网络安全始终是一个很热的话题。每天都有网站在受到攻击,不论你是一个很受欢迎的大网站,还是一个个人的小网站,都有受到攻击而宕机的可能。越受欢迎,那么你的站点就越容易遭受到攻击。
Wordpress的网站往往容易受到黑客的攻击,因为Wordpress比广泛的使用而且是相对比较缺乏安全性的。
作为一名小站长,虽然站点被黑客攻击不会造成非常大的损失。但是如果频繁被黑客光顾,一弄就把首页换了,还大大方方留个名字,一定会让你心情很烦躁。在一番搜索之后选择了插件Better WP Security。
Better WP Security 插件是一个强大的工具,它可以帮助你解决博客上的数据问题。你可以通过这个插件来限制一些特定的IP,禁止机器人和ip地址登录到你的后台,并且可以检查安全。该插件同时提供安全问题修补程序,但你在进行打补丁的时候,要记得先备份数据库和文件一次,以防万一。
然而,插件设置Better WP Security后无法登录WordPress,总是跳转到404页面not found,百度很久毫无头绪,在插件支持论坛找到临时解决方法如下:
(1)gxgl提供
在wp-config.php设置define( ‘BWPS_AWAY_MODE’, false );
I had same problem and I have found this
define( ‘DISALLOW_FILE_EDIT’, true );
define( ‘BWPS_AWAY_MODE’, true );
define( ‘BWPS_FILECHECK’, true );
at the top of wp-config.php
After I set
define( ‘BWPS_AWAY_MODE’, false );
I was able to access the admin side.
Also I have deactivated this function from plugin options.
(2)由Peter提供
进入.htaccess,找到RewriteRule 即前面加#号:# RewriteRule ^.*wp-admin/?|^.*wp-login\.php /not_found [R,L]
You need to look into your .htaccess file
lines like
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/wp-admin
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/wp-login\.php
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/HIDDENBACKEND1
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/HIDDENBACKEND2
RewriteCond %{HTTP_REFERER} !^(.*)yourblogadress/HIDDENBACKEND3
RewriteRule ^.*wp-admin/?|^.*wp-login\.php /not_found [R,L]
Then you can see how the rewrite is done if you forgot it.
Or you remove the lines/setting a comment # to make it invalid.
Attention: WPSec. might have set .htaccess to read-only.
(3)由Handoko提供
Hello, I ever had bad experiences with this plugin that caused me not able to login. Here are somethings you may try:
First, and the very first make necessary backup of your important files.
首先,备份必须的重要文件。
You can use your FTP program or cPanel File Manager to do it. What to backup? Here are the important files:
– .htccess on the root of your website folder
– Entire folder of the plugin wp-content/plugins/better-wp-security
– Entire folder of your website
– The database of the website using cPanel phpMyAdmin
To backup all files in a folder, it will be easier if you compress the entire folder.
Now, things you can try to retrieve your login:
1. Try to delete (or rename) the .htaccess file. If you still unable to login, you should restore it from the backup. But if you can login, it means there are somethings wrong in the file. You need to examine and edit the file (restored from your backup), pay attention of the texts between these lines:
# BEGIN Better WP Security
# END Better WP Security
1、尝试删除或重命名.htaccess,如果你仍然无法登录,你可以从备份恢复它。但是如果你能够登录说明此文件有错误。你需要检查并编辑此文件。注意这两行之间的文本。
# BEGIN Better WP Security
# END Better WP Security
2. You may also try to use .htaccess file from your other WordPress website that is working correctly. You should not try it if one of the website has WordPress multisite enabled.
3. If you still have no luck, you may try to delete the entire folder of the plugin wp-content/plugins/better-wp-security. You can even combine this option with option no. 1.
If you managed to login to your admin area. You may need to reinstall the plugin (or perhaps uninstall if you not wish to use it). This reinstallation is neccessary to make sure the plugin won’t left unused data on your website (database). Once if you’re sure your website is working correctly, you should do backup immediately.
These above are based on my experiences, I can’t guarantee success. Try it on your own risk. Hope it helps.
参考:
Gain access to your dashboard. Please read:进入你的仪表盘,请点击 文章链接
You deleted the plugin, but some configuration settings may still in your database. Here has information how to delete the data in database:如果你删除了插件,但是一些配置设置可能仍然在你的数据库中,点击这里告诉你如何删除数据库中的数据。
To avoid future self locking, read here:避免以后自身锁定,点击这里