wordpress.org和许多其他第三方提供了数以千计的插件和主题.有很多可能会上传不良插件和主题,一旦上传,就可以将有关网站的信息发送给其所有者.它还可以在wp-config.php中发送信息(高安全风险).
请告诉我如何保护WordPress网站,而不是逐行阅读代码.另请告诉我,wordpress.org上的插件和主题是否会被wordpress开发人员分析为类似的威胁,然后再向公众公开.
谢谢.
所有人的和平……
解决方法:
有一篇关于best plugins for wordpress组合在一起的主题安全性的文章很好.你也可以直接从wordpress插件网站上获得社区给出的评分.如果您使用具有4-5星评级和大量下载/评级的插件,您很可能会没问题.但是,因为这是一个开源项目,所以实际上并没有100%的方法可以让黑客和“坏人”将代码置于一个看起来很好的主题/插件中.
在这种情况下,如果您关注主题或插件,我会一直仔细查看代码并确保它们对您来说都很好看.当然这总是很耗时,如果你对代码不满意,这可能不是一个选择.如果您对某组插件/主题有疑问,请确定如果您在此处发布,有很多人使用过该插件,也许之前的主题可以帮助您.
1 07001
A very simple and straight forward plugin that will scan all files within your theme to >>check for any malicIoUs or unwanted code.
2 07002
You may notice that a lot of free themes aren’t available directly from wordpress.org, >>the main reason for this is that most free themes don’t pass the tests that wordpress.org subjects them too. This nifty plugin will provide you with all the testing tools you will need to conduct the same tests that wordpress.org does. It’s also useful for theme developers who want to make sure their theme supports the latest standards.
3 07003
This plugin isn’t just for themes, it’s for your entire site, so it’s worth keeping once you’ve checked out the theme you’ve decided to use on your site. It scans all files, posts and comments on your site for any possible exploits or anything that looks suspicIoUs, please note however that this plugin will not remove any files.
