Diferències

Ací es mostren les diferències entre la revisió seleccionada i la versió actual de la pàgina.

Enllaç a la visualització de la comparació

--- web:security:wordpress [11/02/2016 01:45] – [plugins] mate
+++ web:security:wordpress [03/01/2024 23:58] (actual) – mate
@@ Línia 4: / Línia 4: @@
   * /vía: [[http://www.katharsix.com/la-seguridad-en-wordpress-algunos-consejos-ii/]]
-== aplicación
+  * [[web:security:wordpress:multisite]]
+== securizar
   * cambiar usuario "admin"
   * tener el WP actualizado
@@ Línia 11: / Línia 13: @@
   * quitar versión de WP, añadiendo una función en el fichero **functions.php**:<code php>function no_generator() { return ''; }
 add_filter( 'the_generator', 'no_generator' );</code>
+  * Desactivar XML-RPC (plugin -> **Disable XML-RPC-API**)
+    * [[https://www.wpbeginner.com/plugins/how-to-disable-xml-rpc-in-wordpress/]]
+    * [[https://www.fortinet.com/blog/threat-research/gotrim-go-based-botnet-actively-brute-forces-wordpress-websites]]
+    * [[https://unaaldia.hispasec.com/2022/12/gotrim-la-red-de-bots-que-busca-controlar-cuentas-de-administrador-de-wordpress.html]]
+    * <code bash>wget https://<site>/wp-json/wp/v2/users</code>
+  * Cambiar dirección login (plugin -> **WPS Hide Login**)
+== trucos
+  * obligar método https VS ftp al actualizar:<code php; wp-config.php>define('FS_METHOD', 'direct');</code>
+== recover & debugging
+  * desactivar plugins:[[https://www.ostraining.com/blog/wordpress/disable-a-wordpress-plugin/]]
+    * ''wp-content/plugins'', rename
+    * DBB -> wp-options -> active_plugins
+  * DEBUG:[[https://wordpress.org/support/article/debugging-in-wordpress/]]
+== plugins
+  * Activity Log
+  * All in One WP Security
+  * Asesor de Cookies
+  * [[http://wordpress.org/extend/plugins/akismet/|Akismet]], el antispam
+  * [[http://wordpress.org/extend/plugins/broken-link-checker/|Broken Link Checker]]
+  * Contact Form 7 (formularios de contacto sencillos)
+  * Disable XML-RPC-API
+  * Easy HTTPS redirection
+  * Email Log
+  * Font Awesome
+  * Google Analytics
+  * Google Analytics dashboard for WP
+  * [[http://wordpress.org/extend/plugins/limit-login-attempts/|Limit Login attempts]]
+  * Loginizer Security
+  * MailPoet newsletters
+  * Media Library Organizer
+  * <del>miniOrange 2 factor auth.</del>
+  * Obfuscate Email
+  * PHP Compatibility Checker
+  * User Groups
+  * User Groups restrictions
+  * Secure WordPress
+  * WP 2FA - Two-factor authentication for WordPress
+  * WP Construction Mode (diferentes opciones para poner la página "en obras")
+  * WP Database Backup
+  * WP Email Template lite
+  * WP Forms Lite
+  * WPS Hide Login
+  * WP Maintenance mode
+  * [[http://wordpress.org/extend/plugins/wordpress-firewall-2/|WordPress Firewall 2]]
+  * WP Super Cache
+  * YouTube
 == sistemas
@@ Línia 44: / Línia 95: @@
 </code>
     * [[http://ayudawordpress.com/seguridad-en-la-carpeta-uploads-de-wordpress/]]\\
-== plugins
-  * [[http://wordpress.org/extend/plugins/akismet/|Akismet]], el antispam
-  * [[http://wordpress.org/extend/plugins/broken-link-checker/|Broken Link Checker]]
-  * [[http://wordpress.org/extend/plugins/limit-login-attempts/|Limit Login attempts]]
-  * Secure WordPress
-  * [[http://wordpress.org/extend/plugins/wordpress-firewall-2/|WordPress Firewall 2]]
-  * <del>WP Cookies Alert (normativa)</del>
-  * Asesor Cookies
-  * WP Super Cache
-  * YouTube
-  * Email Log
-  * Google Analytics
-  * Google Analytics dashboard
-  * MailBot newsletter
-  * User Groups
-  * User Groups restrictions
-  * WP Email Template lite