究極のWordPressセキュリティガイド-ステップバイステップ (2024)

161件のコメント返信を残す

1. Kushal Phalak

   Great article! Last year my website was hacked(redirecting to another suspicious website), so I think it is a must to use security measure. In my case, I had to delete my website and was lucky that my hosting provider had backup feature. From then I used Wordfence to secure my websites, but moved to Sucuri as it provided the services like DDoS protection, and CDN as well.

   返信

   • Moinuddin Waheed

     I have been in the similar sitution where I was working for a reputed institue website.
     After making everything final, the director asked me date so that he can schedule a press release.
     I confidently suggested him a particualr date and before the schedule date,
     my website got corrupted and unfortunately I didn’t have any backup plan ready.
     I was completely screwed up and worked the whole day trying to restore to the previous working
     like condition.
     I think it is necessary that we give heed to each detail related to security.

     返信

2. Ayanda Temitayo

   Please I want to ask that is it security wise to change the url of the default login page to another custom url. Like from yourwebsite.com/wp-login to yourwebsite.com/anotherName-login

   I once use a plugin to change my login url to another url where nobody can easily route to my login page. So one of my SEO guy said it will be easy for hackers to hack my site if the plugin is vulnerable and I will lose everything on my website if I keep using a custom route to login page.

   What’s your opinion about changing the default login route?

   返信

   • WPBeginner Support

     Changing your login URL is personal preference and not specifically for security.

     返信

     管理者

3. al amin Sheikh

   Two important things in a website – Performance and Security.
   Nicely explained how we can protect our site from hackers. Thanks, WPB.

   返信

   • WPBeginner Support

     You’re welcome

     返信

     管理者

4. mohadese esmaeeli

   Hello, thank you for this excellent article.I also want to add a few more items to this list, such as using the Google reCAPTCHA plugin, employing security hardware related to the server, examining security tools within the hosting environment, such as Imunify360, and regularly changing passwords at short intervals.

   返信

   • WPBeginner Support

     Thank you for your recommendations, hosts do have different tools so it would be best to check with the hosting provider for any security tools they offer

     返信

     管理者

5. Fajri

   Whoa, the method to Disable XML-RPC in WordPress is totally new for me.

   I am gonna try to applicate it to add more security for my websites. Thanks for this information team!

   返信

   • WPBeginner Support

     Glad you found our article helpful

     返信

     管理者

6. Murad Prodhan

   WPbeginner is one the best websites for our community. This article is very helpful for me. Thanks WPbeginner.

   返信

   • WPBeginner Support

     You’re welcome, glad the guide was helpful

     返信

     管理者

7. Jiří Vaněk

   This is a great article. There are many things here that never occurred to me, even though I tried to secure with WordPress as much as possible. I just copied a snippet to hide error messages when logging into WordPress and I’m going to apply it to my website. It probably won’t stop at just this thing. This article is really a fantastic list of great tips. Thank you for advancing awareness about security. Great job.

   返信

   • WPBeginner Support

     You’re welcome, glad our guide was helpful

     返信

     管理者

8. Etop Udoekene

   Thanks very much. This information has come to me at just the right time, as I am in the process of setting up my website again after losing my former laptop and Android phone to thieves.
   I am really grateful.

   返信

   • WPBeginner Support

     You’re welcome, hopefully things get better and we hope our guide helps you with keeping your site secure after that.

     返信

     管理者

9. Mark Ellsworth

   Thank you – very well organized and comprehensive! This will definitely help with what is an ongoing and challenging issue with WordPress installs.

   返信

   • WPBeginner Support

     Glad you found our security guide helpful

     返信

     管理者

10. Ifakayode Femi

    I loved this article and am bookmarking this page for future cause I might not remember the names of most plugins listed here, but sincerely this article helps a long way

    Thanks for taking your time to compose this
    Thanks a million times

    返信

    • WPBeginner Support

      Glad you found our guide and recommendations helpful!

      返信

      管理者

11. Nikhil

    thankyou sir it’s information is to important thankyou so much sir

    返信

    • WPBeginner Support

      You’re welcome, glad to hear our article was helpful!

      返信

      管理者

12. Yasin

    I am very grateful for this article, all thanks to wpbeginner.com.

    返信

    • WPBeginner Support

      You’re welcome glad you found our guide helpful!

      返信

      管理者

13. Belinda Viret

    Thank you for the great advice!

    返信

    • WPBeginner Support

      You’re welcome!

      返信

      管理者

14. Marko Kozlica

    Wow! Extensive and thorough article for beginners and experienced wordpressers alike. Keep up the good work!

    返信

    • WPBeginner Support

      Glad you found our article helpful!

      返信

      管理者

15. Federico

    Really good guide, very useful!

    返信

    • WPBeginner Support

      Glad you think so!

      返信

      管理者

16. Claudio Lopes

    Following the tips and feeling that my site is more secure.

    返信

    • WPBeginner Support

      Glad to hear our guide could help you!

      返信

      管理者

17. Bob De Maria

    Hi,
    I am brand new to this and this was my first email and I am ever glad I am signed up. You hit on one of my concerns that is right at the top of my list.

    I can’t thank you enough for a very well written and much appreciated tutorial.

    Best Regards,

    Bob De Maria

    返信

    • WPBeginner Support

      Glad to hear our guide was helpful!

      返信

      管理者

18. Kimberly

    FYI: Security issue on the WP Security Questions plugin. It’s been removed from wordpress.org.

    返信

    • WPBeginner Support

      Thank you for letting us know, we will be sure to look for an alternative we would recommend

      返信

      管理者

19. MS

    Hi guys! Txs a lot for this usefull resouces. 1 question, will any of this affect the loading time of my website/pages???

    返信

    • WPBeginner Support

      These should not cause a major change to your site’s speed.

      返信

      管理者

20. john

    nice Article ,

    Do use reCAPTCHA in forms is helpful in securing?

    返信

    • WPBeginner Support

      reCAPTCHA is for preventing spam more than security.

      返信

      管理者

21. tim jackz

    Hello team,

    If i install two security plugin in my wordpress website, is there any disadvantages for my website?

    返信

    • WPBeginner Support

      You would want to check with the support for the plugins you are looking to use, some work together but others try to do the same tasks which can cause conflicts.

      返信

      管理者

22. Diego

    My Wordpress site is running WordPress 5.1.8 which part of the 5.1 branch, last updated on November 2020. The current Wordpress version is 5.6.2.

    I don’t quite understands all these different branches of WP.
    Should I still need to upgrade?

    返信

    • WPBeginner Support

      Rather than upgrade, you need to update your site, you can take a look at our guide below for how to safely update your site:

      https://www.wpbeginner.com/beginners-guide/ultimate-guide-to-upgrade-wordpress-for-beginners-infograph/

      返信

      管理者

23. Julia

    So I pay premium and the free plugins are only for business, is there a way around that. They don’t let us pay for plugins. Premium and lower are not allowed to use them at all.

    返信

    • WPBeginner Support

      That would be a WordPress.com limitation, for the difference between WordPress.com and WordPress.org we would recommend taking a look at our article below:

      https://www.wpbeginner.com/beginners-guide/self-hosted-wordpress-org-vs-free-wordpress-com-infograph/

      返信

      管理者

24. Trisha

    Great tutorial, thank you! In going thru my 404 error logs, I see a lot of bots hitting non-existent plugins in my /plugins folder….I’m not overly concerned since the plugins they’re looking for don’t exist (hence the 404) BUT is there a way to protect my /plugins folder that won’t interfere with normal plugin operations? Is this advisable? Should I even be concerned?

    返信

    • WPBeginner Support

      That normally shouldn’t be something you should be concerned with unless the plugin is on your site then you may want to ensure you have that plugin up to date in case the bot was looking for a plugin with a security vulnerability.

      返信

      管理者

25. Ish

    I took over a word press site how would i know if my site has a cloud backup account prior before me?

    返信

    • WPBeginner Support

      You would need to check your active plugins and reach out to your hosting provider to see what is active for your site.

      返信

      管理者

26. Lu

    How can you find out if your site uses XML-RPC? Really useful as always. Thank you.

    返信

    • WPBeginner Support

      If your version of WordPress is up to date it should be active on your site normally.

      返信

      管理者

27. Julie Taylor

    Very helpful information. I would like to know your thoughts on the following, if i were to implement all of those security situations, particuarly those that were involving code etc does it effect Google to be able to pull up the site and for SEO to work effectively?

    返信

    • WPBeginner Support

      The security recommendations should not affect your site’s SEO

      返信

      管理者

28. MooN Minhas

    Thanks for sharing nice information.

    返信

    • WPBeginner Support

      Glad you found it helpful

      返信

      管理者

29. Samuel

    is this guide also applies to WordPress.com users?

    返信

    • WPBeginner Support

      No, our guides are for WordPress.org sites, you would want to reach out to WordPress.com for the hardening steps they allow

      返信

      管理者

30. Leanne

    This is one of the best tutorial sites (on any subject matter) I have found. Thank you I will refer wpbeginner to others – awesome site!

    返信

    • WPBeginner Support

      You’re welcome and glad you’ve found our content helpful

      返信

      管理者

31. Daniel

    You know there are guys charging more than $50 or $100 dollars to teach you how to do all of this, and you gave it for free! Thanks heaps guys!

    返信

    • WPBeginner Support

      You’re welcome

      返信

      管理者

32. Power

    Thanks for the article, its really useful

    返信

    • WPBeginner Support

      You’re welcome

      返信

      管理者

33. Mydas

    This was super-useful. I have the coding skills to implement all of it, and now I can take much better care of my and my clients’ Wordpress installations. Thank you for the info, it’s so complete that I can’t believe it’s free xD

    返信

    • WPBeginner Support

      You’re welcome, glad our guide was helpful

      返信

      管理者

34. Splendor Edesiri

    Please do I need a VPN to access my WordPress site from the backend as part of my WordPress site security.

    返信

    • WPBeginner Support

      No, that is not required

      返信

      管理者

35. Kam

    Thank you for this article. It is essential reading!

    If you have a host like Bluehost, is it essential to have backup with a plugin such as Updraft plus + remote storage? After all, hosting providers should be providing backup?

    返信

    • WPBeginner Support

      While some hosts offer backups, we still recommend creating your own backups for safety

      返信

      管理者

36. Kyle B.

    Changing the database prefix won’t make any difference. Other than that, not a bad article.

    返信

    • WPBeginner Support

      Thanks for sharing your opinion and glad you liked our article

      返信

      管理者

37. kalmoa

    just an FYI, with Nginx there is no directory-level configuration file like Apache’s .htaccess. All configuration has to be done at the server level by an administrator, and WordPress cannot modify the configuration, like it can with Apache. So the part about ‘Disable PHP File Execution’, cannot be completed by wordpress installs running on Nginx. That includes myself, who is running my wordpress install on Vultr. Their one-click wordpress install gets deployed on Nginx (ubuntu 18.04)

    返信

    • WPBeginner Support

      Thank you for sharing this for the users who specifically are using Nginx for their site.

      返信

      管理者

38. Tom

    What is the best method to update plugins if I have several that need updating? Update one at a time and see if the updated plugin breaks any of the functionality on the website?

    返信

    • WPBeginner Support

      If you are concerned an update would break your site, we would recommend testing the update by following our guide on how to create a staging environment below:
      https://www.wpbeginner.com/wp-tutorials/how-to-create-staging-environment-for-a-wordpress-site/

      返信

      管理者

39. Kartik Satija

    Amazing article, very well articulated and documented.
    Thank you all so much for this.
    More power to you guys, keep up the good work.

    Cheers,
    Kartik.

    返信

    • WPBeginner Support

      Glad you found our guide helpful

      返信

      管理者

40. MIMIFTAH

    Very Informative content. Thanks

    返信

    • WPBeginner Support

      You’re welcome

      返信

      管理者

41. Liz

    Great article. I have a question about the hardening options. I read that enabling hardening on all options can cause some plugins or the theme to break/not work properly. If this happens, how difficult is it to fix? It seems like there’s more to it than just reverting the hardening option. Any insight you could offer would be greatly appreciated. Thanks!

    返信

    • WPBeginner Support

      It would depend on the specific hardening recommendation, plugin, and error message for the difficulty should an error appear. Otherwise, most plugins shouldn’t have an issue

      返信

      管理者

42. Gary Starling

    Very helpful suggestions and well explained from the basic to the complex
    Thank you four your explanations

    返信

    • WPBeginner Support

      You’re welcome, glad our article could be helpful

      返信

      管理者

43. Andrei

    Hi guys,

    After the first user enumeration, brute force a security plugin will block that IP address.

    If you password protect the wp-admin directory the plugin can no longer block that IP.

    Is that a correct assessment?

    返信

    • WPBeginner Support

      Correct, there would be a similar load to a blocked IP but if you need many new users to access your site then limiting login attempts would be better than password protecting your wp-admin

      返信

      管理者

      • Andrei

        Ok, I finally understood how this works and sharing here for everyone. Password protecting wp-admin is done at the server (Apache/Nginx) level. If a user enumeration, brute force is unable to bypass the server level, it would not be able to touch PHP/MySQL. Thus, password protecting wp-admin does not put additional load on the database.

        返信

44. Peter

    Very informative and helpful, I have configured all the hardening procedure you mentioned, Thanks a lot.

    返信

    • WPBeginner Support

      You’re welcome, glad our guide was helpful

      返信

      管理者

45. Aqib khan

    i will always follow you.i will always love you and always share such a fresh and cool content to make us smile.Thank You.

    返信

    • WPBeginner Support

      Thank you, glad you’ve enjoyed our content

      返信

      管理者

46. mahmoud

    I love this site. you’re offering precious information.
    I’m a beginner and this is helpful.
    but can I only have a strong password and disable indexing to do the matter?
    what about all these plugins I think they will affect the site speed or this not installed on the site?

    返信

    • WPBeginner Support

      For your concern with plugins slowing down your site, you shouldn’t need to worry, we explain our reasoning behind this here: https://www.wpbeginner.com/opinion/how-many-wordpress-plugins-should-you-install-on-your-site/

      返信

      管理者

47. Krishna

    Hi WP Beginner Team,

    Thanks for such a brief explanation of WordPress security. This article was very useful and let know the value of wp security for the users and website owner.

    THANKS AGAIN…

    返信

    • WPBeginner Support

      You’re welcome, glad our article was helpful

      返信

      管理者

48. Kushal

    I used all plugin that you mentioned sucuri, itheams, wp serber and jetpack. How many plugin can I use on my website.

    返信

    • WPBeginner Support

      We would recommend sticking with only one plugin for a specific feature but for in general how many plugins to use you would want to take a look at our article here: https://www.wpbeginner.com/opinion/how-many-wordpress-plugins-should-you-install-on-your-site/

      返信

      管理者

49. Leighann

    This was SO helpful. Thanks for the information and saving me so much time!

    返信

    • WPBeginner Support

      You’re welcome, glad our guide could be helpful

      返信

      管理者

50. Dietrich

    Hi

    Is it okay to use Sucuri and Wordfence at the same time? I installed Wordfence since Sucuri’s free version doesn’t have a firewall feature.

    返信

    • WPBeginner Support

      We would not recommend using both, multiple security tools can conflict with each other and cause issues with your site.

      返信

      管理者