{"id":1773,"date":"2014-05-01T04:41:58","date_gmt":"2014-05-01T04:41:58","guid":{"rendered":"http:\/\/musilda.cz\/?p=1773"},"modified":"2014-05-01T04:41:58","modified_gmt":"2014-05-01T04:41:58","slug":"omezeni-poctu-opakovanych-prihlaseni","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/omezeni-poctu-opakovanych-prihlaseni\/","title":{"rendered":"Omezen\u00ed po\u010dtu opakovan\u00fdch p\u0159ihl\u00e1\u0161en\u00ed"},"content":{"rendered":"<p>Dnes jsem na webu vytvo\u0159il novou kategorii, kter\u00e1 se bude zab\u00fdvat bezpe\u010dnost\u00ed WordPressu. Uk\u00e1\u017eeme si, jak omezit po\u010det pokus o opakovan\u00e9 p\u0159ihl\u00e1\u0161en\u00ed na v\u00e1\u0161 web.<!--more--><\/p>\n<p>Hacknut\u00ed webu, je no\u010dn\u00ed m\u016fra, pro ka\u017ed\u00e9ho Webmastera. Kdo by tak\u00e9 cht\u011bl jen tak p\u0159ij\u00edt o plody sv\u00e9 pr\u00e1ce, b\u011bhem n\u011bkolika m\u00e1lo chvil. Dobrou zpr\u00e1vou je, \u017ee v\u011bt\u0161ina &#8222;hacker\u016f&#8220;, to prost\u011b jenom zkou\u0161\u00ed a nemaj\u00ed dostatek dovednost\u00ed na sofistikovan\u011bj\u0161\u00ed \u00fatoky na v\u00e1\u0161 web.<\/p>\n<p>Jednou ze snadn\u00fdch cest, jak se dostat k n\u011bkomu do administrace WordPressu je \u00fatok na p\u0159ihla\u0161ovac\u00ed formul\u00e1\u0159, pomoc\u00ed brut\u00e1ln\u00ed s\u00edly. Bohu\u017eel nem\u00e1 WP mo\u017enost, jak omezit po\u010det opakovan\u00fdch p\u0159ihl\u00e1\u0161en\u00ed a tak sta\u010d\u00ed jen do nekone\u010dna pou\u017e\u00edvat n\u011bkter\u00fd z gener\u00e1tor\u016f esel a sna\u017eit se naj\u00edt to spr\u00e1vn\u00e9. Teoreticky v\u00e1m t\u00edmto zp\u016fsobem prolom\u00ed heslo kdokoliv, ale po\u010det variant, se p\u0159i pou\u017eit\u00ed kvalitn\u00edho hesla, zvy\u0161uje do neuv\u011b\u0159iteln\u00fdch \u010d\u00edsel.<\/p>\n<p>Pokud m\u00e1te heslo, kter\u00e9 je snadn\u011bji prolomiteln\u00e9, vystavujete se riziku, \u017ee p\u0159ijdete o plody sv\u00e9 pr\u00e1ce. Jeden ze zp\u016fsob\u016f, jak zt\u00ed\u017eit hacker\u016fm \u017eivot, je plugin, jen\u017e umo\u017en\u00ed omezit po\u010det opakovan\u00fdch p\u0159ihl\u00e1\u0161en\u00ed.<\/p>\n<h2>Limit Login Attemps<\/h2>\n<p>Tento na nastaven\u00ed, pom\u011brn\u011b jednoduch\u00fd plugin, nainstalujete z reposit\u00e1\u0159e WordPress.org &#8211; <a href=\"http:\/\/wordpress.org\/plugins\/limit-login-attempts\/\" target=\"_blank\" rel=\"noopener\">Limit Login Attempts<\/a>\u00a0a podle toho, jak\u00e9 m\u00e1te po\u017eadavky na bezpe\u010dnost, nastav\u00edte jednotliv\u00e9 body:<\/p>\n<ul>\n<li>Po\u010det p\u0159ihl\u00e1\u0161en\u00ed, po nich\u017e bude login form zamknut<\/li>\n<li>Doba, na kterou bude login form zamknut<\/li>\n<li>Po\u010det zamknut\u00ed, po kter\u00fdch bude znemo\u017en\u011bn\u00ed p\u0159ihl\u00e1\u0161en\u00ed na del\u0161\u00ed dobu &#8211; pokud se tedy n\u011bkdo pokus\u00ed opakovan\u011b p\u0159ihla\u0161ovat a nastav\u00edte 4x, tak a\u017e se mu p\u0159ihl\u00e1\u0161en\u00ed znemo\u017en\u00ed po \u010dtvrt\u00e9, nebude to na d\u0159\u00edve definovanou dobu, ale na dobu, kterou definujete zde, nap\u0159\u00edklad 48 hodin<\/li>\n<li>Doba pro vymaz\u00e1n\u00ed ulo\u017een\u00fdch \u00fadaj\u016f o p\u0159ihl\u00e1\u0161en\u00ed. Nap\u0159\u00edklad po dvan\u00e1cti hodin\u00e1ch se po\u010det zamknut\u00ed vyma\u017ee.<\/li>\n<li>Umo\u017enit p\u0159ihl\u00e1\u0161en\u00ed z poza proxy<\/li>\n<li>Ukl\u00e1dat cookies o p\u0159ihl\u00e1\u0161en\u00ed<\/li>\n<li>Ukl\u00e1dat IP adresy, ze kter\u00fd byly pokusy o p\u0159ihl\u00e1\u0161en\u00ed<\/li>\n<li>Informovat administr\u00e1tora o zam\u010den\u00ed po ur\u010dit\u00e9m po\u010dtu zamknut\u00ed z jedn\u00e9 IP adresy. Zde m\u016f\u017eeme p\u0159edpokl\u00e1dat, \u017ee se n\u011bkdo sna\u017e\u00ed c\u00edlen\u011b proniknout na v\u00e1\u0161 web, proto\u017ee mu stoj\u00ed za to \u010dekat na odblokov\u00e1n\u00ed p\u0159ihl\u00e1\u0161en\u00ed a bude t\u0159eba pozornosti admina.<\/li>\n<\/ul>\n<p>Zde je\u0161t\u011b screen z nastaven\u00ed pluginu<\/p>\n<p><a href=\"http:\/\/musilda.cz\/wp-content\/uploads\/2014\/05\/Limit-Login-Attempts-\u2039-WP-site-\u2014-WordPress.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-1774\" alt=\"Limit Login Attempts \u2039 WP site \u2014 WordPress\" src=\"http:\/\/musilda.cz\/wp-content\/uploads\/2014\/05\/Limit-Login-Attempts-\u2039-WP-site-\u2014-WordPress.png\" width=\"636\" height=\"505\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/Limit-Login-Attempts-\u2039-WP-site-\u2014-WordPress.png 636w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2014\/05\/Limit-Login-Attempts-\u2039-WP-site-\u2014-WordPress-300x238.png 300w\" sizes=\"(max-width: 636px) 100vw, 636px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dnes jsem na webu vytvo\u0159il novou kategorii, kter\u00e1 se bude zab\u00fdvat bezpe\u010dnost\u00ed WordPressu. Uk\u00e1\u017eeme si, jak omezit po\u010det pokus o opakovan\u00e9 p\u0159ihl\u00e1\u0161en\u00ed na v\u00e1\u0161 web.<\/p>\n","protected":false},"author":1,"featured_media":1775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,31],"tags":[82,271],"class_list":["post-1773","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","category-wordpress-pluginy","tag-bezpecnost-wordpress","tag-omezeni-prihlaseni"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/1773"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=1773"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/1773\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/1775"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=1773"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=1773"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=1773"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}