This is totally and completely unlike any other security plugin for WordPress.
这完全和完全不同于WordPress的任何其他安全插件。
They operate at the application-level by controlling or using PHP to stop attacks, this plugin works at the network-level BEFORE PHP, which is why this plugin is so darn effective.
他们通过控制或使用PHP阻止攻击在应用程序级别进行操作,此插件在PHP之前在网络级运行,这就是为什么此插件如此有效的原因。
This plugin is specifically designed to stop automated attackers attempts to exploit vulnerabilities on your blog that result in a hacked site.
该插件专门用于阻止自动攻击者企图利用您博客上的漏洞导致网站被黑客入侵。
The power of this plugin is that it creates a virtual wall — using builtin Apache Server security — around your blog allowing it to stop attacks before they even reach your blog to deliver a malicious payload.
此插件的功能是,使用内置的Apache Server安全性,在您的博客周围创建虚拟墙,从而使其能够在攻击到达您的博客之前发送恶意负载之前阻止攻击。
In addition this plugin also has the capability to block spam and other malicious requests with a resounding slap, saving CPU, Memory, and Database resources.
此外,此插件还具有以响亮的掌声阻止垃圾邮件和其他恶意请求的功能,从而节省了CPU,内存和数据库资源。
Choose a username and password to protect your entire /wp-admin/ folder and login page (or use my online htpasswd generator. Forbid common exploits and attack patterns with Mod_Security, Mod_Rewrite, Mod_Alias and Apache's tried-and-true Core Security features. Also uses the Perishable Press 5G Blacklist 2013.
nofollow“> htpasswd生成器。禁止使用Mod_Security,Mod_Rewrite,Mod_Alias和Apache可靠的核心安全功能进行常见的攻击和攻击模式,还使用了《易腐的5G黑名单2013》。
This plugin requires the worlds #1 web server, Apache, and web host support for .htaccess files.
此插件需要全球排名第一的Web服务器,Apache和Web主机对.htaccess文件的支持。
You can set up Password Protection for your blog using HTTP Basic Authentication, or you can choose to use the more secure HTTP Digest Authentication.
您可以使用HTTP基本身份验证为博客设置密码保护,也可以选择使用更安全的HTTP摘要身份验证。
Read the .htaccess Guide for more information.
有关详细信息,请阅读.htaccess指南。
Check out the 5G Blacklist 2013.
查看 5G黑名单2013 。
Has a user-contributed attack signature system modeled after the Snort Intrusion Detection and Prevention system, Nessus Vulnerability Scanner, and the Web Application Firewall ModSecurity.
具有一个以Snort入侵检测和防御系统,Nessus漏洞扫描程序和Web应用程序防火墙ModSecurity为模型的,由用户提供的攻击签名系统。
- http://www.modsecurity.org/
- http://www.modsecurity.org/
- http://snort.org/
- http://snort.org/
- http://www.nessus.orgessus/
- http://www.nessus.orgessus/
- http://httpd.apache.org/
- http://httpd.apache.org/
Of course no plugin would ever be able to stop real hacker intent on taking over your blog, if you are connected to the net on a public line, of course you can’t stop them.
当然,没有插件能够阻止真正的黑客意图接管您的博客,如果您是通过公共线路连接到网络的,那么您当然不能阻止他们。
The people who are attacking the blogosphere are for the most part just playing.
攻击Blog圈的人大部分只是在玩游戏。
They “hack” code that “exploits” a “vulnerabiliity” in some open-source software like phpBB or WordPress.
他们“破解”在phpBB或WordPress等开源软件中“利用”“漏洞”的代码。
Those people actually help the community of open source software like WordPress by finding security issues and bringing them to light.. So who is this plugin built to stop?
那些人实际上通过发现安全问题并将其暴露出来,从而为WordPress之类的开源软件社区提供了帮助。那么,这个插件旨在阻止谁?
It’s built to stop the people who are trying all the time to maliciously crack into YOUR average blog.
它的目的是阻止那些一直试图恶意侵入您普通博客的人们。
Why would someone want to hack an AVERAGE blog like mine or yours?
为什么有人想入侵像我或您的AVERAGE博客?
Well the answer is that its not an actual group, entity, or person who is going to try hacking into your blog.
很好的答案是,它不是试图入侵您的博客的实际团体,实体或个人。
Its an army of robots.. and they will never stop the attack.
它是一支由机器人组成的军队,他们将永远不会停止攻击。
So how do these robots attack us?
那么这些机器人如何攻击我们?
What is their ammo?
他们的弹药是什么?
Their ammo is very specific knowledge of exploiting security holes in very specific software to “crack” your blog.
他们的弹药是非常具体的知识,它们可以利用非常特定的软件中的安全漏洞来“破解”您的博客。
Vulnerabilities are discovered all the time, mostly small ones, but those vulnerabiilties that are dangerous to those of us running WordPress 2.5 are LETHAL to those of us running 2.1.. just absolutely deadly.
漏洞一直被发现,大多数都是小漏洞,但是那些对运行WordPress 2.5的人来说很危险的漏洞对我们2.1 ..的人来说是致命的。
So These robots are programmed to do one thing and one thing only, try the exact same exploit that would work against 2.3 against every computer on the internet, as fast as they can and as anonymously as they can.. terrorizing the networks with these non
因此,这些机器人被编程为只能做一件事,只能做一件事,对Internet上的每台计算机尝试完全相同的攻击,使其能够针对2.3进行攻击,并且要尽可能快并且匿名。
-stop requests and slowing down the whole internet, which hopefully will start getting faster as more people use this plugin.
-停止请求并减慢整个互联网的速度,随着更多人使用此插件,希望这会开始变得更快。
Robots have no choice but to leave my servers alone.
机器人别无选择,只能不理我的服务器。
They understand what a 403 Forbidden means, to them it means take me off your list, the exploit I’m carrying is not compatible.
他们了解403 Forbidden的含义,对他们而言,这意味着将我从您的列表中删除,我所携带的漏洞利用程序不兼容。
But once again, this will not stop a hacker, this will stop 99.9% of the same bots that “hacked” 99.9% of the blogs.
但是,这不会再次阻止黑客,这将阻止“黑客” 99.9%博客的同一机器人的99.9%。
https://www.askapache.com/htaccess/mod_security-htaccess-tricks/
https://www.askapache.com/htaccess/mod_security-htaccess-tricks/
