Abaphandi bokhuseleko abavela kwi-Wordfence kunye ne-WebARX bachonge ubuthathaka obuninzi obunobungozi kwiiplagi ezintlanu zenkqubo yolawulo lomxholo wewebhu ye-WordPress, iphelele ngaphezu kwesigidi sofakelo.
- kwi-plugin , enofakelo olungaphezulu kwamawaka angama-700. Lo mba uhlelwe kwiNqanaba lokuNgqobhoka kwe-9 kwi-10 (CVSS). Ubuthathaka buvumela umsebenzisi oqinisekisiweyo onamalungelo obhalisile ukuba acime okanye afihle (ukutshintsha isimo kwidrafti engapapashwa) naliphi na iphepha lesayithi, kunye nokubeka umxholo wabo endaweni yamaphepha.
Ukuba sesichengeni ekukhutshweni 1.8.3. - kwi-plugin , inani elingaphezulu kwama-200 amawaka ofakelo (ukuhlaselwa kwangempela kwiisayithi kwabhalwa, emva kokuqala kwayo kunye nokubonakala kwedatha malunga nobuthathaka, inani lofakelo sele linciphile ukuya kwi-100 lamawaka). Ukuba sesichengeni kuvumela umtyeleli ongagunyaziswanga ukuba acoce imixholo yogcino-lwazi lwesayithi kwaye lusete ngokutsha uvimba weenkcukacha kwimo yofakelo olutsha. Ukuba kukho umsebenzisi ogama lingu admin kwisiseko sedatha, ngoko ke ukuba sesichengeni kukuvumela ukuba ufumane ulawulo olupheleleyo kwisiza. Ukuba semngciphekweni kubangelwa kukusilela ekuqinisekiseni ukuba umsebenzisi uzama ukukhupha imiyalelo enelungelo nge-/wp-admin/admin-ajax.php script. Ingxaki ilungiswe kwinguqulo 1.6.2.
- kwi-plugin , esetyenziswa kwiindawo ezingamawaka angama-44. Umba unikezwe inqanaba lobunzima be-9.8 kwi-10. Ubuthathaka buvumela umsebenzisi ongagunyaziswanga ukuba enze ikhowudi yakhe ye-PHP kwiseva kwaye athathe indawo ye-akhawunti yomlawuli wesayithi ngokuthumela isicelo esikhethekileyo nge-REST-API.
Iimeko zokuxhaphazwa kobuthathaka sele zirekhodwe kwinethiwekhi, kodwa uhlaziyo olunokulungiswa alukabikho. Abasebenzisi bayacetyiswa ukuba bayisuse le plugin ngokukhawuleza. - kwi-plugin , inani lofakelo lwamawaka angama-60. Umba unikwe inqanaba lobunzima be-8.8 kwi-10. Ubuthathaka buvumela nayiphi na indwendwe eqinisekisiweyo, kubandakanywa nalabo abanamalungelo obhaliso, ukunyusa amalungelo abo kumlawuli wesayithi okanye ukufumana ukufikelela kwipaneli yokulawula ye-wpCentral. Ingxaki ilungiswe kwinguqulo 1.5.1.
- kwi-plugin , malunga nofakelo lwamawaka angama-65. Umba unikwe inqanaba lobunzima be-10 kwi-10. Ubuthathaka buvumela umsebenzisi ongagunyaziswanga ukuba enze i-akhawunti ngamalungelo omlawuli (i-plugin ikuvumela ukuba wenze iifom zobhaliso kwaye umsebenzisi unokudlula nje intsimi eyongezelelweyo kunye nendima yomsebenzisi, ukwabela inqanaba lomlawuli). Ingxaki ilungiswe kwinguqulo 3.1.1.
Ukongeza, kunokuqatshelwa uthungelwano lokuhambisa iiplagi zeTrojan kunye nemixholo yeWordPress. Abahlaseli babeke iikopi ezihlawulweyo zeeplagi ezihlawulweyo kwiindawo ezingeyonyani, bedityaniswe ngaphambili i-backdoor kubo ukuze bafumane ukufikelela okude kunye nokukhuphela imiyalelo kwiseva yolawulo. Yakuba ivuliwe, ikhowudi ekhohlakeleyo yayisetyenziselwa ukufaka intengiso ekhohlakeleyo okanye ekhohlisayo (umzekelo, izilumkiso malunga nesidingo sokufaka i-antivirus okanye ukuhlaziya i-browser yakho), kunye nokuphucula injini yokukhangela ukukhuthaza iisayithi ezisasaza iiplagi ezinobungozi. Ngokutsho kwedatha yokuqala, ngaphezu kwe-20 amawaka amaziko aye aphazamiseka ngokusebenzisa ezi plugins. Phakathi kwamaxhoba kwakukho iqonga lokumbiwa kwemigodi, inkampani yokurhweba, ibhanki, iinkampani ezininzi ezinkulu, umphuhlisi wezisombululo zeentlawulo usebenzisa amakhadi okuthenga ngetyala, iinkampani ze-IT, njl.
umthombo: opennet.ru