👋🏼Welcome to my WP-Host blog where I am excited to share my knowledge and expertise on WordPress hosting and website construction tutorials with you. Let’s connect and learn from each other! You can reach me at info@yrshare.com.
(如果你会中文,可以点击微信图标与我联系。)
注:因个人英文水平有限,所以暂时只能为懂中文的朋友提供wordpress建站服务
微信:18200592859 或 yrwordpress
SiteGround主机有一个配套的wordpress安装插件-SiteGround Security,使用它可以完美的代替其它同类型的付费安全插件,比如Wordfence等。只要你使用的是SiteGround主机,那就可以完全免费的使用SiteGround Security插件。(其它非SiteGround主机也可以使用这个插件,不过只有在SiteGround主机上它才能发挥最大的作用)
下面是SiteGround Security插件的介绍文章,大家可以看看:
The security of our clients’ websites has always been an extremely important part of our web hosting services. Some of the brightest technical minds in our team have been continuously dedicated to crafting unique security solutions and keep the safety level of our hosting infrastructure on an unmatched high level. We have been an industry pioneer in developing server level protections like account isolation, server health monitoring, anti-bot traffic prevention, etc. We also know that on top of the server level solutions, the security of each individual website should be strengthened on application level too. That is why we provide services like auto updates, backups and WAF protection to our clients.
Today we are happy to introduce another tool that can greatly enhance any WordPress site security – our brand new SiteGround Security plugin. The SiteGround Security plugin is available for free download for anyone and it comes preinstalled with all new WordPress installations hosted at SiteGround and provides its users an easy way to protect a WordPress site from malicious attacks. It also includes valuable tools that can help a website owner react in case there is a suspicion that the site might have been compromised. Read below to learn how to make your site safer with our new plugin.
In the Site Security section of our plugin you will be able to easily switch on several rules that will harden your website security and prevent common malware, bruteforce and other security issues. Some of these rules, like hiding your WordPress version or deleting your default readme.txt, will make it harder for crawlers to detect you’re even using WordPress. Thus your website will not be easily identified as a possible attack victim when a vulnerability appears. Other rules in this section will add advanced XSS protection and protect your system folders from being injected with malicious files.
In the Login Security section of our plugin you will be able to apply several methods that protect your login from unauthorised access. One of the most recommended methods to protect your login is the 2-factor authentication and with the SiteGround Security plugin, you can easily switch it on for your WordPress administrative area. Some simple, yet very effective protection measures like changing your login URL and not allowing “admin” to be used as a username can be also easily set here. You can also limit the number of login attempts from one and the same IP, which will block attackers trying to guess your password through brute force. And if you want to go even deeper in protecting your WordPress login, there are two more advanced options available. You can specify the IPs from which your login page can be accessed. The option should be used with caution if you use dynamic IP, so that you do not block yourself out.
One of the best plugin features is the detailed Activity log. It allows you to pinpoint things like bad IP addresses that try to access your website as well as registered users that are performing tasks they are not supposed to. For example, you can block with one click IPs that have numerous incorrect logins and at the same time find out which user has deleted that post you are missing. For the initial version, we keep the log 16 days back so it’s worth giving it a look every now and then especially if you have a busy site and number of users with the capabilities to edit content.
In the Post-hack section of the plugin you will find a set of actions that are useful, if you believe your site security has been compromised. Here you will be able to automatically log out all users and force them to change passwords. This way if any user was compromised, you may stop the malicious access through its account. You will also be able to reinstall all your current plugins. This will make sure you are using a clean copy of each plugin instead of a possible compromised one. Please bear in mind that although these post-hack actions are handy, they are not a substitute to a thorough site clean up that might need to be done by a WordPress security expert, if there are signs that your website might have been hacked.
SiteGround Security plugin is available as any other free WordPress plugin. You can find it in the official WordPress plugin repository (https://wordpress.org/plugins/sg-security/) or install it directly through your WordPress admin area. If you host your next WordPress website at SiteGround, using the plugin comes right out-of-the-box, since all new WordPress installations now come with the SiteGround Security plugin preinstalled with some of its features enabled by default.
我们客户网站的安全性一直是我们网络托管服务中极其重要的一部分。我们团队中一些最聪明的技术人才一直致力于制定独特的安全解决方案,并将我们托管基础设施的安全水平保持在无与伦比的高水平。我们一直是开发服务器级保护的行业先驱,如帐户隔离、服务器健康监控、反僵尸流量防护等。我们还知道,在服务器级解决方案之上,每个网站的安全性也应该在应用程序级别得到加强。这就是我们为客户提供自动更新、备份和 WAF 保护等服务的原因。
今天我们很高兴地介绍另一个可以大大增强任何WordPress网站安全性的工具 – 我们全新的SiteGround Security插件。SiteGround Security插件可供任何人免费下载,它预装了SiteGround上托管的所有新WordPress安装,并为其用户提供了一种保护WordPress网站免受恶意攻击的简单方法。它还包括有价值的工具,可以帮助网站所有者在怀疑该网站可能已被入侵时做出反应。请阅读以下内容,了解如何使用我们的新插件使您的网站更安全。
在我们插件的“站点安全”部分中,您将能够轻松打开多个规则,这些规则将加强您的网站安全性并防止常见的恶意软件,暴力破解和其他安全问题。其中一些规则,例如隐藏WordPress版本或删除默认自述文件.txt,将使爬虫更难检测到您正在使用WordPress。因此,当出现漏洞时,您的网站将不容易被识别为可能的攻击受害者。本节中的其他规则将添加高级 XSS 保护,并保护您的系统文件夹不被注入恶意文件。
在我们插件的登录安全部分,您将能够应用多种方法来保护您的登录免受未经授权的访问。保护您的登录的最推荐方法之一是 2 因素身份验证,使用 SiteGround 安全插件,您可以轻松地为您的 WordPress 管理区域打开它。一些简单但非常有效的保护措施,例如更改登录 URL 和不允许将“admin”用作用户名,也可以在此处轻松设置。您还可以限制来自同一 IP 的登录尝试次数,这将阻止攻击者试图通过暴力破解您的密码。如果您想更深入地保护您的WordPress登录,还有两个更高级的选项可用。您可以指定可从中访问登录页面的 IP。如果使用动态 IP,则应谨慎使用该选项,以免将自己挡在外。
最好的插件功能之一是详细的活动日志。它允许您查明诸如尝试访问您网站的不良 IP 地址以及正在执行他们不应该执行的任务的注册用户之类的事情。例如,您可以通过一键阻止具有大量错误登录的IP,同时找出哪个用户删除了您丢失的帖子。对于初始版本,我们会将日志保留 16 天,因此值得时不时地查看一下,特别是如果您有一个繁忙的网站和具有编辑内容功能的用户数量。
在插件的“黑客后”部分中,如果您认为您的网站安全性已受到损害,您将找到一组有用的操作。在这里,您将能够自动注销所有用户并强制他们更改密码。这样,如果任何用户遭到入侵,您可以通过其帐户停止恶意访问。您还可以重新安装所有当前的插件。这将确保您使用的是每个插件的干净副本,而不是可能已泄露的副本。请记住,尽管这些黑客攻击后的操作很方便,但如果有迹象表明您的网站可能已被黑客入侵,它们不能替代可能需要由WordPress安全专家完成的彻底网站清理。
SiteGround Security插件可与任何其他免费的WordPress插件一起使用。您可以在官方WordPress插件存储库(https://wordpress.org/plugins/sg-security/)中找到它,也可以直接通过WordPress管理区域安装它。如果您在SiteGround上托管下一个WordPress网站,则使用该插件是开箱即用的,因为所有新的WordPress安装现在都预装了SiteGround Security插件,默认情况下启用其某些功能。
