Основые безопасности wordpress
Post on 18-Jun-2015
2.312 Views
Preview:
DESCRIPTION
TRANSCRIPT
Основы безопасностиWordPress
passwordabc123qwertydragon11111monkeybaseballiloveyoutrustno1sunshinemaster123123welcomeshadowashleyfootballjesusmichaelnincjamustangpass1passw0rdsuperman654321qazwsxbaileyworkgodjobangelconnectkiller123456jordancareer1234princesspepperdevillinkwork passwordabc123qwertydragontrustno1sunshinemaster123123welcome 11111monkeyashleyfootballjesusmichaelnincjamustangpass1shadowsuperman654321qazwsxbaileyworkgodjob passw0rd
x^%zJ90-_!)p#Kz~d9
Members
User Role Editor
http://wordpress.org/extend/plugins/members/
http://wordpress.org/extend/plugins/user-role-editor/
passwoqypasswoqzpassworapassworbpassworcpasswordpassworepassworfpassworgpassworhpasswori
Bruteforce или полный перебор
Limit Login Attempts
Captcha
http://wordpress.org/extend/plugins/limit-login-attempts/
http://wordpress.org/extend/plugins/captcha/
Google Authenticatorhttp://wordpress.org/extend/plugins/google-authenticator/
24,000плагинов~ 100 новых плагиновкаждую неделю
plugins@wordpress.org
themes@wordpress.org
Источник №1 для уязвимых тем
Обновления ОбновленияОбновления
Automatic Updater
Update Notifier
http://wordpress.org/extend/plugins/automatic-updater/
http://wordpress.org/extend/plugins/update-notifier/
security@wordpress.org
Хостинг
Что делать если взломали?
Sucuri Security
Exploit Scanner
Google Webmaster Tools
VaultPress
http://sucuri.net/
http://wordpress.org/extend/plugins/exploit-scanner/
http://google.com/webmasters/
http://vaultpress.com/
Резервное копирование
Для разработчиков тем и плагинов для WordPress
Валидация и экранирование
wp_kses()esc_attr()esc_js()esc_textarea()sanitize_text_field()$wpdb->prepare()...
wp-includes/kses.phpwp-includes/formatting.phpwp-includes/wp-db.php
Привилегии и намерения
current_user_can()
wp_create_nonce()wp_nonce_field()wp_verify_nonce()check_admin_referer()check_ajax_referer()
wp-includes/capabilities.phpwp-includes/pluggable.php
top related