Last update at :2024-07-14,Edit by888u
In the past few days, I have seen many netizens mention the problem of backdoor Trojans being implanted in their WordPress websites. They solved them by eliminating them one by one. Most of the problems were caused by the pirated or cracked themes or plug-ins used by the website. Because The so-called cracked theme plug-in we downloaded may have been implanted with a backdoor at that time. Once the website has a certain color, the backdoor will be implanted, and today's hackers are relatively professional and will not delete it directly. Instead of using data, websites or servers are used to outsource operations such as outsourcing or mining.
Including some time ago, I saw that a netizen's WordPress was being used to publish many English articles. In fact, it should be that a backdoor vulnerability was exploited, and then your publishing author permissions were used to publish articles on your website, which was used to publish soft articles to increase the weight of the promotion website. the goal of. So what exactly is the problem causing these websites with WordPress problems? What do we need to do to prevent these problems?
In this article, Snail simply records a few methods to help netizens in need solve such problems. At least we can troubleshoot these problems. If we have similar problems, we can check to see if it belongs to one of them, and we will try our best to prevent the occurrence of these problems when preparing to build the website.
First, timely update and upgrade procedures
In the past few days, we have seen that WordPress has been upgraded to version 5.5. Unless we have special theme and plug-in compatibility issues, we will usually upgrade to the latest version in a timely manner. Of course, we'd better back up before upgrading to avoid incompatibility problems. Generally, we will still make it compatible. Besides, if it is not compatible, we have to make it compatible with the latest version.
At the same time, when we use WordPress themes and plug-ins, we also need to upgrade to the latest plug-ins. For example, a few days ago, Snail also recorded that the One In All seo plug-in is vulnerable (the All in One SEO Pack plug-in has security issues that require Update the version in a timely manner), we need to encounter the latest version and update it in a timely manner.
Second, no pirated cracked theme plug-ins are used
Snail personally can also understand why we use pirated themes and plug-ins. Firstly, it may be due to lack of budget, and secondly, it may be uncomfortable that some themes actually need to bind domain names. But to ensure safety, my personal suggestion is to either use free themes, or when using commercial themes, try to use official versions, and do not use cracked or pirated versions.
Because we have seen that many cracked versions of WordPress themes are encrypted with backdoors. You may not have any problems at first, but you will indeed encounter some problems later. For example, the well-known RIPRO resource theme has been reported by some netizens as having a backdoor, including the previously cracked version of the Robin theme, which also had problems.
Third, ensure the security of strong passwords for accounts
Including Snail, when solving server problems for some netizens, they use server passwords or panel passwords, including website passwords, which are really simple. Some only use five or six numbers as passwords, and some passwords can really be guessed at will. In particular, the WordPress website we use is implanted with administrator rights. It may be because our account password is not strong, causing the password to be guessed by the software, and then articles are published with administrator rights.
At the same time, we need to pay attention to the security of the server. Including when we use the panel to manage the website, we also need to ensure the latest version of the panel software.
Finally, there is another strange problem that I have encountered before. Some virtual host providers themselves are not very secure. It may be because of the security issues of the host provider that our website is unsafe. When encountering this problem, we can only go to Generally, cloud servers cannot change server vendors. The server is an environment configured by ourselves.
Recommended site searches: How much does it cost to rent a server for a year, 30-day virtual host trial, buy high-defense server, foreign space service provider, free stable space, app server rental, exclusive host, overseas virtual host, the cheapest dual Online space European server,
发表评论