Difference between revisions of "WordPress"

From WOT Wiki
Jump to: navigation, search
(Revert major vandalism)
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
''Услугами сайта, собирающего все самые выгодные предложения от интернет-магазинов, каждый день пользуется более ста тысяч покупателей по всему миру. Знаменитый ресурс [http://www.cuponation.ru www.cuponation.ru]  представленный в 15 странах, уже год успешно работает на российском рынке. На данный момент среди партнеров скидочной платформы в России уже более 1000 ритейлеров и марок.''
+
This guide is just the basics to new, non-technical WordPress users. For more advanced technical users, follow the guide on WordPress (Hardening WordPress) - http://codex.wordpress.org/Hardening_WordPress.
  
Интернет-шопинг с каждым днем набирает все большую популярность: покупая в интернете, можно сэкономить немало средств, используя разнообразные купоны и промокоды на скидки. Неудивительно, что большая часть партнеров [http://www.cuponation.ru www.cuponation.ru]  – крупные представители онлайн-торговли, желающие идти в ногу со временем. В числе компаний, сотрудничающих с [http://www.cuponation.ru www.cuponation.ru] , представлены как отечественные интернет-магазины, например Lamoda, OZON.ru и Связной, так и иностранные, среди которых, например, известный магазин одежды Asos.
+
==Keep Up to Date==
  
Как работает сайт [http://www.cuponation.ru www.cuponation.ru] ? Всем знакомые спецпредложения и скидки, которые предлагаются в онлайн-магазинах, CupoNation размещает на своем сайте. Таким образом, покупатель оказывается всего в одном клике от большинства акций, которые представлены в Рунете на данный момент. И даже больше: некоторые скидочные предложения представляются на сайте [http://www.cuponation.ru www.cuponation.ru] эксклюзивно, и найти их можно только на этом сайте. Для удобного поиска все предложения распределяются по категориям: акции магазина Летуаль можно найти в разделе «Красота и здоровье», а раздел «Мода и аксессуары» предлагает купить со скидкой товары в магазинах Incity и Ламода.
+
The first rule is quite simple, keep WordPress up to date, all your plug-ins, and all your themes up to date. Each update is usually because a bug has been found and corrected, new vulnerabilities being found and corrected, or just the functionality has been improved. It is important that you keep all aspects of your WordPress site up to date. The most common cause of your site being exploited is due to some part being outdated.
  
Все предложения, представленные на сайте, тщательно отбираются и регулярно проверяются специалистами CupoNation. Это делается для того, чтобы отсеить неработающие ссылки и купоны, срок действия которых истек. Отслеживать свежие скидки каждый день не обязательно. Держать покупателей в курсе позволяет рассылка по электронной почте: подписавшись, можно быть в курсе новых предложений даже не заходя на сайт.
+
==Remove unused features==
  
Создатели [http://www.cuponation.ru www.cuponation.ru]  видят свою миссию в том, чтобы стать для покупателя проводником в мир скидок. Главным преимуществом сайта является возможность сэкономить не только деньги, но и гораздо более ценный ресурс: время. Поэтому компания [http://www.cuponation.ru www.cuponation.ru]  работает по принципу одного окна – берет все заботы о поиске выгодных предложений на себя.
+
If you have several themes installed, these can still be exploited whether active or not. Once you have settled on a theme for your site, remove any extra themes from your server.
  
[http://www.cuponation.ru www.cuponation.ru]
+
This is also true for plugins for your WordPress site, even inactive plugins can still be exploited, so any plugins you no longer use, delete these files from your server.
 +
 
 +
==Reduce Spam==
 +
Through your settings in the dashboard it is advised that you disallow the usage of PingBacks as these can be abused by spammers. Also make sure all comments need admin approval before being displayed on the site. There is an option that will allow a user that has 1 approved comment then be allowed to make other comments without prior approval, switch this off, as it is better just to approve each comment as they are made.
 +
 
 +
==Recommended Plugins==
 +
 
 +
*'''Askimet Plugin''' - http://wordpress.org/extend/plugins/akismet/
 +
*:Comments are checked against the Askimet web service to see if the comments look like spam. Any spam comments are moved to a spam folder for you to review at a later date. Very good accuracy rate.
 +
 
 +
*'''Stop Spammers Registration Plugin''' - http://wordpress.org/extend/plugins/stop-spammer-registrations-plugin/
 +
*:Any email address that is being used to register on your site is automatically checked against the Stop Forum Spam database. If a match is found they cannot register with your site.
 +
 
 +
*'''Project Honey Pot Spam Trap''' - http://wordpress.org/extend/plugins/project-honey-pot-spam-trap/
 +
*:Invisible links are scattered throughout your blog that only Bots can see. Their IP addresses will be tagged and this info will be sent back to ProjectHoneyPot.org
 +
 
 +
*'''Secure WordPress''' - http://wordpress.org/extend/plugins/secure-wordpress/
 +
*:Registered users can have a lot of access to useful information that will help them if they decide to hack your site. This plugin will remove some of that information (as well as doing some other minor tweaks) such as removing update notices to non-admins, removes the WordPress version number, error-information on login page, etc.
 +
 
 +
*'''Login Lockdown''' - http://wordpress.org/extend/plugins/login-lockdown/
 +
*:Every failed log-in attempt is logged (IP Address and Timestamp). If a certain amount of log-in attempts are failed within a short time period then the log-in function is disabled for one hour (default setting) for the IP range.
 +
 
 +
*'''WordPress Firewall 2 ''' - http://wordpress.org/extend/plugins/wordpress-firewall-2/
 +
*:This has been updated due to bug fixes on WordPress Firewall. Scans every request made on your site and blocks suspicious requests and notifies the blog admin of any reported attack on the site. Very handy for reducing SQL attacks against a WordPress site as well as many other useful security features.
 +
 
 +
*'''Lockdown WP Admin''' - http://wordpress.org/extend/plugins/lockdown-wp-admin/
 +
*:Prevent access to WP Admin area by renaming the yourdomain.com/wp-admin/ to yourdomain.com/anythingyoulike/, this is a very handy plugin which hides your wp-admin login area preventing malicious users from trying to access your site through brute force attacks.

Latest revision as of 15:36, 12 April 2015

This guide is just the basics to new, non-technical WordPress users. For more advanced technical users, follow the guide on WordPress (Hardening WordPress) - http://codex.wordpress.org/Hardening_WordPress.

Keep Up to Date

The first rule is quite simple, keep WordPress up to date, all your plug-ins, and all your themes up to date. Each update is usually because a bug has been found and corrected, new vulnerabilities being found and corrected, or just the functionality has been improved. It is important that you keep all aspects of your WordPress site up to date. The most common cause of your site being exploited is due to some part being outdated.

Remove unused features

If you have several themes installed, these can still be exploited whether active or not. Once you have settled on a theme for your site, remove any extra themes from your server.

This is also true for plugins for your WordPress site, even inactive plugins can still be exploited, so any plugins you no longer use, delete these files from your server.

Reduce Spam

Through your settings in the dashboard it is advised that you disallow the usage of PingBacks as these can be abused by spammers. Also make sure all comments need admin approval before being displayed on the site. There is an option that will allow a user that has 1 approved comment then be allowed to make other comments without prior approval, switch this off, as it is better just to approve each comment as they are made.

Recommended Plugins

  • Askimet Plugin - http://wordpress.org/extend/plugins/akismet/
    Comments are checked against the Askimet web service to see if the comments look like spam. Any spam comments are moved to a spam folder for you to review at a later date. Very good accuracy rate.
  • Secure WordPress - http://wordpress.org/extend/plugins/secure-wordpress/
    Registered users can have a lot of access to useful information that will help them if they decide to hack your site. This plugin will remove some of that information (as well as doing some other minor tweaks) such as removing update notices to non-admins, removes the WordPress version number, error-information on login page, etc.
  • Login Lockdown - http://wordpress.org/extend/plugins/login-lockdown/
    Every failed log-in attempt is logged (IP Address and Timestamp). If a certain amount of log-in attempts are failed within a short time period then the log-in function is disabled for one hour (default setting) for the IP range.
  • WordPress Firewall 2 - http://wordpress.org/extend/plugins/wordpress-firewall-2/
    This has been updated due to bug fixes on WordPress Firewall. Scans every request made on your site and blocks suspicious requests and notifies the blog admin of any reported attack on the site. Very handy for reducing SQL attacks against a WordPress site as well as many other useful security features.
  • Lockdown WP Admin - http://wordpress.org/extend/plugins/lockdown-wp-admin/
    Prevent access to WP Admin area by renaming the yourdomain.com/wp-admin/ to yourdomain.com/anythingyoulike/, this is a very handy plugin which hides your wp-admin login area preventing malicious users from trying to access your site through brute force attacks.
Retrieved from "https://www.mywot.com/wiki/index.php?title=WordPress&oldid=15873"