Pluginy, návody, tipy, triky a šablony pro WordPress
**Really Simple SSL**
„https://wordpress.org/plugins/really-simple-ssl/“:https://wordpress.org/plugins/really-simple-ssl/
The really simple ssl plugin automatically detects your settings and configures your website. To keep it lightweight, the options are kept to a minimum. The entire site will move to SSL.
Three simple steps for setup:
– Get an SSL certificate
– Activate this plugin
– Enable SSL with one click
Jak možná víte Google prohlásil, že jedním z faktorů pozice webu ve výsledcích vyhledání bude i to, zda běží nebo neběží na HTTPS. Další výhodou využití SSL je určitě větší důvěryhodnost webu. HTTPS (Hypertext Transfer Protocol Secure) je v informatice nadstavba síťového protokolu HTTP, která umožňuje zabezpečit spojení mezi webovým prohlížečem a webovým serverem před odposloucháváním, podvržením […]
BruteProtect je plugin, který vás přidá do společné sítě 120 000 stránek a pomůže vám s obranou proti útoku hrubou silou (brute force attack). Útok hrubou silou se často používá pro uhádnutí dvojice uživatel a heslo. Je možné používat náhodná (resp. generická) přihlašovací jména a hesla při pokusech o autentizaci, případně možné varianty omezit. Například získat seznam […]
XML-RPC is a Remote Procedure Call (RPC) protocol which uses XML to encode its calls and HTTP as a transport mechanism. XML-RPC is used to do something remotely to your blog such as posting, viewing comments, etc.
By default, WordPress enables XML-RPC automatically!
**Disable XML-RPC Pingback**
„https://wordpress.org/plugins/disable-xml-rpc-pingback/“:https://wordpress.org/plugins/disable-xml-rpc-pingback/
This is more friendly than disabling totally XML-RPC, that it’s needed by some plugins and apps (I.e. Mobile apps or some Jetpack’s modules).
Vypnutí pingbacků ve functions.php (totéž jako výše uvedený plugin)
/—code php
function remove_xmlrpc_pingback_ping( $methods ) {
unset( $methods[‚pingback.ping‘] );
return $methods;
}
add_filter( ‚xmlrpc_methods‘, ‚remove_xmlrpc_pingback_ping‘ );
\—
**How to disable XML-RPC manually:**
1) turn off XML-RPC in functions.php
/—code php
add_filter(‚xmlrpc_enabled‘, ‚__return_false‘);
\—
2) hide xmlrpc.php in HTTP response headers in functions.php
/—code php
function disable_x_pingback($headers)
{
unset( $headers[‚X-Pingback‘] );
return $headers;
}
add_filter(‚wp_headers‘, ‚disable_x_pingback‘);
\—
3) deny request to xmlrpc.php in .htaccess
/—code php
RedirectMatch 403 /xmlrpc.php
\—
or
/—code php
Order Deny,Allow
Deny from all
\—
„Zdroj »“:http://www.deluxeblogtips.com/2013/08/disable-xml-rpc-wordpress.html
**CryptX**
„http://wordpress.org/plugins/cryptx/“:http://wordpress.org/plugins/cryptx/
No more SPAM by spiders scanning you site for email adresses. With CryptX you can hide all your email adresses, with and without a mailto-link, by converting them using javascript or UNICODE. You can choose to add a mailto-link to all unlinked email adresses with only one klick at the settings.
*
There is also a core WordPress function for it: antispambot().
The usage of the function is pretty simple:
/—code php
\—
But you can’t use PHP in your content (unless you’re using a plugin for that purpose). To use this function in your content, you can utilize a cool little shortcode like the one below. By using the shortcode above, you can cloak email addresses anywhere in your posts.
/—code php
“
), $atts ) );
return antispambot( $email );
}
add_shortcode( ‚antispambot‘, ‚antispambot_sc‘ );
// Usage: [antispambot email=“my.cloaked.email.address@gmail.com“]
?>
\—
*
případně
/—code php
function cwc_mail_shortcode( $atts , $content=null ) {
for ($i = 0; $i < strlen($content); $i++) $encodedmail .= "&#" . ord($content[$i]) . ';';
return '‚.$encodedmail.‘‚;
}
add_shortcode(‚mailto‘, ‚cwc_mail_shortcode‘);
\—
Použití shortcode:
[mailto]email@yourdomain.com[/mailto]
v .htaccess:
/—code php
order deny,allow
deny from all
allow from 192.168.1.1
\—
a naopak zákaz pro konkrétní adresu
/—code php
order allow,deny
deny from 192.168.0.1
allow from all
\—
Před rokem, dne 27. 5. 2010, jsem do repozitáře WordPressu nahrál první verzi svého pluginu Spammer Blocker. SB byl již třetím pluginem v pořadí, na kterém jsem tehdy pracoval a tříbil si své znalosti PHP. Na rozdíl od mých prvních dvou pluginů, jejichž vývoj jsem dávno pozastavil (Validation Helper a Extra Security), se Spammer Blocker […]
– „Sucuri Security“:https://wordpress.org/plugins/sucuri-scanner/
– „BulletProof Security“:http://wordpress.org/extend/plugins/bulletproof-security/
– „ServerBuddy“:http://pluginbuddy.com/serverbuddy-check-hosting-quality-security-issues-more/
– „AntiVirus“:http://wordpress.org/extend/plugins/antivirus/
– „Exploit Scanner“:http://wordpress.org/extend/plugins/exploit-scanner/
– „Health Check“:http://wordpress.org/extend/plugins/health-check/
– „Secure WordPress“:http://wordpress.org/extend/plugins/secure-wordpress/
– „TAC (Theme Authenticity Checker)“:http://wordpress.org/extend/plugins/tac/
– „Theme Check“:http://wordpress.org/extend/plugins/theme-check/
– „Ultimate Security Check“:http://wordpress.org/extend/plugins/ultimate-security-check/
– „WordPress File Monitor“:http://wordpress.org/extend/plugins/wordpress-file-monitor/
– „WP Security Scan“:http://wordpress.org/extend/plugins/wp-security-scan/
– „WP-ServerInfo“:http://wordpress.org/extend/plugins/wp-serverinfo/
Zdroj: „WordPress Theme Malware Prevention and Protection“:http://wordcastnet.com/news/2010/12/11/wordpress-theme-malware-prevention-and-protection.html
„Aktualizace hashtagů“:https://github.com/philipjohn/exploit-scanner-hashes pro plugin *Exploit Scanner* a „jak je implementovat“:http://west-penwith.org.uk/blog/archives/2100.
Související článek: „Anatomy of a Theme Malware“:http://ottopress.com/2010/anatomy-of-a-theme-malware/
„Ottův dekodér enkryptovaného textu“:http://ottodestruct.com/decoder.php a „ještě jeden podobný“:http://ottodestruct.com/decoder2.php od stejného autora.
**Bad Behavior**
„http://wordpress.org/extend/plugins/bad-behavior/“:http://wordpress.org/extend/plugins/bad-behavior/
Bad Behavior complements other link spam solutions by acting as a gatekeeper, preventing spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. This keeps your site’s load down, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.
Bad Behavior also transcends other link spam solutions by working in a completely different, unique way. Instead of merely looking at the content of potential spam, Bad Behavior analyzes the delivery method as well as the software the spammer is using. In this way, Bad Behavior can stop spam attacks even when nobody has ever seen the particular spam before.
Bad Behavior is designed to work alongside existing spam prevention services to increase their effectiveness and efficiency. Whenever possible, you should run it in combination with a more traditional spam prevention service.
Bad Behavior works on, or can be adapted to, virtually any PHP-based Web software package. Bad Behavior is available natively for WordPress, MediaWiki, Drupal, ExpressionEngine, and LifeType, and people have successfully made it work with Movable Type, phpBB, and many other packages.
**Inpsyde AntiSpam**
„http://wordpress.org/extend/plugins/js-antispam/“:http://wordpress.org/extend/plugins/js-antispam/
Simple antispam solution. Scrambles a word and pieces it together automatically via JavaScript. Users with JavaScript enabled won’t notice anything. Those who have JavaScript disabled have to type the word into a textfield. This plugin won’t help against a targeted spam attack but should prevent a lot of random spam.
No remote service needed. Does not send or retrieve data from third party services.
**Ochrana mediálních souborů (obrázků apod.) proti komentářovému spamu**
Globální zákaz komentářů se překvapivě netýká mediálních souborů. Řešení je jednoduché:
/—code php
add_filter( ‚comments_open‘, ‚noMediaComments‘, 10, 2 );
function noMediaComments( $open, $post_id ) {
$post = get_post( $post_id );
if ( ‚attachment‘ == $post->post_type )
$open = false;
return $open;
}
?>
code
\—
„Zdroj »“:http://blog.futtta.be/2012/07/10/stopping-wordpress-media-attachments-comment-spam/
Tipy „sitepoint.com“:http://www.sitepoint.com/wordpress-security/ pro zabezpečení WordPressu.
**iThemes Security (formerly Better WP Security)**
„http://wordpress.org/extend/plugins/better-wp-security/“:http://wordpress.org/extend/plugins/better-wp-security/
iThemes Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.
„A Guide on Using the iThemes Security Plugin »“:http://code.tutsplus.com/tutorials/a-guide-on-using-the-ithemes-security-plugin–cms-20892
„iThemes Security Tutorial for WordPress »“:http://www.anphira.com/web-design/ithemes-security-tutorial/
*Alternativy*
**Secure WordPress**
„http://wordpress.org/extend/plugins/secure-wordpress/“:http://wordpress.org/extend/plugins/secure-wordpress/
„http://www.sitesecuritymonitor.com/secure-wordpress-plugin“:http://www.sitesecuritymonitor.com/secure-wordpress-plugin
Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
1. removes error-information on login-page
2. adds index.php plugin-directory (virtual)
3. removes the wp-version, except in admin-area
4. removes Really Simple Discovery
5. removes Windows Live Writer
6. remove core update information for non-admins
7. remove plugin-update information for non-admins
8. remove theme-update informationfor non-admins (only WP 2.8 and higher)
9. hide wp-version in backend-dashboard for non-admins
10. Add string for use WP Scanner
11. Block bad queries
12. Validate your site with a free malware and vulnerabilities scan with SiteSecurityMonitor.com
**Wordfence Security**
„http://wordpress.org/extend/plugins/wordfence/“:http://wordpress.org/extend/plugins/wordfence/
Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.
Wordfence is now Multi-Site compatible.
