|
|
They can do a lot of damage. They can make your website infest other people with malware (which could end with your site getting put on Google’s blacklist and deindexed from search engines), deface your website, or easily open up backdoors.
How to fix it:
You can either add this line of code to your wp-config.php file:
define( 'DISALLOW_FILE_EDIT', true );
Or use a security plugin to do it for you (that will basically only insert that line of code for you). The only problem is that there are plugins Country Email List that allow people to turn this ability on and off, so a very dedicated hacker might be able to install a plugin, turn the plugin on, and then gain access to editing code without FTP access.
If you want to be extremely thorough and protect against this, you can disable all plugin and theme updates/installation by adding this line of code to wp-config.php.
But obviously this would mean you would have to change it’s value to false every time you wanted to update or install a plugin or theme (we don’t really recommend this option, since keeping themes and plugins up to date is one of the best ways to ensure your site is less vulnerable).
WordPress Has Very Open Firewall Settings That Can Allow Even Known
The default firewall settings of WordPress are actually on the liberal side. This means that some untoward bots and other unwanted visitors get a green light.
|
|
發表於 2024-1-29 11:36:19