👋🏼Welcome to my WP-Host blog where I am excited to share my knowledge and expertise on WordPress hosting and website construction tutorials with you. Let’s connect and learn from each other! You can reach me at info@yrshare.com.
(如果你会中文,可以点击微信图标与我联系。)
注:因个人英文水平有限,所以暂时只能为懂中文的朋友提供wordpress建站服务
微信:18200592859 或 yrwordpress
限制用户登陆次数,保护你的wordpress网站(3种方法) :本文是一个简单实用的wordpress教程,主要给大家分享如果保护wordpress网站登陆安全,通过限制登陆次数的方法来防止别人无限次的尝试登陆你的网站,分享了3个实现方法,总有一个适合你。
【WP-Host/悦然wordpress建站】
Keep sharing wordpress tutorials. Website security is one of the issues we must pay attention to. There are many website background login systems that allow you to enter passwords unlimited times, so in theory, as long as you keep trying, hackers may crack your website passwords, thus affecting your age.
Carrying out illegal operations will have serious consequences.
So what to do? Next【WP-Host/悦然wordpress建站】will share with you the method of limiting the number of user logins.
We can add the following code to the functions.php file of the current wordpress website building theme to achieve the effect of limiting the number of user logins:
/*-----------------------------------------------------------------------------------*/
/* Limit the number of user logins to protect your wordpress website
/*-----------------------------------------------------------------------------------*/
# 阻止登录的函数,直接 404
function block_login() {header("HTTP/1.1 404 Not Found");header("Status: 404 Not Found");exit;}
# 登录前判断登陆的失败次数
add_action("login_head",function () {
$login_ip = $_SERVER['REMOTE_ADDR'];
$login_ip_list = unserialize(get_option("LOGIN_IP_LIST"));
# 登录失败超过2次就进行阻止登陆
if($login_ip_list && ($login_ip_list[$login_ip] > 2)) {block_login();}});
# 登录失败的处理
add_action('login_errors', function ($info) {
$login_ip = $_SERVER['REMOTE_ADDR'];
$login_ip_list = get_option("LOGIN_IP_LIST");
if($login_ip_list) {$login_ip_list = unserialize($login_ip_list);} else {$login_ip_list = array();}
# 登录次数 + 1
$login_ip_list[$login_ip] += 1;
update_option('LOGIN_IP_LIST', serialize($login_ip_list));
# 提示登录失败的次数
return "$login_ip 登陆次数 " . $login_ip_list[$login_ip];});
# 证明已经登录成功了
add_action("admin_menu", function () {
$login_ip = $_SERVER['REMOTE_ADDR'];
$login_ip_list = unserialize(get_option("LOGIN_IP_LIST"));
$login_ip_list[$login_ip] = 0;
update_option('LOGIN_IP_LIST', serialize($login_ip_list));});The above code can limit the number of logins according to the IP. The default is to limit the number of logins if it exceeds 2 times. You can also modify the value according to the actual situation. The Chinese notes inside can be modified or deleted.
Adding code to the functions.php file may be affected by updating the theme or updating the theme. 【WP-Host/悦然wordpress建站】recommends that you use the Code Snippets plugin instead of the functions.php file.
Code Snippets
https://wordpress.org/plugins/code-snippets/
In addition to usage and code, we can also use wordpress plugins to limit the number of user logins. The wordpress plugin recommended here is Limit Login Attempts Reloaded.
Limit Login Attempts Reloaded
https://wordpress.org/plugins/limit-login-attempts-reloaded/
The Limit Login Attempts Reloaded plugin can be downloaded in the plugin center, or can be downloaded and installed through the link above.
After the plug-in is installed and enabled, you only need to make simple settings, and then save it to take effect.
If you are using a Site Ground hosting, you can directly use their wordpress security plug-in SiteGround Security, which is usually provided with the host. You only need to install wordpress in the background of the Site Ground hosting with one click, and it will be installed automatically.
Then you go directly to configure and use it.
The above is today’s wordpress tutorial. I hope everyone can pay attention to website security issues. In addition to limiting the number of user logins, we can further improve website security performance through firewalls and other methods.
继续分享wordpress教程。网站安全是我们必须要重视的问题之一,有很多网站后台登陆系统都是可以无限次输入密码的,所以理论上只要不断的尝试,黑客就有可能破解你的网站密码,从而对你的岁进行一下非法操作,后果严重。
那要怎么办呢?接下来【WP-Host/悦然wordpress建站】给大家分享限制用户登陆次数的方法。
我们可以在当前wordpress建站主题的functions.php文件中添加以下代码来实现限制用户登陆次数的效果:
/*-----------------------------------------------------------------------------------*/
/* Limit the number of user logins to protect your wordpress website
/*-----------------------------------------------------------------------------------*/
# 阻止登录的函数,直接 404
function block_login() {header("HTTP/1.1 404 Not Found");header("Status: 404 Not Found");exit;}
# 登录前判断登陆的失败次数
add_action("login_head",function () {
$login_ip = $_SERVER['REMOTE_ADDR'];
$login_ip_list = unserialize(get_option("LOGIN_IP_LIST"));
# 登录失败超过2次就进行阻止登陆
if($login_ip_list && ($login_ip_list[$login_ip] > 2)) {block_login();}});
# 登录失败的处理
add_action('login_errors', function ($info) {
$login_ip = $_SERVER['REMOTE_ADDR'];
$login_ip_list = get_option("LOGIN_IP_LIST");
if($login_ip_list) {$login_ip_list = unserialize($login_ip_list);} else {$login_ip_list = array();}
# 登录次数 + 1
$login_ip_list[$login_ip] += 1;
update_option('LOGIN_IP_LIST', serialize($login_ip_list));
# 提示登录失败的次数
return "$login_ip 登陆次数 " . $login_ip_list[$login_ip];});
# 证明已经登录成功了
add_action("admin_menu", function () {
$login_ip = $_SERVER['REMOTE_ADDR'];
$login_ip_list = unserialize(get_option("LOGIN_IP_LIST"));
$login_ip_list[$login_ip] = 0;
update_option('LOGIN_IP_LIST', serialize($login_ip_list));});以上代码可以根据IP来限制登陆次数,默认是超过2次就限制登陆,你也可以根据实际情况修改数值。
使用把代码添加到functions.php文件中可能会受更新主题或更新主题的影响,【WP-Host/悦然wordpress建站】推荐大家使用Code Snippets插件代替functions.php文件。
Code Snippets
https://wordpress.org/plugins/code-snippets/
除了使用和代码,我们还可以使用wordpress插件来限制用户登陆次数,这里推荐的wordpress插件是Limit Login Attempts Reloaded。
Limit Login Attempts Reloaded
https://wordpress.org/plugins/limit-login-attempts-reloaded/
Limit Login Attempts Reloaded插件可以在插件中心下载,也可以通过上面的链接下载安装。
插件安装启用之后只需要进行简单的设置,然后保存就可以生效了。
如果你使用了是SiteGround主机,那么可以直接使用他们提供wordpress安全插件SiteGround Security,这个插件一般是随主机一起提供的,你只需要在SiteGround主机后台一键安装wordpress,它会自动安装,然后你直接去配置使用就可以了。
以上就是今天的wordpress教程,希望大家能够重视网站安全问题,除了限制用户登陆数次,我们还可以通过防火墙等方式进一步提升网站安全性能。
