’ll regularly scan your site for any malicious code or vulnerabilities.

Running a website is never just as simple as installing WordPress and just posting content. It’s important to make your WordPress website as secure as possible. All of the above tips can help you do so without too much effort.

Related posts

• 3 siyaabood oo aad ku heli karto erayga sirta ah ee ugu ammaansan

• Abka fariimahaagu runtii ma yahay mid amaan ah?

• 3 Siyaabood oo Sawir ama Fiidyow Looga Qaado Buugga Chrome-ka

• Sida loo ogaado Computer & Email Monitoring ama Basaas Software

• Tignoolajiyada Bandhiga Flat Panel La Demystified: TN, IPS, VA, OLED iyo in ka badan

• Waa maxay Discord Streamer Mode iyo sida loo dejiyo

• Sida Loo Helo Maalmaha Dhalashada Facebook-ga

• DVI vs HDMI vs DisplayPort - Waxa aad u baahan tahay inaad ogaato

• Dejinta Kamarada ugu Fiican ee Sawirrada

• Sida loo aamusiyo qof khilaaf ku jira

• Sida Facebook Xusuus Loogu Helo

• Sida loo hubiyo Khaladaadka Hard-kaaga

• Sida loo soo dejiyo oo loogu rakibo Peacock on Firestick

• Sida loo raadiyo oo loo helo qof la tirtiray Tweets

• 7 Degdeg ah Hagaajinta Marka Minecraft uu sii wado shil

• Sida loo soo diro fariin qoraal ah oo qarsoodi ah oo aan dib laguugu soo celin karin

• Sida loogu raadiyo asxaabta Facebook goob, shaqo, ama dugsi

• Sida Luqadda loogu beddelo Netflix

• Sida loo qaybiyo clip gudaha Adobe Premiere Pro

• Sida maqaal loogu dhejiyo Linkedin (iyo waqtiyada ugu fiican ee la dhejiyo)