Основы безопасностиWordPress

passwordabc123qwertydragon11111monkeybaseballiloveyoutrustno1sunshinemaster123123welcomeshadowashleyfootballjesusmichaelnincjamustangpass1passw0rdsuperman654321qazwsxbaileyworkgodjobangelconnectkiller123456jordancareer1234princesspepperdevillinkwork passwordabc123qwertydragontrustno1sunshinemaster123123welcome 11111monkeyashleyfootballjesusmichaelnincjamustangpass1shadowsuperman654321qazwsxbaileyworkgodjob passw0rd

x^%zJ90-_!)p#Kz~d9

Members

User Role Editor

http://wordpress.org/extend/plugins/members/

http://wordpress.org/extend/plugins/user-role-editor/

passwoqypasswoqzpassworapassworbpassworcpasswordpassworepassworfpassworgpassworhpasswori

Bruteforce или полный перебор

Limit Login Attempts

Captcha

http://wordpress.org/extend/plugins/limit-login-attempts/

http://wordpress.org/extend/plugins/captcha/

Google Authenticatorhttp://wordpress.org/extend/plugins/google-authenticator/

24,000плагинов~ 100 новых плагиновкаждую неделю

plugins@wordpress.org

themes@wordpress.org

Источник №1 для уязвимых тем

Обновления ОбновленияОбновления

Automatic Updater

Update Notifier

http://wordpress.org/extend/plugins/automatic-updater/

http://wordpress.org/extend/plugins/update-notifier/

security@wordpress.org

Хостинг

Что делать если взломали?

Sucuri Security

Exploit Scanner

Google Webmaster Tools

VaultPress

http://sucuri.net/

http://wordpress.org/extend/plugins/exploit-scanner/

http://google.com/webmasters/

http://vaultpress.com/

Резервное копирование

Для разработчиков тем и плагинов для WordPress

Валидация и экранирование

wp_kses()esc_attr()esc_js()esc_textarea()sanitize_text_field()$wpdb->prepare()...

wp-includes/kses.phpwp-includes/formatting.phpwp-includes/wp-db.php

Привилегии и намерения

current_user_can()

wp_create_nonce()wp_nonce_field()wp_verify_nonce()check_admin_referer()check_ajax_referer()

wp-includes/capabilities.phpwp-includes/pluggable.php