{"id":2751,"date":"2020-08-02T07:06:27","date_gmt":"2020-08-01T22:06:27","guid":{"rendered":"https:\/\/hanami-web.tokyo.jp\/blog\/?p=2751"},"modified":"2022-09-17T05:52:40","modified_gmt":"2022-09-16T20:52:40","slug":"security2","status":"publish","type":"post","link":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/","title":{"rendered":"5 security measures that a WordPress teacher seriously considered"},"content":{"rendered":"<p>A WordPress expert will carefully explain how to set up possible security measures for WordPress!<\/p>\n\n\n\n<p>Recently, more and more businesses are moving online.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Advance reservation before visiting<\/li><li>Takeout advance reservation<\/li><li>Online shop<\/li><li>An online salon that delivers member-only content<\/li><\/ul>\n\n\n\n<p>I feel that there are more opportunities to collect member information rather than simply running a website with WordPress.<\/p>\n\n\n\n<p>We will introduce the minimum security measures you should take to prevent information leaks or malicious files from being embedded in your system after an attack.<\/p>\n\n\n\n<p>The following article introduces some actual cases of fraud.<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-hanami-web-wordpress-blog\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"fSaLUNd9WF\"><a href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-running\/security-case\/wordpress-falsification\/\">[Thinking about WordPress security] Actual case of tampering \u2460<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"\u201c\u3010Thinking about WordPress security\u3011Actual cases of tampering\u2460\u201d \u2014 How to create a homepage using WordPress\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/website-running\/security-case\/wordpress-falsification\/embed\/#?secret=F43l9adHvb#?secret=fSaLUNd9WF\" data-secret=\"fSaLUNd9WF\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">table of contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #000000;color:#000000\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewbox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #000000;color:#000000\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewbox=\"0 0 24 24\" version=\"1.2\" baseprofile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%81%aa%e3%81%9cwordpress%e3%81%a7%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e5%af%be%e7%ad%96%e3%81%af%e5%bf%85%e8%a6%81%e3%81%aa%e3%81%ae%e3%81%8b%ef%bc%9f\" >Why is security necessary for WordPress?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#wordpress%e3%81%ae%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%97%e3%83%a9%e9%8a%80site_guard%e3%82%92%e3%82%a4%e3%83%b3%e3%82%b9%e3%83%88%e3%83%bc%e3%83%ab\" >Install WordPress security plugin Site Guard<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%ef%bc%91%ef%bc%8e%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3url%e3%82%92%e5%a4%89%e6%9b%b4%e3%81%97%e3%81%a6wordpres%e3%81%ae%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%82%92%e5%bc%b7%e5%8c%96\" >1. Change the login URL to strengthen WordPress security<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#site_guard%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%97%e3%83%a9%e3%82%b0%e3%82%a4%e3%83%b3%e3%82%92%e5%88%a9%e7%94%a8%e3%81%97%e3%81%a6%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3url%e3%82%92%e5%a4%89%e6%9b%b4%e3%81%99%e3%82%8b\" >Change the login URL using the Site Guard security plugin<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#site_guard%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%97%e3%83%a9%e3%82%b0%e3%82%a4%e3%83%b3%e3%82%92%e5%88%a9%e7%94%a8%e3%81%97%e3%81%a6wordpress%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3%e7%94%bb%e9%9d%a2%e3%81%a7%e7%94%bb%e5%83%8f%e8%aa%8d%e8%a8%bc%e3%82%92%e8%bf%bd%e5%8a%a0%e3%81%99%e3%82%8b\" >Add image authentication to the WordPress login screen using the Site Guard security plugin<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#site_guard%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%97%e3%83%a9%e3%82%b0%e3%82%a4%e3%83%b3%e3%82%92%e5%88%a9%e7%94%a8%e3%81%97%e3%81%a6wp-admin%e3%81%a7%e3%81%82%e3%82%8b%e7%ae%a1%e7%90%86%e7%94%bb%e9%9d%a2%e3%81%b8%e3%81%ae%e4%b8%8d%e6%ad%a3%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e3%82%92%e5%88%b6%e5%be%a1\" >Use the Site Guard security plugin to control unauthorized access to the wp-admin administration screen.<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%80%90site_guard%e3%80%91%3e%e3%80%90%e7%ae%a1%e7%90%86%e3%83%9a%e3%83%bc%e3%82%b8%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e5%88%b6%e9%99%90%e3%80%91%e3%82%92%e3%82%af%e3%83%aa%e3%83%83%e3%82%af\" >Click [Site Guard] &gt; [Administration page access restriction]<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e7%ae%a1%e7%90%86%e7%94%bb%e9%9d%a2%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e5%88%b6%e9%99%90%e6%a9%9f%e8%83%bd%e3%82%92%e6%9c%89%e5%8a%b9%e5%8c%96\" >Enable the admin page access restriction function<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%ef%bc%92%e3%80%81%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e3%81%95%e3%82%8c%e3%81%9f%e3%81%8f%e3%81%aa%e3%81%84%e3%83%9a%e3%83%bc%e3%82%b8%e3%81%b8%e3%83%99%e3%83%bc%e3%82%b7%e3%83%83%e3%82%af%e8%aa%8d%e8%a8%bc%ef%bc%88%e3%83%91%e3%82%b9%e3%83%af%e3%83%bc%e3%83%89%e4%bf%9d%e8%ad%b7%ef%bc%89%e3%82%92%e3%81%8b%e3%81%91%e3%81%be%e3%81%99\" >2. Apply basic authentication (password protection) to pages you don&#039;t want to allow access to<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#htpasswd%e3%83%91%e3%82%b9%e3%83%af%e3%83%bc%e3%83%89%e3%81%ae%e7%94%9f%e6%88%90\" >Generate htpasswd password<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#htpasswd%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%82%92%e4%bd%9c%e6%88%90\" >Create a .htpasswd file<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%83%9e%e3%83%8d%e3%83%bc%e3%82%b8%e3%83%a3%e3%83%bc%e3%81%a7htpasswd%e3%82%92%e3%82%a2%e3%83%83%e3%83%97%e3%83%ad%e3%83%bc%e3%83%89\" >Upload .htpasswd in your file manager<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#htaccess%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%a7%e3%83%99%e3%83%bc%e3%82%b7%e3%83%83%e3%82%af%e8%aa%8d%e8%a8%bc%e3%82%92%e3%81%8b%e3%81%91%e3%81%be%e3%81%99\" >Apply basic authentication using the .htaccess file<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3url%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e6%99%82%e3%81%ab%e8%aa%8d%e8%a8%bc%e3%81%8c%e8%bf%bd%e5%8a%a0%e3%81%95%e3%82%8c%e3%82%8b\" >Authentication is added when accessing the login URL<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#3%e7%ae%a1%e7%90%86%e7%94%bb%e9%9d%a2%e3%81%b8%e3%81%ae%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e3%81%ae%e3%83%ad%e3%82%b0%e3%82%92%e8%a6%8b%e3%82%8b\" >3. View the log of access to the administration screen<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%80%90site_guard%e3%80%91%3e%e3%80%90%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3%e5%b1%a5%e6%ad%b4%e3%80%91\" >[Site Guard] &gt; [Login History]<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%ae%e3%83%91%e3%83%bc%e3%83%9f%e3%83%83%e3%82%b7%e3%83%a7%e3%83%b3%e3%82%92%e5%a4%89%e6%9b%b4%e3%81%99%e3%82%8b\" >Change file permissions<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%83%91%e3%83%bc%e3%83%9f%e3%83%83%e3%82%b7%e3%83%a7%e3%83%b3%e3%81%ae%e5%a4%89%e6%9b%b4%e6%96%b9%e6%b3%95\" >How to change permissions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#htaccess%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%af606\" >.htaccess file is 606<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#wp-configphp%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%af400\" >wp-config.php file is 400<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%81%9d%e3%81%ae%e4%bb%96%e3%81%ae%e3%83%87%e3%82%a3%e3%83%ac%e3%82%af%e3%83%88%e3%83%aa%ef%bc%88%e3%83%95%e3%82%a9%e3%83%ab%e3%83%80%ef%bc%89%e3%81%af705\" >Other directories (folders) are 705<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%81%9d%e3%81%ae%e4%bb%96%e3%81%ae%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%af604\" >Other files are 604<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#4_htaccess%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%a7%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%82%92%e5%bc%b7%e5%8c%96\" >4. Enhance security with .htaccess files<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e4%b8%80%e8%a6%a7%e3%81%8c%e8%a1%a8%e7%a4%ba%e3%81%95%e3%82%8c%e3%82%8b%e3%81%ae%e3%82%92%e6%8b%92%e5%90%a6%e3%81%99%e3%82%8b\" >Refuse to display file lists<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#wp-configphp%e3%81%a8wp-cronphp_%e3%81%ab%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e5%88%b6%e9%99%90%e3%82%92%e3%81%8b%e3%81%91%e3%82%8b\" >Restrict access to wp-config.php and wp-cron.php<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%ef%bc%95%ef%bc%8ewordpress%e3%81%ae%e5%90%84%e7%a8%ae%e3%83%90%e3%83%bc%e3%82%b8%e3%83%a7%e3%83%b3%e3%82%92%e9%9a%a0%e3%81%99\" >5. Hide different versions of WordPress<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#functionphp%e3%81%b8%e7%a7%bb%e5%8b%95\" >Go to function.php<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#%e3%82%b3%e3%83%bc%e3%83%89%e3%82%92%e5%85%a5%e5%8a%9b\" >Enter the code<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security2\/#siteguard%e3%83%97%e3%83%a9%e3%82%b0%e3%82%a4%e3%83%b3%e3%81%ae%e4%bd%bf%e3%81%84%e6%96%b9\" >How to use the SiteGuard plugin<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%81%aa%e3%81%9cwordpress%e3%81%a7%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e5%af%be%e7%ad%96%e3%81%af%e5%bf%85%e8%a6%81%e3%81%aa%e3%81%ae%e3%81%8b%ef%bc%9f\"><\/span>Why is security necessary for WordPress?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>On the website<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Unauthorized login to the administration screen, tampering with site information, or stealing information<\/li><li>Attacks targeting vulnerabilities in WordPress, themes, and plugins<\/li><li>Attacks that send large amounts of data at once<\/li><\/ol>\n\n\n\n<p>We need to come up with measures to deal with this.<\/p>\n\n\n\n<p>Why is WordPress said to be more likely to be targeted than other websites such as homepages?<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>70% of the world&#039;s translations are made with WordPress, so the large number of users makes it easy to get the impression that WordPress is being targeted.<\/li><li>The structure of all WordPress sites is the same (same login URL, same admin page URL, etc.)<\/li><li>It&#039;s a free CMS and open source, so hackers can find vulnerabilities.<\/li><\/ul>\n\n\n\n<p>I think that this is the cause.<\/p>\n\n\n\n<p>For example, let&#039;s say a group of hackers finds a vulnerability in WordPress. If they were to carry out the same attack on WordPress sites, which are used by 70% of the world&#039;s users, sites that neglect security measures would be attacked. It would be more efficient for hackers to find and attack vulnerabilities in WordPress than to find vulnerabilities in other CMSs, right? It&#039;s a case of &quot;the more you attack, the more likely you are to hit something.&quot;<\/p>\n\n\n\n<p>The WordPress source code is available for free and has an open license that allows anyone to use it and customize it as they like, which makes it easy for hackers to find vulnerabilities in WordPress.<\/p>\n\n\n\n<p>Also, the file structure of WordPress is the same for everyone. Naturally, you install and use the same WordPress files. But that&#039;s where the problem comes in. The URL for the admin page is xxx.com\/wp-admin, and the login URL is xxx.com\/login.<\/p>\n\n\n\n<section class=\"wp-block-uagb-section uagb-section__wrap uagb-section__background-none uagb-block-69237443\"><div class=\"uagb-section__overlay\"><\/div><div class=\"uagb-section__inner-wrap\">\n<p>To the domain (xxx.com) that you actually use<br>xxx.com\/wp-admin<br>xxx.com\/wp-login<br>Please try entering the following. Do you see the admin page or login page? (If you are using the Site Guard plugin for security, you probably won&#039;t see it.)<\/p>\n<\/div><\/section>\n\n\n\n<p>In the case of cases where a password is repeatedly attempted to break into a login, if you consider whether to attack when the login URL is known or to search for the login URL first, you would be more likely to attack a site where the login URL is known than a site where the login URL is unknown.<\/p>\n\n\n\n<p>This does not mean that you should not use WordPress. We will explain the proper security measures and how to operate WordPress safely and securely!<\/p>\n\n\n\n<p>Now, let&#039;s introduce some WordPress security measures so you can actually strengthen the security on your site!<\/p>\n\n\n\n<p>SSL is required for websites. For more information on SSL,<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-hanami-web-wordpress-blog\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"ZY0NAhizwF\"><a href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/seo\/security\/\">I thought about security measures for WordPress<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"\u201cI thought about security measures for WordPress\u201d \u2014 How to create a homepage using WordPress\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/seo\/security\/embed\/#?secret=fj88rSGTLi#?secret=ZY0NAhizwF\" data-secret=\"ZY0NAhizwF\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<p>Please refer to this.<\/p>\n\n\n\n<p>Also, please refer to the following article for information on how to use xserver&#039;s unique standard security measures!<\/p>\n\n\n\n<figure class=\"wp-block-embed-wordpress wp-block-embed is-type-wp-embed is-provider-hanami-web-wordpress-blog\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"wp-embedded-content\" data-secret=\"xeXWI5yYYT\"><a href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/website-first\/xserver-security\/\">WordPress\/website security measures taken with xserver<\/a><\/blockquote><iframe loading=\"lazy\" class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" style=\"position: absolute; clip: rect(1px, 1px, 1px, 1px);\" title=\"\u201cwordpress\/website security measures taken with xserver\u201d \u2014 How to create a homepage using WordPress\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/website-first\/xserver-security\/embed\/#?secret=kSIHDq0KBq#?secret=xeXWI5yYYT\" data-secret=\"xeXWI5yYYT\" width=\"600\" height=\"338\" frameborder=\"0\" marginwidth=\"0\" marginheight=\"0\" scrolling=\"no\"><\/iframe>\n<\/div><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"wordpress%e3%81%ae%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%97%e3%83%a9%e9%8a%80site_guard%e3%82%92%e3%82%a4%e3%83%b3%e3%82%b9%e3%83%88%e3%83%bc%e3%83%ab\"><\/span>Install WordPress security plugin Site Guard<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>There are plugins that can enhance the security of WordPress.<a href=\"https:\/\/ja.wordpress.org\/plugins\/siteguard\/\" target=\"_blank\" rel=\"noreferrer noopener\">Site Guard<\/a>\u3011<\/p>\n\n\n\n<p>Site Guard official website \u2193\u2193<\/p>\n\n\n\n<p><a href=\"https:\/\/www.jp-secure.com\/siteguard_wp_plugin\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.jp-secure.com\/siteguard_wp_plugin\/<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><a href=\"https:\/\/ja.wordpress.org\/plugins\/siteguard\/\"><img decoding=\"async\" width=\"1024\" height=\"496\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-1024x496.jpg\" alt=\"\u30ed\u30b0\u30a4\u30f3URL\u3092\u5909\u3048\u3066wordpress\u30b5\u30a4\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u884c\u3046site guard\u30d7\u30e9\u30b0\u30a4\u30f3\" class=\"wp-image-2753\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-1024x496.jpg 1024w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-300x145.jpg 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-768x372.jpg 768w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard.jpg 1197w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Search for [siteguard] when adding a new plugin in WordPress.<\/h4>\n\n\n\n<p>Click [Install now] and then [Activate].<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"310\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-iinstall-1024x310.png\" alt=\"wordpress\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u6709\u52b9\u306a\u30ed\u30b0\u30a4\u30f3URL\u306e\u5909\u66f4\u3092\u3059\u308bsiteguard\u30d7\u30e9\u30b0\u30a4\u30f3\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\" class=\"wp-image-2754\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-iinstall-1024x310.png 1024w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-iinstall-1536x465.png 1536w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-iinstall-300x91.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-iinstall-768x232.png 768w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-iinstall.png 1662w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<div class=\"wp-block-cocoon-blocks-icon-box alert-box common-icon-box block-box\">\n\n<p>When you enable the Site Guard plugin, the login URL will automatically change. Please be careful as this may result in you being unable to log in next time.<\/p>\n\n<\/div>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%ef%bc%91%ef%bc%8e%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3url%e3%82%92%e5%a4%89%e6%9b%b4%e3%81%97%e3%81%a6wordpres%e3%81%ae%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%82%92%e5%bc%b7%e5%8c%96\"><\/span>1. Change the login URL to strengthen WordPress security<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>First, change the common WordPress login URL.<\/p>\n\n\n\n<p><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">xxx.com\/wp-login.php<\/mark><\/strong><\/p>\n\n\n\n<p>If you add [wp-login] or [wp-login.php] to your own domain, such as xxx.com\/wp-login.php, it will switch to the login screen.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"447\" height=\"552\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/loginurl.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u306fwp-login.php\u3067\u30a2\u30af\u30bb\u30b9\u51fa\u6765\u3066\u3057\u307e\u3046\" class=\"wp-image-2752\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/loginurl.png 447w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/loginurl-243x300.png 243w\" sizes=\"(max-width: 447px) 100vw, 447px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"site_guard%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%97%e3%83%a9%e3%82%b0%e3%82%a4%e3%83%b3%e3%82%92%e5%88%a9%e7%94%a8%e3%81%97%e3%81%a6%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3url%e3%82%92%e5%a4%89%e6%9b%b4%e3%81%99%e3%82%8b\"><\/span>Change the login URL using the Site Guard security plugin<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>I think it would be difficult to change the login URL by modifying the source code of worpdress, so<a href=\"https:\/\/ja.wordpress.org\/plugins\/siteguard\/\" target=\"_blank\" rel=\"noreferrer noopener\">Site Guard<\/a>] plugin to change the WordPress login URL.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Check the login URL<\/h4>\n\n\n\n<p>Once you activate the Site Guard plugin, the login URL will change. If you have bookmarked your site or output the login URL using wp-login, please be careful.<\/p>\n\n\n\n<p>Check what the login URL has changed to. Click on [Change login page] in the [SiteGuard] item that was added after activating the Site Guard plugin.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"201\" height=\"573\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginurl-change1.png\" alt=\"wordpress\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u6709\u52b9\u306a\u30ed\u30b0\u30a4\u30f3URL\u306e\u5909\u66f4\u3092\u3059\u308bsiteguard\u30d7\u30e9\u30b0\u30a4\u30f3\u3067\u30ed\u30b0\u30a4\u30f3URL\u3092\u5909\u66f4\" class=\"wp-image-2756\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginurl-change1.png 201w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginurl-change1-105x300.png 105w\" sizes=\"(max-width: 201px) 100vw, 201px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">How to set up the Site Guard security plugin on the login page change screen<\/h4>\n\n\n\n<ol class=\"wp-block-list\"><li>Set it to \u3010ON\u3011. - It is set to ON by default.<\/li><li>Changed login page name - Use the automatically generated login URL or specify the login URL with any string.<\/li><li>Optional - If you leave it as it is, when you access wp-admin, it will redirect you to the login URL, so there is not much point in changing the login URL. Check this box.<\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"849\" height=\"533\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginurl-change2.png\" alt=\"wordpress\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u6709\u52b9\u306a\u30ed\u30b0\u30a4\u30f3URL\u306e\u5909\u66f4\u3092\u3059\u308bsiteguard\u30d7\u30e9\u30b0\u30a4\u30f3\u3067\u30ed\u30b0\u30a4\u30f3URL\u3092\u5909\u66f4\u8a73\u7d30\u8a2d\u5b9a\" class=\"wp-image-2757\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginurl-change2.png 849w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginurl-change2-300x188.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginurl-change2-768x482.png 768w\" sizes=\"(max-width: 849px) 100vw, 849px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Try accessing the login URL.<\/h4>\n\n\n\n<p>Please log out and try accessing the URL you set.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"942\" height=\"466\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/logout.png\" alt=\"wordpress\u7ba1\u7406\u753b\u9762\u304b\u3089\u30ed\u30b0\u30a2\u30a6\u30c8\" class=\"wp-image-2759\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/logout.png 942w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/logout-300x148.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/logout-768x380.png 768w\" sizes=\"(max-width: 942px) 100vw, 942px\" \/><\/figure>\n\n\n\n<p><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">Please bookmark the login URL displayed here or make a note of it.<\/mark><\/strong><\/p>\n\n\n\n<p>You have now changed your WordPress login URL.<\/p>\n\n\n\n<p>There are other settings you may want to make in Site Guard.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"site_guard%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%97%e3%83%a9%e3%82%b0%e3%82%a4%e3%83%b3%e3%82%92%e5%88%a9%e7%94%a8%e3%81%97%e3%81%a6wordpress%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3%e7%94%bb%e9%9d%a2%e3%81%a7%e7%94%bb%e5%83%8f%e8%aa%8d%e8%a8%bc%e3%82%92%e8%bf%bd%e5%8a%a0%e3%81%99%e3%82%8b\"><\/span>Add image authentication to the WordPress login screen using the Site Guard security plugin<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The wordpress login URL has been changed, so it is no longer easy to access the login URL, but if someone still logs in, if they try to log in by attacking a large number of arbitrary passwords, if image authentication is enabled, they will not be able to log in unless they attack the password + image authentication, which further strengthens security.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Click [Image Verification] in the [Site Guard] plugin.<\/h4>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"203\" height=\"572\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-image.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u306b\u753b\u50cf\u8a8d\u8a3c\u3092\u52a0\u3048\u308b\" class=\"wp-image-2760\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-image.png 203w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-image-106x300.png 106w\" sizes=\"(max-width: 203px) 100vw, 203px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Turn on image authentication on the login screen<\/h4>\n\n\n\n<p>First, make sure the setting is set to [ON].<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Login page<\/li><li>Comments page<\/li><li>Password confirmation page<\/li><li>User registration page<\/li><\/ul>\n\n\n\n<p>You can add image authentication using hiragana or alphanumeric characters.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"570\" height=\"730\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginimage-setting.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u306b\u753b\u50cf\u8a8d\u8a3c\u3092\u52a0\u3048\u308b\" class=\"wp-image-2761\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginimage-setting.png 570w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginimage-setting-234x300.png 234w\" sizes=\"(max-width: 570px) 100vw, 570px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"site_guard%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%83%97%e3%83%a9%e3%82%b0%e3%82%a4%e3%83%b3%e3%82%92%e5%88%a9%e7%94%a8%e3%81%97%e3%81%a6wp-admin%e3%81%a7%e3%81%82%e3%82%8b%e7%ae%a1%e7%90%86%e7%94%bb%e9%9d%a2%e3%81%b8%e3%81%ae%e4%b8%8d%e6%ad%a3%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e3%82%92%e5%88%b6%e5%be%a1\"><\/span>Use the Site Guard security plugin to control unauthorized access to the wp-admin administration screen.<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Like wp-login, the URL of the administration screen is also determined by wp-admin. When a user who is not logged in accesses wp-admin, a 404 error message &quot;page not found&quot; may be displayed.<\/p>\n\n\n\n<p><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">This feature is turned off by default.<\/mark><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%80%90site_guard%e3%80%91%3e%e3%80%90%e7%ae%a1%e7%90%86%e3%83%9a%e3%83%bc%e3%82%b8%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e5%88%b6%e9%99%90%e3%80%91%e3%82%92%e3%82%af%e3%83%aa%e3%83%83%e3%82%af\"><\/span>Click [Site Guard] &gt; [Administration page access restriction]<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"187\" height=\"562\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-wpadmin-securty1.png\" alt=\"wordpress\u7ba1\u7406\u753b\u9762\u3078\u306e\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u9632\u6b62\" class=\"wp-image-2763\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-wpadmin-securty1.png 187w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-wpadmin-securty1-100x300.png 100w\" sizes=\"(max-width: 187px) 100vw, 187px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e7%ae%a1%e7%90%86%e7%94%bb%e9%9d%a2%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e5%88%b6%e9%99%90%e6%a9%9f%e8%83%bd%e3%82%92%e6%9c%89%e5%8a%b9%e5%8c%96\"><\/span>Enable the admin page access restriction function<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Change it to [ON].<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"570\" height=\"730\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginimage-setting-1.png\" alt=\"wordpress\u7ba1\u7406\u753b\u9762\u3078\u306e\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u9632\u6b62\" class=\"wp-image-2762\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginimage-setting-1.png 570w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/siteguard-loginimage-setting-1-234x300.png 234w\" sizes=\"(max-width: 570px) 100vw, 570px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%ef%bc%92%e3%80%81%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e3%81%95%e3%82%8c%e3%81%9f%e3%81%8f%e3%81%aa%e3%81%84%e3%83%9a%e3%83%bc%e3%82%b8%e3%81%b8%e3%83%99%e3%83%bc%e3%82%b7%e3%83%83%e3%82%af%e8%aa%8d%e8%a8%bc%ef%bc%88%e3%83%91%e3%82%b9%e3%83%af%e3%83%bc%e3%83%89%e4%bf%9d%e8%ad%b7%ef%bc%89%e3%82%92%e3%81%8b%e3%81%91%e3%81%be%e3%81%99\"><\/span>2. Apply basic authentication (password protection) to pages you don&#039;t want to allow access to<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>This time, I will explain using xserver.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Login URL<\/li><li>Management page URL<\/li><\/ul>\n\n\n\n<p>This page will perform basic authentication from the server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"htpasswd%e3%83%91%e3%82%b9%e3%83%af%e3%83%bc%e3%83%89%e3%81%ae%e7%94%9f%e6%88%90\"><\/span>Generate htpasswd password<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p><a href=\"https:\/\/kngy.net\/htaccess_password_md5_hash\/\" target=\"_blank\" rel=\"noreferrer noopener\">htpasswd generator<\/a>First, generate the htpasswd.<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Enter your username<\/li><li>password<\/li><li>encryption<\/li><\/ol>\n\n\n\n<p>Generate htpasswd using the procedure above.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"982\" height=\"423\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3068\u7ba1\u7406\u753b\u9762\u3092\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\" class=\"wp-image-2783\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password.png 982w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password-300x129.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password-768x331.png 768w\" sizes=\"(max-width: 982px) 100vw, 982px\" \/><\/figure>\n\n\n\n<p>The code will be generated<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"983\" height=\"427\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password2.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3068\u7ba1\u7406\u753b\u9762\u3092\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\" class=\"wp-image-2784\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password2.png 983w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password2-300x130.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password2-768x334.png 768w\" sizes=\"(max-width: 983px) 100vw, 983px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"htpasswd%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%82%92%e4%bd%9c%e6%88%90\"><\/span>Create a .htpasswd file<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Create a file called .htpasswd using Notepad or similar and enter the code you just generated. I used TeraPad this time.<\/p>\n\n\n\n<p>Copy and paste the information and save it as [.htpasswd].<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"653\" height=\"308\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password3.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3068\u7ba1\u7406\u753b\u9762\u3092\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\" class=\"wp-image-2785\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password3.png 653w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password3-300x142.png 300w\" sizes=\"(max-width: 653px) 100vw, 653px\" \/><\/figure>\n\n\n\n<p>If the file ends up with a text extension like .htpasswd.txt as shown in the image, rename it and delete the .txt part.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"138\" height=\"120\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password4.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3068\u7ba1\u7406\u753b\u9762\u3092\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\" class=\"wp-image-2786\"\/><\/figure>\n\n\n\n<p>The following file formats are valid: You can rename the file after uploading it to the server.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"132\" height=\"92\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password5.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3068\u7ba1\u7406\u753b\u9762\u3092\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\" class=\"wp-image-2789\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%83%9e%e3%83%8d%e3%83%bc%e3%82%b8%e3%83%a3%e3%83%bc%e3%81%a7htpasswd%e3%82%92%e3%82%a2%e3%83%83%e3%83%97%e3%83%ad%e3%83%bc%e3%83%89\"><\/span>Upload .htpasswd in your file manager<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The top level where WordPress is located. Upload .htpasswd to the level where the .htaccess file is located. Now you are ready to set the password for basic authentication.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"153\" height=\"181\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/password6.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3068\u7ba1\u7406\u753b\u9762\u3092\u30d1\u30b9\u30ef\u30fc\u30c9\u4fdd\u8b77\" class=\"wp-image-2790\"\/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"htaccess%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%a7%e3%83%99%e3%83%bc%e3%82%b7%e3%83%83%e3%82%af%e8%aa%8d%e8%a8%bc%e3%82%92%e3%81%8b%e3%81%91%e3%81%be%e3%81%99\"><\/span>Apply basic authentication using the .htaccess file<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Download the .htaccess file at the same level and save it on your PC.<\/p>\n\n\n\n<p>The .htaccess file is an important file for displaying a website. If you write it incorrectly, you may not be able to view the website, so be sure to save the unedited file on your PC.<\/p>\n\n\n\n<p>In the unlikely event that something goes wrong, you can revert to the original state by uploading the unmodified .htaccess file.<\/p>\n\n\n\n<p>Please write the following code before #BEGIN WordPress.<strong>BEGIN WordPress<\/strong>However you write it, there is a risk that it will be rewritten by an update or something.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>AuthType Basic AuthUserFile \/*Server path*\/.htpasswd AuthGroupFile \/dev\/null AuthName &quot;Please enter your ID and password&quot; require valid-user<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3url%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e6%99%82%e3%81%ab%e8%aa%8d%e8%a8%bc%e3%81%8c%e8%bf%bd%e5%8a%a0%e3%81%95%e3%82%8c%e3%82%8b\"><\/span>Authentication is added when accessing the login URL<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Once you have set this up, an authentication screen will appear on the login screen.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"447\" height=\"552\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/loginurl.png\" alt=\"wordpress\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u306fwp-login.php\u3067\u30a2\u30af\u30bb\u30b9\u51fa\u6765\u3066\u3057\u307e\u3046\" class=\"wp-image-2752\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/loginurl.png 447w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/loginurl-243x300.png 243w\" sizes=\"(max-width: 447px) 100vw, 447px\" \/><\/figure>\n\n\n\n<p>You will then be prompted to enter your username and password. Once you have entered them, you will remain logged in with basic authentication until you close your browser.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"562\" height=\"292\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/xserver-access-lock4.png\" alt=\"wordpress\u7ba1\u7406URL\u3068\u30ed\u30b0\u30a4\u30f3URL\u306b\u30d9\u30fc\u30b7\u30c3\u30af\u8a8d\u8a3c\u3092\u8ffd\u52a0\" class=\"wp-image-2768\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/xserver-access-lock4.png 562w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/xserver-access-lock4-300x156.png 300w\" sizes=\"(max-width: 562px) 100vw, 562px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"3%e7%ae%a1%e7%90%86%e7%94%bb%e9%9d%a2%e3%81%b8%e3%81%ae%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e3%81%ae%e3%83%ad%e3%82%b0%e3%82%92%e8%a6%8b%e3%82%8b\"><\/span>3. View the log of access to the administration screen<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Is there really no unauthorized access? You may be wondering. The Site Guard plugin also has an access log function.<\/p>\n\n\n\n<p>By regularly checking the access log, you can detect any unauthorized access.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%80%90site_guard%e3%80%91%3e%e3%80%90%e3%83%ad%e3%82%b0%e3%82%a4%e3%83%b3%e5%b1%a5%e6%ad%b4%e3%80%91\"><\/span>[Site Guard] &gt; [Login History]<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"197\" height=\"567\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/sitegurad-loginlog.png\" alt=\"wordpress\u306e\u30ed\u30b0\u30a4\u30f3\u30ed\u30b0\u3092\u78ba\u8a8d\u3059\u308b\" class=\"wp-image-2769\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/sitegurad-loginlog.png 197w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/sitegurad-loginlog-104x300.png 104w\" sizes=\"(max-width: 197px) 100vw, 197px\" \/><\/figure>\n\n\n\n<ul class=\"wp-block-list\"><li>Access date and time<\/li><li>Access results<\/li><li>login name<\/li><li>IP address<\/li><li>Login Screen Type<\/li><\/ul>\n\n\n\n<p>If you see a different IP address than usual or many unsuccessful attempts that you do not remember, please change your login password.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"119\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/sitegurad-loginlog2-1024x119.png\" alt=\"wordpress\u306e\u30ed\u30b0\u30a4\u30f3\u30ed\u30b0\u3092\u78ba\u8a8d\u3059\u308b\" class=\"wp-image-2770\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/sitegurad-loginlog2-1024x119.png 1024w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/sitegurad-loginlog2-1536x178.png 1536w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/sitegurad-loginlog2-300x35.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/sitegurad-loginlog2-768x89.png 768w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/sitegurad-loginlog2.png 1663w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<section class=\"wp-block-uagb-section uagb-section__wrap uagb-section__background-none uagb-block-845ea95c\"><div class=\"uagb-section__overlay\"><\/div><div class=\"uagb-section__inner-wrap\">\n<p>After this explanation, the WordPress security measures will be a little more difficult. I can also work with you in private lessons, so if you want to set it up but are worried or unable to do it alone, feel free to come and see me.<a href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/lesson\/\">inquiry<\/a>please.<\/p>\n<\/div><\/section>\n\n\n\n<p><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%ae%e3%83%91%e3%83%bc%e3%83%9f%e3%83%83%e3%82%b7%e3%83%a7%e3%83%b3%e3%82%92%e5%a4%89%e6%9b%b4%e3%81%99%e3%82%8b\"><\/span>Change file permissions<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Files have restrictive capabilities called permissions.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Read permission<\/li><li>Write permission<\/li><li>Execution permission<\/li><\/ul>\n\n\n\n<p>The combination of these three is determined by a three-digit number.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Self - Administrator<\/li><li>Group - All users who can use the server<\/li><li>Others \u2013 Third parties<\/li><\/ul>\n\n\n\n<p>As you can see, the three digits from the left indicate your authority, the group&#039;s authority, and the authority of others.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>7 - Write, read, and execute<\/li><li>6 - Readable and writable<\/li><li>5 - Readable and executable<\/li><li>4. Readable<\/li><li>0 - All added<\/li><\/ul>\n\n\n\n<p>The most commonly used permissions are<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>777 - Anyone can read, write, and execute<\/li><li>755 - Anyone can read and write, but only you can execute<\/li><li>666 - Everyone can read and write<\/li><li>644 - admin can read, group and others can only read<\/li><\/ul>\n\n\n\n<p>It&#039;s a little complicated, so it might be hard to understand.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%83%91%e3%83%bc%e3%83%9f%e3%83%83%e3%82%b7%e3%83%a7%e3%83%b3%e3%81%ae%e5%a4%89%e6%9b%b4%e6%96%b9%e6%b3%95\"><\/span>How to change permissions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>If you are familiar with FFTP, you can change it from there. This time, we will show you how to change it from the xserver administration panel.<\/p>\n\n\n\n<p>Log in to the xserver account panel. Click [File Management].<\/p>\n\n\n\n<p><strong>Please note that this is separate from the server administration panel.<\/strong><\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"957\" height=\"207\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/xerver-permission.png\" alt=\"wordpress\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u5909\u66f4\u3059\u308b\" class=\"wp-image-2771\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/xerver-permission.png 957w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/xerver-permission-300x65.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/xerver-permission-768x166.png 768w\" sizes=\"(max-width: 957px) 100vw, 957px\" \/><\/figure>\n\n\n\n<p>You will see a list of files on the server, so click on the [Domain] you want to configure. After clicking on the domain, click on [public_html].<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"htaccess%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%af606\"><\/span>.htaccess file is 606<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Some of you may have operated the .htaccess file to enable always-on SSL. It is an important file for operating the server. If someone writes to it without permission, it can be attacked. The setting is that the administrator and others can read and write, but the group does not have any permissions.<\/p>\n\n\n\n<p>First, I will explain how to change the permissions of the .htaccess file using an example.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Default is 644<\/h4>\n\n\n\n<p>The [.htaccess] file is located directly under [public_html] or directly under the folder where WordPress is installed.<\/p>\n\n\n\n<p>The default is 644, which means that the user can read and write, but the group and others can only read. Set this to 0 to give the group no permissions, and change it to 604.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Check the .htaccess file<\/h4>\n\n\n\n<p>The procedure for changing file permissions is the same for all files. If you want to change the permissions of another file, check the file or directory you want to change.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"530\" height=\"420\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting.png\" alt=\".htaccess\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u5909\u66f4\" class=\"wp-image-2772\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting.png 530w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting-300x238.png 300w\" sizes=\"(max-width: 530px) 100vw, 530px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Click Change Permissions<\/h4>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"426\" height=\"195\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting1.png\" alt=\".htaccess\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u5909\u66f4\" class=\"wp-image-2773\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting1.png 426w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting1-300x137.png 300w\" sizes=\"(max-width: 426px) 100vw, 426px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">Enter the permissions you want to set.<\/h4>\n\n\n\n<p>Enter the new permissions you want to set and click [Change Permissions] to complete the changes.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"1024\" height=\"190\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting2-1024x190.png\" alt=\".htaccess\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u5909\u66f4\" class=\"wp-image-2774\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting2-1024x190.png 1024w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting2-300x56.png 300w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting2-768x142.png 768w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting2.png 1215w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"wp-configphp%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%af400\"><\/span>wp-config.php file is 400<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The wp-config.php file contains information such as database login information. This is also a very important file for operating WordPress.<\/p>\n\n\n\n<p>It is located directly below the file containing wordpress, in the same hierarchy as the wp-admin\/wp-content\/wp-include folder.<\/p>\n\n\n\n<p>If it is not 400, change it. Only administrators can read it, and all others can append it.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"721\" height=\"86\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting3.png\" alt=\"wp-config.php\u306e\u30d1\u30fc\u30df\u30c3\u30b7\u30e7\u30f3\u3092\u5909\u66f4\" class=\"wp-image-2775\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting3.png 721w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/htaccess-permission-setting3-300x36.png 300w\" sizes=\"(max-width: 721px) 100vw, 721px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%81%9d%e3%81%ae%e4%bb%96%e3%81%ae%e3%83%87%e3%82%a3%e3%83%ac%e3%82%af%e3%83%88%e3%83%aa%ef%bc%88%e3%83%95%e3%82%a9%e3%83%ab%e3%83%80%ef%bc%89%e3%81%af705\"><\/span>Other directories (folders) are 705<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>In addition, folders that can be seen in the file manager, called directories, are set to 705. The administrator is given all permissions, but the group is denied all permissions. Others are only allowed to read and execute, so the 705 setting is used.<\/p>\n\n\n\n<p><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">Set [themes] and [uploads] to 707.<\/mark><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%81%9d%e3%81%ae%e4%bb%96%e3%81%ae%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%af604\"><\/span>Other files are 604<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Change each file in the directory to 604. The administrator has read and write permissions, and the group has none. Others have read-only permissions.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"4_htaccess%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e3%81%a7%e3%82%bb%e3%82%ad%e3%83%a5%e3%83%aa%e3%83%86%e3%82%a3%e3%82%92%e5%bc%b7%e5%8c%96\"><\/span>4. Enhance security with .htaccess files<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>The .htaccess file is a file that controls the files and pages on your server.<\/p>\n\n\n\n<p>When you first install WordPress it will look like this:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code># BEGIN WordPress RewriteEngine On RewriteBase \/ RewriteRule ^index\\.php$ - [L] RewriteRule ^index\\.rdf$ \/feed\/rdf\/ [L,R=301] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . \/index.php [L] # END WordPress<\/code><\/pre>\n\n\n\n<section class=\"wp-block-uagb-section uagb-section__wrap uagb-section__background-none uagb-block-0832d067\"><div class=\"uagb-section__overlay\"><\/div><div class=\"uagb-section__inner-wrap\">\n<p>In fact, the .htaccess file is a very delicate file.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>I erased one character by mistake.<\/li><li>Writing in full-width characters<\/li><\/ul>\n\n\n\n<p>This can cause your site to not display properly. Before modifying the .htaccess file, be sure to download the file to your PC, and in the unlikely event that something goes wrong, upload it so that you can restore it to its original state before proceeding.<\/p>\n<\/div><\/section>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%83%95%e3%82%a1%e3%82%a4%e3%83%ab%e4%b8%80%e8%a6%a7%e3%81%8c%e8%a1%a8%e7%a4%ba%e3%81%95%e3%82%8c%e3%82%8b%e3%81%ae%e3%82%92%e6%8b%92%e5%90%a6%e3%81%99%e3%82%8b\"><\/span>Refuse to display file lists<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>For example, when you access a directory, a list of files may be displayed. You may be able to see what files exist on the website. Add the following to the .htaccess file.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>Options -Indexes<\/code><\/pre>\n\n\n\n<p>Just add one line.<\/p>\n\n\n\n<p><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">In the case of WordPress, the list is often not output. This setting may not be necessary.<\/mark><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"wp-configphp%e3%81%a8wp-cronphp_%e3%81%ab%e3%82%a2%e3%82%af%e3%82%bb%e3%82%b9%e5%88%b6%e9%99%90%e3%82%92%e3%81%8b%e3%81%91%e3%82%8b\"><\/span>wp-config.php and<strong>wp-cron.php<\/strong>&nbsp;Restrict access to<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>The wp-config.php file contains database login information and is vulnerable to attack. In addition, we will add access restrictions to wp-cron.php, which is used for time-based processes such as posting and update notifications. We have changed the permissions for the wp-confing.php file, but we will also add further access restrictions. Add the following to the .htaccess file.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>order allow,deny deny from all<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%ef%bc%95%ef%bc%8ewordpress%e3%81%ae%e5%90%84%e7%a8%ae%e3%83%90%e3%83%bc%e3%82%b8%e3%83%a7%e3%83%b3%e3%82%92%e9%9a%a0%e3%81%99\"><\/span>5. Hide different versions of WordPress<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Anyone can check the version of WordPress. Also, by looking at the source code, it is possible to see whether the site is using WordPress, what plugins are being used, and what theme is being used.<\/p>\n\n\n\n<p>If this information leaks to the outside, and it becomes clear that you are using outdated versions of WordPress, plugins, or themes, they may exploit these vulnerabilities in an attack.<\/p>\n\n\n\n<p><strong><mark style=\"background-color:rgba(0, 0, 0, 0)\" class=\"has-inline-color has-luminous-vivid-amber-color\">Add the following to the function.php of the theme you are using.<\/mark><\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"functionphp%e3%81%b8%e7%a7%bb%e5%8b%95\"><\/span>Go to function.php<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Directly under the file where WordPress is installed<\/p>\n\n\n\n<p>The installed theme files are contained in [wp-config] &gt; [themes].<\/p>\n\n\n\n<p>Go to the activated theme file and edit [function.php].<\/p>\n\n\n\n<p>Before editing, please click [functino.php] to free load the file onto your PC.<\/p>\n\n\n\n<p>To change it, check the checkbox and click the [Edit] button.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-large\"><img decoding=\"async\" width=\"660\" height=\"62\" src=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/wordpress-versiont-security.png\" alt=\"wordpress\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u96a0\u3059\" class=\"wp-image-2776\" srcset=\"https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/wordpress-versiont-security.png 660w, https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/wordpress-versiont-security-300x28.png 300w\" sizes=\"(max-width: 660px) 100vw, 660px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%e3%82%b3%e3%83%bc%e3%83%89%e3%82%92%e5%85%a5%e5%8a%9b\"><\/span>Enter the code<span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p>Enter the following code at the bottom of function.php:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/\/ generator remove_action( &#039;wp_head&#039;, &#039;wp_generator&#039;); \/\/ rel=&quot;shortlink&quot; remove_action( &#039;wp_head&#039;, &#039;wp_shortlink_wp_head&#039;, 10, 0 ); \/\/ WLW(Windows Live Writer) wlwmanifest.xml remove_action( &#039;wp_head&#039;, &#039;wlwmanifest_link&#039;); \/\/ RSD xmlrpc.php?rsd remove_action( &#039;wp_head&#039;, &#039;rsd_link&#039;); \/\/ Removes the WordPress version number (e.g. ?ver=4.4.2) added to JavaScript and CSS. function remove_src_wp_ver( $dep ) { $dep-&gt;default_version = &#039;&#039;; } add_action( &#039;wp_default_scripts&#039;, &#039;remove_src_wp_ver&#039; ); add_action( &#039;wp_default_styles&#039;, &#039;remove_src_wp_ver&#039; );<\/code><\/pre>\n\n\n\n<p>Some WordPress security settings are a little difficult, but they are essential for anyone building a membership site or online shop!<\/p>\n\n\n\n<p>This involves server-side operations, so if you find it difficult to set up security settings by yourself, feel free to<a href=\"https:\/\/hanami-web.tokyo.jp\/blog\/en\/contact\/\">inquiry<\/a>Please feel free to contact us! Online private lessons are also available!<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"siteguard%e3%83%97%e3%83%a9%e3%82%b0%e3%82%a4%e3%83%b3%e3%81%ae%e4%bd%bf%e3%81%84%e6%96%b9\"><\/span>How to use the SiteGuard plugin<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>If you want to strengthen your security with a plugin, we recommend SiteGuard! Here is a video guide on how to set it up!<\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"[Strengthen login security] How to set up the WordPress plugin SiteGuard (made in Japan)!\" width=\"1290\" height=\"726\" src=\"https:\/\/www.youtube.com\/embed\/XSZUBH4tPAc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe>\n<\/div><\/figure>","protected":false},"excerpt":{"rendered":"<p>wordpress\u3067\u8003\u3048\u3089\u308c\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u3064\u3044\u3066\u3001wordpress\u306e\u5148\u751f\u304c\u4e01\u5be7\u306b\u8a2d\u5b9a\u65b9\u6cd5\u3092\u89e3\u8aac\u3057\u307e\u3059\uff01 \u6700\u8fd1\u3001\u30d3\u30b8\u30cd\u30b9\u306e\u30aa\u30f3\u30e9\u30a4\u30f3\u5316\u304c\u9032\u307f \u6765\u5e97\u524d\u306e\u4e8b\u524d\u4e88\u7d04 \u30c6\u30a4\u30af\u30a2\u30a6\u30c8\u4e8b\u524d\u4e88\u7d04 \u30cd\u30c3\u30c8\u30b7\u30e7\u30c3\u30d7\u30fb\u30aa\u30f3\u30e9\u30a4\u30f3\u30b7\u30e7\u30c3 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":9775,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_uag_custom_page_level_css":"","footnotes":""},"categories":[12],"tags":[1275],"class_list":["post-2751","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-seo","tag-1275"],"blocksy_meta":[],"aioseo_notices":[],"uagb_featured_image_src":{"full":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/thumnail-16.png",720,540,false],"thumbnail":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/thumnail-16-150x150.png",150,150,true],"medium":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/thumnail-16-300x225.png",300,225,true],"medium_large":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/thumnail-16.png",720,540,false],"large":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/thumnail-16.png",720,540,false],"1536x1536":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/thumnail-16.png",720,540,false],"2048x2048":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/thumnail-16.png",720,540,false],"trp-custom-language-flag":["https:\/\/hanami-web.tokyo.jp\/blog\/wp-content\/uploads\/2020\/08\/thumnail-16.png",16,12,false]},"uagb_author_info":{"display_name":"\u682a\u5f0f\u4f1a\u793eHanamiWEB \u4ee3\u8868\u53d6\u7de0\u5f79 \u677e\u6d66\u307f\u3055","author_link":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/author\/hanami\/"},"uagb_comment_info":0,"uagb_excerpt":"wordpress\u3067\u8003\u3048\u3089\u308c\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u3064\u3044\u3066\u3001wordpress\u306e\u5148\u751f\u304c\u4e01\u5be7\u306b\u8a2d\u5b9a\u65b9\u6cd5\u3092\u89e3\u8aac\u3057\u307e\u3059\uff01&hellip;","brizy_media":[],"_links":{"self":[{"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/posts\/2751","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/comments?post=2751"}],"version-history":[{"count":0,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/posts\/2751\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/media\/9775"}],"wp:attachment":[{"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/media?parent=2751"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/categories?post=2751"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hanami-web.tokyo.jp\/blog\/en\/wp-json\/wp\/v2\/tags?post=2751"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}