堆栈内存溢出
  简体   繁体   English

保护Wordpress网站免于添加垃圾邮件脚本?

[英]Protect Wordpress website from adding spam scripts?

 原文  2016-03-03 12:34:04       php/ wordpress/ security/ malware

问题描述

Once found a spam script on site, I removed it, changed all ftp and wordpress passwords and installed Sucuri Security plugin. 在网站上找到垃圾邮件脚本后,我将其删除,更改了所有ftp和wordpress密码,并安装了Sucuri Security插件。 And now, after 3 weeks, again spam messaging is detected and I found in Sucuri Security logs this record: 现在,三周后,再次检测到垃圾邮件,我在Sucuri Security中发现了以下记录:

system 127.0.0.1 New file added: (multiple entries): wp-admin/.htaccess (size: 244) wp-admin/ms-default-constants-stat.php (size: 11674) wp-content/.htaccess wp-content/wlwmanifest_backup.php

In last login logs, there was no successful logins in these 3 weeks. 在最近的登录日志中,这3周没有成功登录。 And I doubt that hackers guessed ftp password. 而且我怀疑黑客猜到了ftp密码。 Changed all passwords anyway but now I would like to prevent this in future. 无论如何都更改了所有密码,但是现在我希望以后再防止这种情况。 Are there ways to prevent this from happening again? 有什么方法可以防止这种情况再次发生?

2 个解决方案

解决方案1
 2  2016-03-22 05:42:28

Do one thing install gotmls wordpress plugin in your wordpress site 1) update the key after registration 2) scan the whole site 3) after this install wp-security plugin to make site more protected 做一件事在您的wordpress网站上安装gotmls wordpress插件1)注册后更新密钥2)扫描整个站点3)在此安装wp-security插件之后,以使站点受到更多保护

Hope you will get your solution Cheers :) 希望你能得到解决方案的欢呼:)

解决方案2
 0  2016-03-03 12:43:55

Wordpress hacks are often due to outdated plugins, sometimes included in the theme (and not installed/updated by Wordpress itself). WordPress黑客通常是由于插件过时,有时包含在主题中(而不是由WordPress本身安装/更新)。 Check with your theme's author if you're using a paid theme. 如果您使用的是付费主题,请与主题的作者联系。

Spam scripts themselves also never come alone: once a hacker gets in, they automatically deploy several (possible hundreds) of backdoors, shells and ways to get access back if you decide to remove their spamming script. 垃圾邮件脚本本身也永远不会孤单:黑客入侵后,如果您决定删除其垃圾邮件脚本,它们会自动部署数个(可能是数百个)后门,shell和获取访问权限的方法。

Hacks are best cleared by restoring a backup which you can guarantee is 100% clean and updating everything. 最好通过还原备份来清除黑客,您可以保证备份100%干净并更新所有内容。 If you can't do this, you'll need to use several malware scanners to get rid of the scripts. 如果无法执行此操作,则需要使用多个恶意软件扫描程序来删除脚本。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WordPress排队脚本不添加脚本 - WordPress enqueue scripts not adding scripts 在Wordpress中添加条件脚本 - Adding conditional scripts in wordpress 在PHP中保护Mailto链接免受垃圾邮件的好方法 - A Good Way to Protect a Mailto Link From Spam in PHP 使用空字段(蜜罐)保护表单免受垃圾邮件(PHP)的侵害 - Protect form from spam (PHP) with empty fields (honeypot) 我网站上的交易邮件成为垃圾邮件 - Transaction mails from my website goes as spam 防止联系表格 7 在 wordpress 中发送垃圾邮件 - prevent contact form 7 from sending spam in wordpress 保护PHP脚本不受未经授权的访问 - Protect PHP Scripts from unauthorized access 如何保留格式并保护代码免受脚本的影响 - How to preserve formatting and protect the code from scripts 从Facebook网站将Facebook按钮添加到WordPress网站 - Adding Facebook Buttons from the Facebook website on to a WordPress Site 保护图像免于从网站下载 - Protect the images from downloading from the website
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM