wp-login.php登录文件被攻击的处理方法

导语:或许有一些无聊的人会出于某种目的而攻击你的网站,所以学一点防范知识很重要,这篇防范文章来自大胡子的博客,大家一起来学习一下。

wp-login.php文件被攻击的处理方法

大胡子在分析日志文件后,发现攻击者主要是攻击wp-login.php文件,那么他做了以下处理:

修改wp-login.php文件名

修改网站根目录下的wp-login.php文件名为wp-dahuzi.php(或者其他名字,你喜欢就好),将该文件中出现的wp-login.php全部改为wp-dahuzi.php。

然后打开wp-includes/目录下的general-template.php文件,把文件中的wp-login.php替换为wp-dahuzi.php。

完成修改后覆盖原文件保存!

这样WordPress的默认登录地址将不存在(wp-login.php),攻击wp-login.php也就没有任何作用。

以后登录后台要使用自己修改的地址登录。例如:https://www.wordpressleaf.com/wp-dahuzi.php。

原文地址

结束

当然,叶子开发的主题有一个选项设置,隐藏后台登录地址,大家也可以试一试,这个功能也很有趣。


Warning: copy(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /opt/lampp/htdocs/wordpresssummer/wp-content/themes/summerleaf/inc/summer_setting.php on line 546

Warning: copy(): Failed to enable crypto in /opt/lampp/htdocs/wordpresssummer/wp-content/themes/summerleaf/inc/summer_setting.php on line 546

Warning: copy(https://www.wordpressleaf.com/wp-content/themes/summerleaf/images/tx/84.png): failed to open stream: operation failed in /opt/lampp/htdocs/wordpresssummer/wp-content/themes/summerleaf/inc/summer_setting.php on line 546

目前在“wp-login.php登录文件被攻击的处理方法”上有一条评论


  1. Warning: copy(): SSL operation failed with code 1. OpenSSL Error messages: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed in /opt/lampp/htdocs/wordpresssummer/wp-content/themes/summerleaf/inc/summer_setting.php on line 546

    Warning: copy(): Failed to enable crypto in /opt/lampp/htdocs/wordpresssummer/wp-content/themes/summerleaf/inc/summer_setting.php on line 546

    Warning: copy(https://www.wordpressleaf.com/wp-content/themes/summerleaf/images/tx/94.png): failed to open stream: operation failed in /opt/lampp/htdocs/wordpresssummer/wp-content/themes/summerleaf/inc/summer_setting.php on line 546
    王英俊说道:

    但是输入login仍然会调转新改的文件

发表评论

邮箱地址不会被公开。 必填项已用*标注