AI助手支持GPT4.0
In August 2013, a new Web Vulnerability has been released, in some words : “HTTPS can be hacked in 30 seconds”.
2013年8月,发布了一个新的Web漏洞,即:“ HTTPS可以在30秒内被黑客入侵”。 p>
If you’re using the HTTPS (TSL or SSL) at any level (admin, front, event for 1 page) you HAVE to protect your site against this flaw now.
如果您在任何级别(管理员,首页,事件发生在1页上)都使用HTTPS(TSL或SSL),则必须立即保护您的网站不受此漏洞的侵害。 p>
How ?
如何?
Just install this free plugin!
只需安装此免费插件! p>
ol>
You can (and i encourage you to do it) define 2 constant in wp-config.php file :
您可以(并且我鼓励您这样做)在wp-config.php文件中定义2常量: p>
BBA_REPEATER : used by this plugin to add a new secret srting in each nonces (e number used once to create a secure token and avoid CSRF flaws), default is 2, min is 1, no max, just change it.<
BBA_REPEATER:此插件用于在每个随机数中添加新的秘密存储(该数字一次用于创建安全令牌并避免CSRF漏洞),默认值为2,最小值为1,无最大值,只需对其进行更改。
/p>
/ p>
BBA_NONCE_LENGTH : From 4 to 32 with 10 for default value, you can modify the length the each nonces in WordPress, the longer, the better
BBA_NONCE_LENGTH:从4到32,默认值为10,您可以修改WordPress中每个随机数的长度,时间越长越好 p>
Also, WordPress includes a “nonce_life” filter hook.
此外,WordPress还包含一个“ nonce_life”过滤器挂钩。
Its default value is 1 day, i suggest you to low this value, like 12 hours or 6 hours (DAY_IN_SECONDS /2 or /4)
其默认值为1天,我建议您降低此值,例如12小时或6小时(DAY_IN_SECONDS / 2或/ 4) p>
原文出处:http://www.sanshu.cn/a/4018.html
群主管理都是支付大佬