{"id":5976,"date":"2021-07-06T16:07:05","date_gmt":"2021-07-06T16:07:05","guid":{"rendered":"https:\/\/musilda.cz\/?p=5976"},"modified":"2021-07-06T16:07:05","modified_gmt":"2021-07-06T16:07:05","slug":"velky-pruvodce-bezpecnosti-wordpressu","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/velky-pruvodce-bezpecnosti-wordpressu\/","title":{"rendered":"Velk\u00fd pr\u016fvodce bezpe\u010dnost\u00ed WordPressu"},"content":{"rendered":"\n<p>Jako ka\u017ed\u00fd open source, se WordPress pot\u00fdk\u00e1 s \u00fatoky a <strong>bezpe\u010dnost nen\u00ed radno podce\u0148ovat<\/strong>. Doby, kdy byl internet dom\u00e9nou nad\u0161enc\u016f jsou d\u00e1vno pry\u010d a z \u201conlinu\u201d se stal regul\u00e9rn\u00ed podnikatelsk\u00fd obor.&nbsp;<\/p>\n\n\n\n<p>A stejn\u011b tak, jako si na sklad zbo\u017e\u00ed d\u00e1te m\u0159\u00ed\u017ee a bezpe\u010dnostn\u00ed dve\u0159e, mus\u00edte si ochr\u00e1nit sv\u016fj virtu\u00e1ln\u00ed majetek.<\/p>\n\n\n\n<p><strong>Zabezpe\u010den\u00ed WordPressu se d\u00e1 rozd\u011blit do n\u011bkolika t\u00e9matick\u00fdch skupin a my se jim budeme v\u0161em v\u011bnovat.&nbsp;<\/strong><\/p>\n\n\n\n<p>Proto\u017ee ka\u017ed\u00fd web, nebo e-shop mus\u00ed b\u00fdt n\u011bkde um\u00edst\u011bn, <strong>hosting je nezbytnou sou\u010d\u00e1st\u00ed provozov\u00e1n\u00ed str\u00e1nek<\/strong>. Hostingov\u00e9 spole\u010dnosti maj\u00ed vlastn\u00ed postupy, jak zabezpe\u010dit jejich servery p\u0159ed napaden\u00edm a t\u011bm se v\u011bnovat nebudeme. V \u010dem se nab\u00eddky hostingov\u00fdch spole\u010dnost\u00ed li\u0161\u00ed m\u016f\u017eete zjistit v magaz\u00ednu <a href=\"https:\/\/vseohostingu.cz\/\" target=\"_blank\" rel=\"noopener\">https:\/\/vseohostingu.cz\/<\/a>.<\/p>\n\n\n\n<p>O WordPressu koluje \u0159ada m\u00fdt\u016f a jedn\u00edm z nich je to, \u017ee je \u0161patn\u011b zabezpe\u010den\u00fd. To nen\u00ed pravda. J\u00e1dro je <strong>pravideln\u011b aktualizov\u00e1no<\/strong> a jakmile je nalezena n\u011bjak\u00e1 chyba, velmi rychle je vyd\u00e1na z\u00e1plata. Za dobu, co se WordPressu v\u011bnuji, jsem je\u0161t\u011b nesly\u0161el o webu, kter\u00fd by byl napaden, pomoc\u00ed chyby v j\u00e1dru.&nbsp;<\/p>\n\n\n\n<p>V\u017edy, kdy\u017e dojde na hacknut\u00ed webu, jsou na vin\u011b slab\u00e1 hesla, pou\u017e\u00edv\u00e1n\u00ed jednoho hesla pro r\u016fzn\u00e9 slu\u017eby, chyby v pluginech a \u0161ablon\u00e1ch, neodborn\u00e9 pou\u017e\u00edv\u00e1n\u00ed. Jak p\u0159\u00edklad m\u016f\u017ee slou\u017eit mnoho napaden\u00fdch web\u016f, kter\u00e9 m\u011bly nainstalov\u00e1ny <strong>Revolution Slider<\/strong>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Obsah \u010dl\u00e1nku<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li><strong><a href=\"#prihlaseni\">U\u017eivatel\u00e9 a p\u0159ihl\u00e1\u0161en\u00ed<\/a><\/strong><\/li><li>Bezpe\u010dn\u00e1 hesla<\/li><li>Odhl\u00e1\u0161en\u00ed neaktivn\u00edch u\u017eivatel\u016f<\/li><li>Roz\u0161\u00ed\u0159en\u00ed p\u0159ihla\u0161ovac\u00edho formul\u00e1\u0159e<\/li><li>Omezen\u00ed p\u0159ihl\u00e1\u0161en\u00ed na e-mailovou adresu<\/li><li>Korektn\u00ed info u nespr\u00e1vn\u00e9ho p\u0159ihl\u00e1\u0161en\u00ed<\/li><li>Omezen\u00ed po\u010dtu nespr\u00e1vn\u00e9ho p\u0159ihl\u00e1\u0161en\u00ed<\/li><li>Zm\u011bna p\u0159ihla\u0161ovac\u00ed url<\/li><li>Dvoufaktorov\u00e9 p\u0159ihl\u00e1\u0161en\u00ed<\/li><li>Odstran\u011bn\u00ed u\u017eivatele admin<\/li><li>Nastaven\u00ed odpov\u00eddaj\u00edc\u00edch rol\u00ed<\/li><li><strong><a href=\"#pluginy-sablony\">Pluginy a \u0161ablony<\/a><\/strong><\/li><li>Aktu\u00e1ln\u00ed WordPress<\/li><li>Aktualizace \u0161ablon<\/li><li>Aktualizace plugin\u016f<\/li><li>Nepou\u017e\u00edvat Nulled pluginy a \u0161ablony<\/li><li>Odstran\u011bn\u00ed nepou\u017e\u00edvan\u00fdch plugin\u016f<\/li><li>Nahrazen\u00ed zastaral\u00fdch plugin\u016f<\/li><li><strong><a href=\"#ssl-https\">SSL a HTTPS<\/a><\/strong><\/li><li><strong><a href=\"#zalohy-docasne\">Z\u00e1lohy a do\u010dasn\u00e9 soubory<\/a><\/strong><\/li><li>Z\u00e1lohov\u00e1n\u00ed<\/li><li>Odstran\u011bn\u00ed do\u010dasn\u00fdch soubor\u016f<\/li><li>zm\u011bna slo\u017eky pro soubor debug.log<\/li><li>remove git files<\/li><li><strong><a href=\"#security-keys\">WordPress Security Keys<\/a><\/strong><\/li><li>Definov\u00e1n\u00ed security keys a salts<\/li><li>WordPress keys generator<\/li><li>Salt shaker<\/li><li><strong><a href=\"#wp-config\">WP Config<\/a><\/strong>&nbsp;<\/li><li>P\u0159esunut\u00ed wp-config souboru<\/li><li>Zm\u011bna prefixu datab\u00e1ze<\/li><li>Automatick\u00e9 aktualizace &#8211; j\u00e1dro<\/li><li>Vypnut\u00ed editoru soubor\u016f v administraci WordPressu<\/li><li><strong><a href=\"#automaticke-aktualizace\">Automatick\u00e1 aktualizace \u0161ablon a plugin\u016f<\/a><\/strong><\/li><li><strong><a href=\"#zakazani-prochazeni\">Zak\u00e1z\u00e1n\u00ed proch\u00e1zen\u00ed a indexace slo\u017eek<\/a><\/strong><\/li><li><strong><a href=\"#blokovani-restapi\">Blokov\u00e1n\u00ed Rest API<\/a><\/strong><\/li><li><strong><a href=\"#Blokace-XMLRPC\">Blokace XMLRPC<\/a><\/strong><\/li><li><strong><a href=\"#hide-wp\">Zt\u00ed\u017een\u00ed rozezn\u00e1n\u00ed instalace WordPressu, nebo verze plugin\u016f<\/a><\/strong><\/li><li><strong><a href=\"#bezpecnostni-pluginy\">Bezpe\u010dnostn\u00ed pluginy<\/a><\/strong><\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"prihlaseni\">U\u017eivatel\u00e9 a p\u0159ihl\u00e1\u0161en\u00ed<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Bezpe\u010dn\u00e1 hesla<\/h3>\n\n\n\n<p>I kdy\u017e budete v\u011bnovat pozornost tomu, aby jste pou\u017e\u00edvali ty <strong>nejnov\u011bj\u0161\u00ed pluginy<\/strong> a posledn\u00ed verzi WordPressu, tak cel\u00e9 va\u0161e sna\u017een\u00ed m\u016f\u017ee zma\u0159it pou\u017eit\u00ed slab\u00fdch hesel.<\/p>\n\n\n\n<p>Rychlost, s jakou je dnes mo\u017en\u00e9 prov\u00e1d\u011bt <strong>slovn\u00edkov\u00e9 \u00fatoky<\/strong> je neuv\u011b\u0159iteln\u00e1 a prolomen\u00ed jednoduch\u00e9ho hesla je ot\u00e1zkou n\u011bkolika minut.&nbsp;<\/p>\n\n\n\n<p>Bohu\u017eel, u\u017eivatel\u00e9 jsou pohodln\u00ed a nechce se jim pou\u017e\u00edvat siln\u00e1, ale obt\u00ed\u017en\u011b zapamatovateln\u00e1 hesla. Co\u017e vede k tomu, \u017ee si st\u011b\u017euj\u00ed a provozovatel\u00e9 e-shop\u016f \u010dasto po\u017eaduj\u00ed, nastavit mo\u017enost pou\u017eit\u00ed slab\u00e9ho hesla.&nbsp;<\/p>\n\n\n\n<p>I kdyby v\u00e1s l\u00e1kalo vyj\u00edt klientovi, nebo u\u017eivatel\u016fm vst\u0159\u00edc, tak to ned\u011blejte. Chr\u00e1n\u00edte svoje podnik\u00e1n\u00ed a proto nikdy nepovolujte pou\u017eit\u00ed slab\u00e9ho hesla. Existuje na to filtr <strong>woocommerce_min_password_strenght<\/strong>, ale zmi\u0148uji jen pro \u00faplnost a pokud jej najdete v k\u00f3du webu, kter\u00fd p\u0159eb\u00edr\u00e1te do spr\u00e1vy, tak to sma\u017ete. Sice budou m\u00edt u\u017eivatele nepohodl\u00ed, ale vy o dost klidn\u011bj\u0161\u00ed sp\u00e1nek.<\/p>\n\n\n\n<p>V z\u00e1kladn\u00edm nastaven\u00ed WordPress generuje p\u0159i vytvo\u0159en\u00ed u\u017eivatele siln\u00e9 heslo:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/silne-heslo.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"681\" height=\"137\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/silne-heslo.png\" alt=\"\" class=\"wp-image-5992\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/silne-heslo.png 681w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/silne-heslo-300x60.png 300w\" sizes=\"(max-width: 681px) 100vw, 681px\" \/><\/a><\/figure>\n\n\n\n<p>Bohu\u017eel v\u00e1m dovol\u00ed pou\u017e\u00edt i slab\u00e9 heslo, ale mus\u00edte jej povolit:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/slabe-heslo.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"693\" height=\"183\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/slabe-heslo.png\" alt=\"\" class=\"wp-image-5993\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/slabe-heslo.png 693w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/slabe-heslo-300x79.png 300w\" sizes=\"(max-width: 693px) 100vw, 693px\" \/><\/a><\/figure>\n\n\n\n<p>Nep\u0159\u00edjemn\u00e9 je, \u017ee v k\u00f3du editace u\u017eivatelsk\u00e9ho \u00fa\u010dtu nen\u00ed mo\u017enost, jak checkbox odebrat, m\u016f\u017eete jej pouze skr\u00fdt, pomoc\u00ed css, nebo odstranit pomoc\u00ed javascriptu.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">No Weak Passwords<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/no-weak-password.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"567\" height=\"250\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/no-weak-password.png\" alt=\"\" class=\"wp-image-5994\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/no-weak-password.png 567w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/no-weak-password-300x132.png 300w\" sizes=\"(max-width: 567px) 100vw, 567px\" \/><\/a><\/figure>\n\n\n\n<p>Pro v\u011bt\u0161\u00ed jistotu, m\u016f\u017eete pou\u017e\u00edt plugin <strong>No weak password<\/strong>, kter\u00fd ne\u0159e\u0161\u00ed povolen\u00ed slab\u00e9ho hesla, ale kontroluje pou\u017eit\u00e9 heslo, proti seznamu slab\u00fdch hesel, ulo\u017een\u00fdch v souboru, kter\u00fd plugin obsahuje. Bohu\u017eel, plugin neumo\u017e\u0148uje soubor roz\u0161i\u0159ovat, po aktualizaci se v\u017edy p\u0159ema\u017ee.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">WC Password Strength Settings<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/password-strenght.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"570\" height=\"317\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/password-strenght.png\" alt=\"\" class=\"wp-image-5995\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/password-strenght.png 570w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/password-strenght-300x167.png 300w\" sizes=\"(max-width: 570px) 100vw, 570px\" \/><\/a><\/figure>\n\n\n\n<p>Pluginy, jako jsou <strong>WooCommerce<\/strong>, vytv\u00e1\u0159\u00ed vlastn\u00ed p\u0159ihla\u0161ovac\u00ed formul\u00e1\u0159e a nepou\u017e\u00edvaj\u00ed v\u00fdchoz\u00ed formul\u00e1\u0159 WordPressu. Pro jistotu, \u017ee u\u017eivatel\u00e9 nemohou zad\u00e1vat jednoduch\u00e1 hesla, m\u016f\u017eete pou\u017e\u00edt tento plugin, jen\u017e v\u00e1m umo\u017en\u00ed nastavit \u00farove\u0148 obt\u00ed\u017enosti hesla a hl\u00e1\u0161ky kter\u00e9 se u registra\u010dn\u00edho WooCommerce formul\u00e1\u0159e budou zobrazovat.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/wc-password-strenght.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"668\" height=\"243\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/wc-password-strenght.png\" alt=\"\" class=\"wp-image-5996\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/wc-password-strenght.png 668w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/wc-password-strenght-300x109.png 300w\" sizes=\"(max-width: 668px) 100vw, 668px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Odhl\u00e1\u0161en\u00ed neaktivn\u00edch u\u017eivatel\u016f<\/h2>\n\n\n\n<p>Poka\u017ed\u00e9, kdy\u017e se p\u0159ihl\u00e1s\u00edte do WordPressu, vytvo\u0159\u00ed se cookie, kter\u00e1 m\u00e1 nastavenou platnost na dva dny. Pot\u00e9 vypr\u0161\u00ed. V p\u0159\u00edpad\u011b, \u017ee p\u0159i p\u0159ihl\u00e1\u0161en\u00ed za\u0161krtnete volbu <strong>\u201cPamatuj si m\u011b\u201d<\/strong>, je cookie platn\u00e1 dva t\u00fddny.&nbsp;<\/p>\n\n\n\n<p>\u010c\u00edm d\u00e9le je u\u017eivatel p\u0159ihl\u00e1\u0161en, t\u00edm v\u011bt\u0161\u00ed je bezpe\u010dnostn\u00ed riziko. P\u0159esto\u017ee nen\u00ed nijak velk\u00e9, je re\u00e1ln\u00e9. Po\u010dtem u\u017eivatel\u016f, kte\u0159\u00ed se do va\u0161eho webu p\u0159ihla\u0161uj\u00ed, riziko roste. Proto je vhodn\u00e9, nastavit pro neaktivn\u00ed u\u017eivatele expiraci p\u0159ihl\u00e1\u0161en\u00ed. Sice to bude men\u0161\u00ed nepohodl\u00ed, ale bezpe\u010dnost je d\u016fle\u017eit\u00e1.&nbsp;<\/p>\n\n\n\n<p>A proto\u017ee ve WordPressu na v\u0161echno existuje plugin i pro <strong>odhl\u00e1\u0161en\u00ed neaktivn\u00edch u\u017eivatel\u016f<\/strong> takov\u00fd m\u00e1me. Samoz\u0159ejm\u011b, dalo by se to vy\u0159e\u0161it pomoc\u00ed k\u00f3du, ale to nen\u00ed \u00fapln\u011b c\u00edlem tohoto \u010dl\u00e1nku.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Inactive Logout<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/inactive-logout.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"574\" height=\"260\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/inactive-logout.png\" alt=\"\" class=\"wp-image-5997\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/inactive-logout.png 574w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/inactive-logout-300x136.png 300w\" sizes=\"(max-width: 574px) 100vw, 574px\" \/><\/a><\/figure>\n\n\n\n<p>Pom\u011brn\u011b jednoduch\u00e9 nastaven\u00ed v\u00e1m nab\u00eddne vlo\u017een\u00ed textu, jen\u017e se bude zobrazovat jako upozorn\u011bn\u00ed p\u0159ed odhl\u00e1\u0161en\u00edm a mo\u017enost nastaven\u00ed doby, po jak\u00e9 bude u\u017eivatel odhl\u00e1\u0161en.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/inactive-logout-setting.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"965\" height=\"477\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/inactive-logout-setting.png\" alt=\"\" class=\"wp-image-5998\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/inactive-logout-setting.png 965w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/inactive-logout-setting-300x148.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/inactive-logout-setting-768x380.png 768w\" sizes=\"(max-width: 965px) 100vw, 965px\" \/><\/a><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>V\u00fdborn\u00fdm prvkem je mo\u017enost nastavit dobu pro <strong>odhl\u00e1\u0161en\u00ed pro r\u016fzn\u00e9 role<\/strong>. Dokonce si m\u016f\u017eete nastavit, kam je po odhl\u00e1\u0161en\u00ed p\u0159esm\u011brujete, co\u017e nap\u0159\u00edklad u z\u00e1kazn\u00edk\u016f e-shopu m\u016f\u017ee b\u00fdt vcelku d\u016fle\u017eit\u00e9.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/inactive-logout-role-setting.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"958\" height=\"485\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/inactive-logout-role-setting.png\" alt=\"\" class=\"wp-image-5999\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/inactive-logout-role-setting.png 958w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/inactive-logout-role-setting-300x152.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/inactive-logout-role-setting-768x389.png 768w\" sizes=\"(max-width: 958px) 100vw, 958px\" \/><\/a><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Roz\u0161\u00ed\u0159en\u00ed p\u0159ihla\u0161ovac\u00edho formul\u00e1\u0159e<\/h2>\n\n\n\n<p>Sou\u010d\u00e1st\u00ed zabezpe\u010den\u00ed p\u0159ihla\u0161ovac\u00edho formul\u00e1\u0159e, m\u016f\u017ee b\u00fdt jeho roz\u0161\u00ed\u0159en\u00ed o bezpe\u010dnostn\u00ed prvek. B\u011b\u017en\u011b to b\u00fdv\u00e1 <strong>ReCaptcha<\/strong>, p\u0159id\u00e1n\u00ed kontroln\u00ed ot\u00e1zky, nebo <strong>HoneyPot<\/strong>. V podstat\u011b v\u0161echny tyto postupy maj\u00ed za \u00fakol, odfiltrovat strojov\u00e9 \u00fatoky na p\u0159ihla\u0161ovac\u00ed, nebo registra\u010dn\u00ed formul\u00e1\u0159 a zabr\u00e1nit tak uhodnut\u00ed hesla u\u017eivatele.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">HoneyPot<\/h3>\n\n\n\n<p>HoneyPot je v zjednodu\u0161en\u011b \u0159e\u010deno <strong>pasti\u010dka na roboty<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/honeypot-wordpress.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"569\" height=\"273\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/honeypot-wordpress.png\" alt=\"\" class=\"wp-image-6000\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/honeypot-wordpress.png 569w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/honeypot-wordpress-300x144.png 300w\" sizes=\"(max-width: 569px) 100vw, 569px\" \/><\/a><\/figure>\n\n\n\n<p>Roz\u0161\u00ed\u0159\u00ed v\u00e1m registra\u010dn\u00ed a p\u0159ihla\u0161ovac\u00ed formul\u00e1\u0159 o pole, kter\u00e9 je pro n\u00e1v\u0161t\u011bvn\u00edka skryt\u00e9, ale je pojmenov\u00e1no tak, \u017ee ho robot pova\u017euje za vy\u017eadovanou sou\u010d\u00e1st formul\u00e1\u0159e. T\u00edm, \u017ee ho vypln\u00ed, dojde k zablokov\u00e1n\u00ed registrace, nebo p\u0159ihl\u00e1\u0161en\u00ed. P\u0159esto\u017ee se jedn\u00e1 o pom\u011brn\u011b trivi\u00e1ln\u00ed ochranu, dok\u00e1\u017ee <strong>odfiltrovat <\/strong>ty nejb\u011b\u017en\u011bj\u0161\u00ed a m\u00e9n\u011b sofistikovan\u00e9 boty.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Bezpe\u010dnostn\u00ed ot\u00e1zka<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/wp-security-question.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"571\" height=\"290\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/wp-security-question.png\" alt=\"\" class=\"wp-image-6001\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/wp-security-question.png 571w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/wp-security-question-300x152.png 300w\" sizes=\"(max-width: 571px) 100vw, 571px\" \/><\/a><\/figure>\n\n\n\n<p>S t\u00edm se asi setkal ka\u017ed\u00fd, kdo si n\u011bkde zakl\u00e1dal e-mail, nebo se registroval do n\u011bjak\u00e9 slu\u017eby &#8211; <strong>bezpe\u010dnostn\u00ed ot\u00e1zka<\/strong>.&nbsp;<\/p>\n\n\n\n<p>Vybrali jste si ze seznamu mo\u017en\u00fdch ot\u00e1zek a k nim jste vyplnili p\u0159\u00edslu\u0161nou odpov\u011b\u010f. Stejn\u011b jako u HoneyPotu, jde o zt\u00ed\u017een\u00ed mo\u017enosti prolomen\u00ed u\u017eivatelova hesla, tentokr\u00e1t pomoc\u00ed odpov\u011bdi na ot\u00e1zku. Zvy\u0161uje se tak po\u010det kombinac\u00ed, kter\u00e9 mus\u00ed robot vyzkou\u0161et, ne\u017e se u poda\u0159\u00ed usp\u011bt.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ReCaptcha<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/login-recaptcha.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"570\" height=\"294\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/login-recaptcha.png\" alt=\"\" class=\"wp-image-6002\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/login-recaptcha.png 570w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/login-recaptcha-300x155.png 300w\" sizes=\"(max-width: 570px) 100vw, 570px\" \/><\/a><\/figure>\n\n\n\n<p>Jedna z <strong>nejzn\u00e1m\u011bj\u0161\u00edch ochran<\/strong> jak\u00e9hokoliv formul\u00e1\u0159e je ReCaptcha. A\u0165 to je ji\u017e checkbox . Nejsem robot, nebo v\u00fdb\u011br obr\u00e1zk\u016f z nab\u00eddky, Google n\u00e1m umo\u017e\u0148uje vyu\u017e\u00edvat jeho technologii na ochranu p\u0159ed spammery a \u00fato\u010dn\u00edky. Pro implementaci reCaptcha do WordPressu je k dispozici \u0159ada free plugin\u016f, jen si mus\u00edte vybrat ten, kter\u00fd v\u00e1m bude vyhovovat. Syst\u00e9m pak bude vyhodnocovat, zda jde o p\u0159ihl\u00e1\u0161en\u00ed re\u00e1ln\u00e9ho u\u017eivatele, nebo o automatick\u00fd \u00fatok.&nbsp;<\/p>\n\n\n\n<p>Nic nen\u00ed absolutn\u011b dokonal\u00e9 a jak <strong>HoneyPot i ReCaptcha<\/strong> jsou prolomiteln\u00e9, ale st\u00e1le jste ve v\u011bt\u0161\u00edm bezpe\u010d\u00ed, kdy\u017e jeden z t\u011bchto prvk\u016f budete pou\u017e\u00edvat, ne\u017e kdy\u017e nebudete.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Omezen\u00ed po\u010dtu nespr\u00e1vn\u00e9ho p\u0159ihl\u00e1\u0161en\u00ed<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/limit-login-attempts.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"572\" height=\"258\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/limit-login-attempts.png\" alt=\"\" class=\"wp-image-6003\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/limit-login-attempts.png 572w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/limit-login-attempts-300x135.png 300w\" sizes=\"(max-width: 572px) 100vw, 572px\" \/><\/a><\/figure>\n\n\n\n<p>V\u0161echny <strong>\u00fatoky na p\u0159ihla\u0161ovac\u00ed formul\u00e1\u0159<\/strong>, maj\u00ed jedno spole\u010dn\u00e9. \u00dato\u010dn\u00edk se sna\u017e\u00ed opakovan\u011b dos\u00e1hnout v\u00fdsledku. Proto by jedn\u00edm ze z\u00e1kladn\u00edch prvk\u016f zabezpe\u010den\u00ed WordPressu, m\u011blo b\u00fdt omezen\u00ed po\u010dtu opakovan\u00fdch p\u0159ihl\u00e1\u0161en\u00ed. N\u011bkdy to m\u016f\u017ee b\u00fdt pro u\u017eivatele nep\u0159\u00edjemn\u00e9, ale ned\u00e1 se nic d\u011blat, je to jedna z nejlep\u0161\u00edch ochran. Poka\u017ed\u00e9, kdy\u017e se n\u011bkdo pokus\u00ed v\u00edcekr\u00e1t ne\u00fasp\u011b\u0161n\u011b p\u0159ihl\u00e1sit, plugin jej na n\u011bjakou dobu zablokuje.&nbsp;<\/p>\n\n\n\n<p>Samoz\u0159ejm\u011b, \u017ee blokaci lze obej\u00edt pomoc\u00ed proxy a zm\u011bnou IP adresy, ale omezen\u00ed po\u010dtu p\u0159ihl\u00e1\u0161en\u00ed <strong>odfiltruje v\u011bt\u0161inu automatizovan\u00fdch \u00fatok\u016f<\/strong>. V\u011bt\u0161ina bezpe\u010dnostn\u00edch plugin\u016f ji\u017e tuto mo\u017enost obsahuje, tak\u017ee nen\u00ed v\u017edy nutn\u00e9 instalovat samostatn\u00fd plugin.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Omezen\u00ed p\u0159ihl\u00e1\u0161en\u00ed na e-mailovou adresu<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/force-login-email.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"570\" height=\"266\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/force-login-email.png\" alt=\"\" class=\"wp-image-6005\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/force-login-email.png 570w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/force-login-email-300x140.png 300w\" sizes=\"(max-width: 570px) 100vw, 570px\" \/><\/a><\/figure>\n\n\n\n<p>Kdy\u017e u\u017e se prob\u00edr\u00e1me pluginy, kter\u00e9 maj\u00ed p\u0159\u00edpadn\u00e9mu \u00fato\u010dn\u00edkovi zt\u00ed\u017eit \u017eivot, nem\u016f\u017eeme zapomenout na plugin, jen\u017e <strong>vynucuje p\u0159ihl\u00e1\u0161en\u00ed pomoc\u00ed e-mailu<\/strong> u\u017eivatele.&nbsp;<\/p>\n\n\n\n<p>P\u0159i b\u011b\u017en\u00e9m p\u0159ihl\u00e1\u0161en\u00ed se m\u016f\u017eete p\u0159ihl\u00e1sit sv\u00fdm <strong>u\u017eivatelsk\u00fdm jm\u00e9nem, nebo heslem<\/strong>. Jedn\u00edm z postup\u016f p\u0159i \u00fatoku je pokus o z\u00edsk\u00e1n\u00ed u\u017eivatelsk\u00e9ho jm\u00e9na &#8211; kdy\u017e v\u00edte, \u017ee u\u017eivatel existuje, m\u016f\u017eete se zam\u011b\u0159it na prolomen\u00ed hesla. Jakmile vynut\u00edte p\u0159ihl\u00e1\u0161en\u00ed pomoc\u00ed e-mailu, tak zase o kousek zv\u00fd\u0161\u00edte pravd\u011bpodobnost, \u017ee k prolomen\u00ed nedojde.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Korektn\u00ed info u nespr\u00e1vn\u00e9ho p\u0159ihl\u00e1\u0161en\u00ed<\/h3>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/login-hints.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"393\" height=\"505\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/login-hints.png\" alt=\"\" class=\"wp-image-6006\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/login-hints.png 393w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/login-hints-233x300.png 233w\" sizes=\"(max-width: 393px) 100vw, 393px\" \/><\/a><\/figure><\/div>\n\n\n\n<p>To co vid\u00edte na screenu je p\u0159ihla\u0161ovac\u00ed formul\u00e1\u0159, pokud zad\u00e1te \u0161patn\u00e9 \u00fadaje. T\u00e9 \u010derven\u00e9 hl\u00e1\u0161ce naho\u0159e se \u0159\u00edk\u00e1 <strong>login hints<\/strong> a vypisuje p\u0159\u00edpadn\u00e9 chyby p\u0159i p\u0159ihl\u00e1\u0161en\u00ed. V tomto p\u0159\u00edpad\u011b je v po\u0159\u00e1dku, proto\u017ee \u0159\u00edk\u00e1, \u017ee jeden z \u00fadaj\u016f je \u0161patn\u00fd. Nejsem si jist, zda to je ji\u017e sou\u010d\u00e1st\u00ed <strong>WordPressu<\/strong>, ale na n\u011bkter\u00fdch webech se mi po zad\u00e1n\u00ed \u0161patn\u00e9ho hesla, zobrazila hl\u00e1\u0161ka &#8211; zadan\u00e9 heslo nen\u00ed spr\u00e1vn\u00e9. To napov\u00ed p\u0159\u00edpadn\u00e9mu \u00fato\u010dn\u00edkovi, \u017ee na\u0161el u\u017eivatele a usnadn\u00ed mu to pr\u00e1ci.&nbsp;<\/p>\n\n\n\n<p>Proto si zkontrolujte, \u017ee se v\u00e1\u0161 p\u0159ihla\u0161ovac\u00ed formul\u00e1\u0159 chov\u00e1 spr\u00e1vn\u011b a p\u0159\u00edpadn\u011b pou\u017eijte snippet, kter\u00fd hl\u00e1\u0161ku uprav\u00ed &#8211; <a href=\"https:\/\/gist.github.com\/Musilda\/3c907412948dbd079d1b1cc5ebe4482e\" target=\"_blank\" rel=\"noopener\">https:\/\/gist.github.com\/Musilda\/3c907412948dbd079d1b1cc5ebe4482e<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Zm\u011bna p\u0159ihla\u0161ovac\u00ed url<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/hide-login.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"575\" height=\"258\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/hide-login.png\" alt=\"\" class=\"wp-image-6007\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/hide-login.png 575w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/hide-login-300x135.png 300w\" sizes=\"(max-width: 575px) 100vw, 575px\" \/><\/a><\/figure>\n\n\n\n<p><strong>Jeden z nej\u00fa\u010dinn\u011bj\u0161\u00edch zp\u016fsob\u016f ochrany<\/strong>, vzhledem k pom\u011bru n\u00e1ro\u010dnost\/v\u00fdkon. Jednoduch\u00fd plugin, kter\u00fd zm\u011bn\u00ed p\u0159ihla\u0161ovac\u00ed url, v podstat\u011b znemo\u017en\u00ed v\u011bt\u0161inu pokus\u00ed o prolomen\u00ed p\u0159ihl\u00e1\u0161en\u00ed a podobn\u00fdch \u00fatok\u016f. Nav\u00edc, m\u00e1me v\u00fdhodu v tom, \u017ee \u010de\u0161tina nen\u00ed dominantn\u00ed jazyk a pokud pou\u017eijeme pro ozna\u010den\u00ed url n\u011bjak\u00e9 \u010desk\u00e9 slovo v kombinaci s \u010d\u00edsly, bude velmi t\u011b\u017ek\u00e9 p\u0159ihla\u0161ovac\u00ed url v\u016fbec naj\u00edt. Ne\u0159\u00edk\u00e1m, \u017ee to je nemo\u017en\u00e9, ale valn\u00e1 <strong>v\u011bt\u0161ina \u00fatok\u016f nec\u00edl\u00ed na konkr\u00e9tn\u00ed web<\/strong>, ale brouzdaj\u00ed internetem a hledaj\u00ed otev\u0159en\u00e1 vr\u00e1tka. A kdy\u017e ta vr\u00e1tka nenajdou, nemohou za\u00fato\u010dit. Velmi efektivn\u00ed zp\u016fsob ochrany.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dvoufaktorov\u00e9 p\u0159ihl\u00e1\u0161en\u00ed<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/2factor-login-protect-wordpress.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"573\" height=\"302\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/2factor-login-protect-wordpress.png\" alt=\"\" class=\"wp-image-6008\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/2factor-login-protect-wordpress.png 573w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/2factor-login-protect-wordpress-300x158.png 300w\" sizes=\"(max-width: 573px) 100vw, 573px\" \/><\/a><\/figure>\n\n\n\n<p>Vy\u0161\u0161\u00ed \u00farovn\u00ed ochrany p\u0159ihl\u00e1\u0161en\u00ed u\u017eivatele do WordPressu je <strong>dvoufaktorov\u00e9 p\u0159ihl\u00e1\u0161en\u00ed<\/strong>. D\u00e1 se \u0159\u00edci, \u017ee ka\u017ed\u00fd administr\u00e1tor na webu, s kter\u00fdm to mysl\u00edte v\u00e1\u017en\u011b, by m\u011bl m\u00edt nastaven\u00e9 dvoufaktorov\u00e9 p\u0159ihl\u00e1\u0161en\u00ed. Funguje to tak, \u017ee se do mobiln\u00edho telefonu st\u00e1hnete aplikaci &#8211; j\u00e1 pou\u017e\u00edv\u00e1m <strong>Google Authenticator<\/strong> a p\u0159i ka\u017ed\u00e9m p\u0159ihl\u00e1\u0161en\u00ed mus\u00edte zadat k\u00f3d, kter\u00fd se v\u00e1m v aplikaci vytvo\u0159\u00ed. P\u0159esto\u017ee existuje n\u011bkolik plugin\u016f, kter\u00e9 to ve WordPressu umo\u017en\u00ed, vzhledem k tomu, \u017ee pou\u017e\u00edv\u00e1m WordFence, nastavuji si dvoufaktor tam.&nbsp;<\/p>\n\n\n\n<p>Nev\u00fdhodou je, \u017ee ka\u017ed\u00fd admin mus\u00ed m\u00edt sv\u016fj \u00fa\u010det a p\u0159\u00edstup se ned\u00e1 sd\u00edlet. V ka\u017ed\u00e9m p\u0159\u00edpad\u011b je dvoufaktorov\u00e9 p\u0159ihl\u00e1\u0161en\u00ed dobrou volbou v zabezpe\u010den\u00ed webu.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Odstran\u011bn\u00ed u\u017eivatele admin<\/h3>\n\n\n\n<p>Mo\u017en\u00e1 se v\u00e1m to bude zd\u00e1t jako automatick\u00e9, ale <strong>odstran\u011bn\u00ed u\u017eivatele admin<\/strong>, nen\u00ed a\u017e tak automatick\u00e9. Celkem b\u011b\u017en\u011b dost\u00e1v\u00e1m p\u0159\u00edstupy do WordPressu pro admina. Ono to nen\u00ed nic proti ni\u010demu, ale ka\u017ed\u00fd robot automaticky zkou\u0161\u00ed login admina. T\u00edm \u017ee jej odstran\u00edte, zt\u00ed\u017e\u00edte <strong>mo\u017enost prolomen\u00ed hesla<\/strong>. Jednoduch\u00e1 z\u00e1le\u017eitost, kter\u00e1 by se m\u011bla d\u011blat po ka\u017ed\u00e9 instalaci, nebo p\u0159evzet\u00ed webu do spr\u00e1vy. Zabere to chvilku a m\u00e1te klid.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Nastaven\u00ed odpov\u00eddaj\u00edc\u00edch rol\u00ed<\/h3>\n\n\n\n<p>Co se t\u00fdk\u00e1 bezpe\u010dnosti obecn\u011b, plat\u00ed, \u017ee slab\u00fdm m\u00edstem jsou va\u0161i u\u017eivatel\u00e9. Ka\u017ed\u00fd administr\u00e1tor by m\u011bl m\u00edt p\u0159edstavu, jak\u00e1 opr\u00e1vn\u011bn\u00ed maj\u00ed ur\u010dit\u00e9 u\u017eivatelsk\u00e9 role a jak je m\u00e1 p\u0159\u00edpadn\u011b upravit. Nen\u00ed nic hor\u0161\u00edho, kdy\u017e z neznalosti, nebo zl\u00e9ho \u00famyslu, v\u00e1m n\u011bjak\u00fd u\u017eivatel web po\u0161kod\u00ed. V\u017edy je t\u0159eba zv\u00e1\u017eit, kam m\u00e1 m\u00edt p\u0159\u00edstup nap\u0159\u00edklad manager obchodu, kam redaktor a kam \u0161\u00e9fredaktor.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">User role editor<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/user-role-editor.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"570\" height=\"272\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/user-role-editor.png\" alt=\"\" class=\"wp-image-6009\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/user-role-editor.png 570w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/user-role-editor-300x143.png 300w\" sizes=\"(max-width: 570px) 100vw, 570px\" \/><\/a><\/figure>\n\n\n\n<p>Kdy\u017e se dostanete do situace, \u017ee budete pot\u0159ebovat \u0159e\u0161it opr\u00e1vn\u011bn\u00ed podrobn\u011bji, je nejlep\u0161\u00ed pou\u017e\u00edt n\u011bkter\u00fd z plugin\u016f, kter\u00e9 jsou k dispozici. Na to, abyste nastavovali opr\u00e1vn\u011bn\u00ed pomoc\u00ed k\u00f3du, mus\u00edte m\u00edt opravdu velk\u00fd p\u0159ehled.&nbsp;<\/p>\n\n\n\n<p><strong>User role editor<\/strong> v\u00e1m umo\u017en\u00ed upravovat opr\u00e1vn\u011bn\u00ed pro st\u00e1vaj\u00edc\u00ed role, nebo pro role, kter\u00e9 vytvo\u0159\u00edte.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"pluginy-sablony\">WordPress, pluginy a \u0161ablony<\/h2>\n\n\n\n<p>V p\u0159edchoz\u00ed \u010d\u00e1sti jsem se v\u011bnoval p\u0159edev\u0161\u00edm bezpe\u010dnosti p\u0159ihl\u00e1\u0161en\u00ed do WordPressu, co\u017e je jedno z \u010dasto prop\u00edran\u00fdch t\u00e9mat, ale je\u0161t\u011b v\u011bt\u0161\u00ed diskuzi vyvol\u00e1v\u00e1 bezpe\u010dnost WordPressu obecn\u011b.&nbsp;<\/p>\n\n\n\n<p>Vyd\u00e1vaj\u00ed se \u010dl\u00e1nky, e-booky, n\u00e1vody na t\u00e9ma bezpe\u010dnost, v diskuz\u00edch se p\u00ed\u0161e, \u017ee n\u011bkdo m\u00e1 <strong>hacknut\u00fd WordPress web<\/strong> a v\u017edy se kolem toho objev\u00ed koment\u00e1\u0159e typu:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>WordPress je d\u011brav\u00fd<\/li><li>Nejlep\u0161\u00ed ochranou je WordPress nepou\u017e\u00edvat&nbsp;<\/li><li>a podobn\u011b.&nbsp;<\/li><\/ul>\n\n\n\n<p>J\u00e1 samoz\u0159ejm\u011b budu WordPress h\u00e1jit, z n\u011bkolika d\u016fvod\u016f:<\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>Je to <strong>nejpou\u017e\u00edvan\u011bj\u0161\u00ed syst\u00e9m<\/strong>, po\u010det napaden\u00fdch web\u016f bude v absolutn\u00edch \u010d\u00edslech nejvy\u0161\u0161\u00ed.&nbsp;<\/li><li>Jde o Open source, ke k\u00f3du m\u00e1 p\u0159\u00edstup kdokoliv a chybu v n\u011bm m\u016f\u017ee tak\u00e9 nal\u00e9zt kdokoliv. Bezpe\u010dnost\u00ed probl\u00e9my se nevyh\u00fdbaj\u00ed \u017e\u00e1dn\u00e9mu Open Source \u0159e\u0161en\u00ed.&nbsp;<\/li><li>WordPress je jen j\u00e1dro a na n\u011bm postaven\u00e9 weby pou\u017e\u00edvaj\u00ed <strong>deseti tis\u00edce r\u016fzn\u00fdch \u0161ablon a plugin\u016f<\/strong>, jen\u017e jsou naps\u00e1ny v\u00fdvoj\u00e1\u0159i s r\u016fznou kvalitou.<\/li><li>Pokud se nejedn\u00e1 o opu\u0161t\u011bn\u00fd projekt, je v\u011bt\u0161inou v \u0159\u00e1dech dn\u00ed vyd\u00e1na oprava.&nbsp;<\/li><\/ol>\n\n\n\n<p><strong>P\u0159esto si mus\u00edme b\u00fdt v\u011bdomi rizik<\/strong>, jak\u00e9 p\u0159i pou\u017e\u00edv\u00e1n\u00ed vznikaj\u00ed a na z\u00e1kladn\u00ed v\u011bci se chci zam\u011b\u0159it v t\u00e9to \u010d\u00e1sti.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">WordPress a jeho aktualizace<\/h3>\n\n\n\n<p>J\u00e1dro WordPressu je neust\u00e1le udr\u017eov\u00e1no a <strong>bezpe\u010dnostn\u00ed aktualizace<\/strong> jsou vyd\u00e1v\u00e1ny pom\u011brn\u011b rychle. Zde najdete seznam aktualizac\u00ed od roku 2003 &#8211; <a href=\"https:\/\/codex.wordpress.org\/WordPress_Versions\" target=\"_blank\" rel=\"noopener\">https:\/\/codex.wordpress.org\/WordPress_Versions<\/a><\/p>\n\n\n\n<p>Zaj\u00edmav\u00e9 na seznamu je to, \u017ee nap\u0159\u00edklad 30. \u0159\u00edjna 2020 byly vyd\u00e1ny aktualizace pro verze 5.5.3, 5.4.4, 5.3.6 a dal\u0161\u00ed. Jednalo se o bezpe\u010dnostn\u00ed aktualizaci a <strong>opravy byly vyd\u00e1ny i pro star\u0161\u00ed verze<\/strong>, aby se mohly aktualizovat i weby, kter\u00e9 nejedou na nejnov\u011bj\u0161\u00edm WordPressu.<\/p>\n\n\n\n<p>A v tuto chv\u00edli za\u010dnu opakovat mantru, kter\u00e1 se ponese celou touto \u010d\u00e1st\u00ed &#8211; aktualizace.&nbsp;<\/p>\n\n\n\n<p><strong>Aktu\u00e1ln\u00ed WordPress<\/strong> je nezbytn\u00fd k tomu, aby v\u00e1\u0161 web n\u011bkdo nenapadl. Mimo to ale jsou odstra\u0148ov\u00e1ny r\u016fzn\u00e9 nalezen\u00e9 chyby a p\u0159id\u00e1v\u00e1ny nov\u00e9 funkce. Z\u00e1rove\u0148 v\u00fdvoj\u00e1\u0159i plugin\u016f a \u0161ablon upravuj\u00ed sv\u00e9 produkty a respektuj\u00ed v\u00fdvoj j\u00e1dra.&nbsp;<\/p>\n\n\n\n<p>Pom\u011brn\u011b <strong>b\u011b\u017en\u00e1 praxe \u00fato\u010dn\u00edk\u016f<\/strong> je scanov\u00e1n\u00ed web\u016f nap\u0159\u00ed\u010d internetem a vyhled\u00e1v\u00e1n\u00ed instalac\u00ed se zn\u00e1m\u00fdmi zranitelnostmi. A pokud takovou pou\u017e\u00edv\u00e1te, je to jak otev\u0159en\u00e9 dve\u0159e s pozv\u00e1n\u00edm. D\u0159\u00edv nebo pozd\u011bji si na va\u0161em webu n\u011bkdo smlsne.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u0160ablony<\/h3>\n\n\n\n<p>Nejprve si odbudeme \u010d\u00e1st s aktualizacemi. Stejn\u011b jako u j\u00e1dra, je <strong>nezbytn\u00e9 \u0161ablony pravideln\u011b aktualizova<\/strong>t. Bez aktualizace hroz\u00ed, \u017ee ji\u017e opraven\u00e9 bezpe\u010dnostn\u00ed chyby, vy bude m\u00edt st\u00e1le na webu.&nbsp;<\/p>\n\n\n\n<p>\u010cast\u00fdm d\u016fvodem pro neaktualizov\u00e1n\u00ed \u0161ablony, b\u00fdvaj\u00ed \u00fapravy, kter\u00e9 v n\u00ed n\u011bkdo ud\u011blal. WordPress proto obsahuje mechanismus <strong>child theme<\/strong>, kdy \u00fapravy m\u016f\u017eete d\u011blat v n\u00ed a rodi\u010dovsk\u00e1 \u0161ablona je nedot\u010den\u00e1 a m\u016f\u017ee se pravideln\u011b a bezpe\u010dn\u011b aktualizovat.&nbsp;<\/p>\n\n\n\n<p>Co je child theme se m\u016f\u017eete do\u010d\u00edst v \u010dl\u00e1nku https:\/\/musilda.cz\/child-theme-ve-wordpress\/.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Jak si ale vybrat \u0161ablonu, kter\u00e1 je bezpe\u010dn\u00e1?&nbsp;<\/h4>\n\n\n\n<p>Sta\u010d\u00ed dodr\u017eet n\u011bkolik v\u011bc\u00ed:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>zdroj &#8211; <strong>stahujte a kupujte \u0161ablony jen z ov\u011b\u0159en\u00fdch zdroj\u016f<\/strong><\/li><li>ov\u011b\u0159te si, zda nen\u00ed \u0161ablona opu\u0161t\u011bn\u00e1 a jak dlouho je od posledn\u00edho koment\u00e1\u0159e v f\u00f3ru podpory<\/li><li>projd\u011bte si recenze<\/li><li>zkontrolujte, zda \u0161ablona podporuje verze WordPressu, PHP a plugin\u016f, kter\u00e9 budete pou\u017e\u00edvat<\/li><\/ul>\n\n\n\n<p>Zdroje \u0161ablony &#8211; ov\u011b\u0159en\u00fd zdroj je takov\u00fd v\u00e1gn\u00ed pojem, ale nap\u0159\u00edklad WordPress.org je spolehliv\u00fd zdroj, proto\u017ee, ne\u017e je \u0161ablona do reposit\u00e1\u0159e vlo\u017eena, projde kontrolou, kter\u00e1 se na bezpe\u010dnost tak\u00e9 zam\u011b\u0159uje. Ka\u017ed\u00e1 \u0161ablona z tohoto zdroje mus\u00ed spl\u0148ovat p\u0159edem stanoven\u00e9 podm\u00ednky, viz. nap\u0159\u00edklad Theme developer handbook &#8211; <a href=\"https:\/\/developer.wordpress.org\/themes\/theme-security\/data-sanitization-escaping\/\" target=\"_blank\" rel=\"noopener\">https:\/\/developer.wordpress.org\/themes\/theme-security\/data-sanitization-escaping\/<\/a><\/p>\n\n\n\n<p>U jin\u00fdch zdroj\u016f je to ji\u017e tro\u0161ku slo\u017eit\u011bj\u0161\u00ed, proto\u017ee co developer, to jin\u00e9 postupy, jin\u00e1 kvalita. Je t\u0159eba rozli\u0161ovat marketplaces a konkr\u00e9tn\u00ed developery. Kdy\u017e v\u00e1m n\u011bkdo \u0159ekne, \u017ee na <strong>ThemeForest <\/strong>najdete kvalitn\u00ed \u0161ablony, tak je to pravda, proto\u017ee schvalovac\u00ed proces si vzal postupy z <strong>WordPress.org<\/strong>, ale nejsou tak pe\u010dliv\u00ed, jak by bylo pot\u0159eba. Tak\u00e9 si mus\u00edte uv\u011bdomit, \u017ee se to \u0161ablonu od \u0161ablony li\u0161\u00ed, proto\u017ee na ThemeForest prod\u00e1v\u00e1 \u0159ada v\u00fdvoj\u00e1\u0159\u016f.&nbsp;<\/p>\n\n\n\n<p><strong>Konkr\u00e9tn\u011b tam v\u011bnujte pozornost tomu, jak developer reaguje a kdy vy\u0161la posledn\u00ed aktualizace.&nbsp;<\/strong><\/p>\n\n\n\n<p>V tomto sm\u011bru je lep\u0161\u00ed m\u00edt vybranou firmu, s kterou jste spokojeni a pou\u017e\u00edvat jejich \u0161ablony. Pak se pravd\u011bpodobn\u011b nedo\u010dk\u00e1te p\u0159ekvapen\u00ed.&nbsp;<\/p>\n\n\n\n<p>Zjednodu\u0161en\u011b \u0159e\u010deno, \u017ee pokud pou\u017eijete na v\u00e1\u0161 web \u0161ablonu, jako je <strong>Astra, GeneratePress<\/strong> a podobn\u011b, vedle ne\u0161l\u00e1pnete. St\u00e1le ale plat\u00ed &#8211; sledovat aktualizace. <strong>Nebo si na to n\u011bkoho najmout<\/strong> &#8211; s t\u00edm v\u00e1m mohu pomoci, pokud pot\u0159ebujete n\u011bkoho na pravidelnou spr\u00e1vu, napi\u0161te mi &#8211; <a href=\"mailto:musilda@musilda.cz\">musilda@musilda.cz<\/a>.&nbsp;<\/p>\n\n\n\n<p>U \u0161ablon na m\u00edru je to daleko sna\u017e\u0161\u00ed, pokud v n\u00ed nen\u00ed n\u011bjak\u00fd opravdu \u0161patn\u011b napsan\u00fd a neo\u0161et\u0159en\u00fd script, v\u011bt\u0161inou si takov\u00e9 \u0161ablony \u00fato\u010dn\u00edk ani nev\u0161\u00edm\u00e1, respektive s n\u00ed neztr\u00e1c\u00ed \u010das. <strong>Je jednodu\u0161\u0161\u00ed proskenovat internet<\/strong> a hledat \u0161ablony, kter\u00e9 obsahuj\u00ed <strong>zranitelnou verzi n\u011bjak\u00e9ho scriptu<\/strong>, ne\u017e hledat d\u00edru v custom k\u00f3du.&nbsp;<\/p>\n\n\n\n<p><strong>Co ale d\u011blat, pokud chcete m\u00edt opravdu jistotu?&nbsp;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>m\u016f\u017eete si objednat n\u011bkoho na penetra\u010dn\u00ed testy<\/li><li>nech\u00e1te n\u011bkoho ud\u011blat code review<\/li><li>pro kutily &#8211; pod\u00edv\u00e1te se sami co vlastn\u011b pou\u017e\u00edv\u00e1te<\/li><\/ul>\n\n\n\n<p>Prvn\u00ed dva body jsou pom\u011brn\u011b <strong>finan\u010dn\u011b n\u00e1ro\u010dn\u00e9<\/strong> a pro men\u0161\u00ed weby nemaj\u00ed smysl. Tam bych opravdu vybral ov\u011b\u0159enou \u0161ablonu a d\u00e1l to ne\u0159e\u0161il. Pro ty co se r\u00e1di ve webu hrabou tady je <strong>plugin Theme Check<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Theme Check plugin<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/theme-check.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"571\" height=\"277\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/theme-check.png\" alt=\"\" class=\"wp-image-6010\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/theme-check.png 571w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/theme-check-300x146.png 300w\" sizes=\"(max-width: 571px) 100vw, 571px\" \/><\/a><\/figure>\n\n\n\n<p>Tento plugin se pou\u017e\u00edv\u00e1, pokud <strong>vytv\u00e1\u0159\u00edte \u0161ablony pro WordPress.org<\/strong>. Kontroluje, zda \u0161ablona obsahuje v\u0161echny n\u00e1le\u017eitosti a zda nepou\u017e\u00edv\u00e1 potencion\u00e1ln\u011b nebezpe\u010dn\u00e9 postupy.&nbsp;<\/p>\n\n\n\n<p>Detaily najdete zde <a href=\"https:\/\/make.wordpress.org\/themes\/handbook\/review\/required\/theme-check-plugin\/\" target=\"_blank\" rel=\"noopener\">https:\/\/make.wordpress.org\/themes\/handbook\/review\/required\/theme-check-plugin\/<\/a><\/p>\n\n\n\n<p>P\u0159esto\u017ee plugin vyjede <strong>report s chybami<\/strong>, neberte to jako dogma a ne v\u0161e mus\u00edte m\u00edt na sto procent opraveno. \u0158ada v\u011bc\u00ed je tak\u00e9 jen upozorn\u011bn\u00edm.&nbsp;<\/p>\n\n\n\n<p>Pro uk\u00e1zku jsem jej nainstaloval na e-shop, kde je rodi\u010dovsk\u00e1 \u0161ablona Astra &#8211; <a href=\"https:\/\/wpastra.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wpastra.com\/<\/a> a k n\u00ed ud\u011blan\u00e1 child \u0161ablona.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">V\u00fdsledek testu:<\/h4>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/theme-check-child.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"476\" height=\"290\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/theme-check-child.png\" alt=\"\" class=\"wp-image-6011\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/theme-check-child.png 476w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/theme-check-child-300x183.png 300w\" sizes=\"(max-width: 476px) 100vw, 476px\" \/><\/a><\/figure><\/div>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/theme-check-child-result.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"609\" height=\"289\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/theme-check-child-result.png\" alt=\"\" class=\"wp-image-6012\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/theme-check-child-result.png 609w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/theme-check-child-result-300x142.png 300w\" sizes=\"(max-width: 609px) 100vw, 609px\" \/><\/a><\/figure><\/div>\n\n\n\n<p><strong>Na prvn\u00ed pokus \u0161ablona pro\u0161la<\/strong>, proto\u017ee Astra je kvalitn\u00ed a bezprobl\u00e9mov\u00e1. Pokud by v \u0161ablon\u011b byly n\u011bjak\u00e9 probl\u00e9my, plugin by to p\u0159ehledn\u011b vypsal.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Pluginy<\/h3>\n\n\n\n<p>Pluginy, mo\u017en\u00e1 je\u0161t\u011b v\u00edce, ne\u017e \u0161ablony, <strong>ovliv\u0148uj\u00ed fungov\u00e1n\u00ed a bezpe\u010dnost<\/strong> WordPressu.&nbsp;<\/p>\n\n\n\n<p>Na rozd\u00edl od \u0161ablon, mohou ovliv\u0148ovat nejen vzhled webu, ale i jeho chov\u00e1n\u00ed a chov\u00e1n\u00ed administrace. Co\u017e znamen\u00e1, \u017ee \u0161patn\u011b napsan\u00fd plugin, s bezpe\u010dnostn\u00ed chybu, bude otev\u0159en\u00fdmi dve\u0159mi do va\u0161eho webu.&nbsp;<\/p>\n\n\n\n<p>Obecn\u011b plat\u00ed, \u017ee <strong>v\u00edce pou\u017e\u00edvan\u00e9 pluginy<\/strong>, <strong>jsou l\u00e9pe udr\u017eovan\u00e9<\/strong> a p\u0159\u00edpadn\u00e9 z\u00e1platy se objevuj\u00ed celkem rychle.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Aktualizace plugin\u016f<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/aktualizace-pluginu.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"946\" height=\"316\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/aktualizace-pluginu.png\" alt=\"\" class=\"wp-image-6014\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/aktualizace-pluginu.png 946w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/aktualizace-pluginu-300x100.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/aktualizace-pluginu-768x257.png 768w\" sizes=\"(max-width: 946px) 100vw, 946px\" \/><\/a><\/figure>\n\n\n\n<p><strong>Aktualizace plugin\u016f<\/strong> je takov\u00e9 schizofrenn\u00ed t\u00e9ma, proto\u017ee je n\u011bkdy t\u011b\u017ek\u00e9 naj\u00edt spr\u00e1vn\u00e9 vyv\u00e1\u017een\u00ed mezi bezpe\u010dnost\u00ed webu a udr\u017een\u00edm funk\u010dnosti.&nbsp;<\/p>\n\n\n\n<p>Mantra v\u0161ech \u010dl\u00e1nk\u016f o <strong>zabezpe\u010den\u00ed WordPressu<\/strong> je &#8211; <strong>aktualizujte, aktualizujte a aktualizujte<\/strong>. Jen\u017ee, pokud aktualizujete okam\u017eit\u011b po vyd\u00e1n\u00ed nov\u00e9 verze pluginu, tak u obs\u00e1hlej\u0161\u00edch produkt\u016f, jako je nap\u0159\u00edklad WooCommerce, se m\u016f\u017ee st\u00e1t, \u017ee v\u00e1m n\u011bco p\u0159estane fungovat. Proto j\u00e1 nap\u0159\u00edklad po vyd\u00e1n\u00ed nov\u00e9 aktualizace <strong>\u010dek\u00e1m n\u011bkolik dn\u00ed<\/strong>, zda se v rychl\u00e9m sledu neobjev\u00ed dal\u0161\u00ed, men\u0161\u00ed aktualizace. Tak\u017ee aktualizovat ano, ale s rozumem.<\/p>\n\n\n\n<p><strong>Pro\u010d\u00edtejte si informace o aktualizaci<\/strong>. V p\u0159\u00edpad\u011b, \u017ee je ozna\u010dena, jako bezpe\u010dnostn\u00ed, nev\u00e1hejte.&nbsp;<\/p>\n\n\n\n<p>A z\u00e1rove\u0148 <strong>aktualizujte pravideln\u011b<\/strong>. Ono se v\u00e1m to vyplat\u00ed. m\u00e1m ve spr\u00e1v\u011b \u0159adu web\u016f, kter\u00e9 funguj\u00ed bez v\u011bt\u0161\u00edch probl\u00e9m\u016f n\u011bkolik let, proto\u017ee p\u0159\u00edpadn\u00e9 probl\u00e9my jsou minim\u00e1ln\u00ed. Kdy\u017e na web rok nes\u00e1hnete, nebo nem\u00e1te n\u011bkoho, kdo jej pravideln\u011b udr\u017euje, p\u0159\u00edpadn\u00e1 obnova\/oprava v\u00e1s bude st\u00e1t v\u00edce, ne\u017e zaplat\u00edte za pravidelnou spr\u00e1vu<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/plugin-aktualizace.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"751\" height=\"424\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/plugin-aktualizace.png\" alt=\"\" class=\"wp-image-6015\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/plugin-aktualizace.png 751w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/plugin-aktualizace-300x169.png 300w\" sizes=\"(max-width: 751px) 100vw, 751px\" \/><\/a><\/figure>\n\n\n\n<p>Krom\u011b aktualizace plugin\u016f z va\u0161\u00ed strany, je dobr\u00e9 se p\u0159ed instalac\u00ed, nebo po n\u011bjak\u00e9 dob\u011b pou\u017e\u00edv\u00e1n\u00ed, pod\u00edvat se, jak je na tom s aktualizacemi v\u00fdvoj\u00e1\u0159. Na obr\u00e1zku je plugin, kter\u00fd <strong>nebyl aktualizov\u00e1n \u0161est let<\/strong> a to je v onlinu opravdu dlouh\u00e1 doba.&nbsp;<\/p>\n\n\n\n<p>Mo\u017en\u00e1, \u017ee ten plugin funguje dob\u0159e a nen\u00ed na n\u011bm co aktualizovat, ale pravd\u011bpodobnost toho, \u017ee tam bude n\u011bjak\u00e1 <strong>bezpe\u010dnostn\u00ed d\u00edra<\/strong> je nezanedbateln\u00e1. Pokud nejste program\u00e1tor, <strong>nem\u016f\u017eete posoudit, zda je plugin bezpe\u010dn\u00fd<\/strong>.&nbsp;<\/p>\n\n\n\n<p>Proto se v\u017edy d\u00edvejte na tyto informace, mohou v\u00e1m pomoci v rozhodov\u00e1n\u00ed, zda plugin pou\u017e\u00edt, \u010di ne.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Nepou\u017e\u00edvat Nulled pluginy a \u0161ablony<\/h3>\n\n\n\n<p><\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/nulled.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"341\" height=\"146\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/nulled.png\" alt=\"\" class=\"wp-image-6016\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/nulled.png 341w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/nulled-300x128.png 300w\" sizes=\"(max-width: 341px) 100vw, 341px\" \/><\/a><\/figure><\/div>\n\n\n\n<p>Velk\u00e1 \u010d\u00e1st dostupn\u00fdch plugin\u016f a \u0161ablon je <strong>zdarma<\/strong>. N\u011bkter\u00e9 z nich funguj\u00ed na freemium principu, kdy zdarma je z\u00e1klad a za vylep\u0161enou verzi si mus\u00edte zaplatit. Hodn\u011b z nich je placen\u00fdch rovnou.&nbsp;<\/p>\n\n\n\n<p>A proto\u017ee <strong>WordPress je \u0161\u00ed\u0159en pod licenc\u00ed GPL<\/strong>, kter\u00e1 je takov\u00e1 jak\u00e1 je, umo\u017e\u0148uje to vz\u00edt plugin, \u010di \u0161ablonu, upravit jej (v tomto p\u0159\u00edpad\u011b odstranit kontrolu licence) a pak jej d\u00e1le distribuovat. Bu\u010f za n\u011bjak\u00fd m\u00edrn\u00fd poplatek, nebo zcela zdarma.&nbsp;<\/p>\n\n\n\n<p>Je to v podstat\u011b <strong>parazitov\u00e1n\u00ed na pr\u00e1ci jin\u00fdch<\/strong>, ale licence to umo\u017e\u0148uje. Bohu\u017eel, k takov\u00fdm produkt\u016fm nedostanete podporu a velmi \u010dasto se st\u00e1v\u00e1, \u017ee krom\u011b p\u0159\u00edzniv\u00e9 ceny, v\u00e1m takov\u00fd vykuk p\u0159ibal\u00ed do k\u00f3du <strong>backdoor <\/strong>a vy si vlastn\u011b dobrovoln\u011b instalujete n\u011bco, co umo\u017en\u00ed \u00fato\u010dn\u00edkovi p\u0159\u00edstup, jen kv\u016fli tomu, aby jste u\u0161et\u0159ili p\u00e1r dolar\u016f.&nbsp;<\/p>\n\n\n\n<p>Tak\u017ee jedn\u00edm z krok\u016f pro zabezpe\u010den\u00ed webu je <strong>nepou\u017e\u00edvat neorigin\u00e1ln\u00ed pluginy<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Odstran\u011bn\u00ed nepou\u017e\u00edvan\u00fdch plugin\u016f<\/h3>\n\n\n\n<p>Pom\u011brn\u011b \u010dasto se setk\u00e1v\u00e1m s t\u00edm, \u017ee ne webu jsou nainstalovan\u00e9 pluginy, o kter\u00fdch nikdo nev\u00ed, pro\u010d tam jsou, nebo na co se pou\u017e\u00edvali. Jsou to <strong>\u201cjednor\u00e1zov\u00e9\u201d pluginy<\/strong>, jako nap\u0159\u00edklad Regenerate thumbnails, nebo pluginy, jen\u017e n\u011bkdo zkou\u0161el (nemus\u00ed to b\u00fdt majitel webu, ale t\u0159eba n\u011bjak\u00fd webmaster) a neodinstaloval.<\/p>\n\n\n\n<p>V\u011bt\u0161inou <strong>nejsou aktualizovan\u00e9<\/strong> a proto zvy\u0161uj\u00ed riziko toho, \u017ee v nich bude n\u011bjak\u00e1 d\u00edra, kterou v\u00e1m tam z\u00e1\u0161kodn\u00edk vleze. Nejhor\u0161\u00ed jsou nulled pluginy, sta\u017een\u00e9 na vyzkou\u0161en\u00ed a ponechan\u00e9 sv\u00e9mu osudu.&nbsp;<\/p>\n\n\n\n<p>Tak\u017ee <strong>mazat a mazat<\/strong>. Kdy\u017e to nepot\u0159ebuji, d\u00e1m to pry\u010d.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Nahrazen\u00ed zastaral\u00fdch plugin\u016f<\/h3>\n\n\n\n<p>U plugin\u016f, kter\u00e9 se sice pou\u017e\u00edvaj\u00ed, ale <strong>v\u00fdvoj\u00e1\u0159 je ji\u017e aktivn\u011b nevyv\u00edj\u00ed<\/strong>, je t\u0159eba se rozhodnout, zda je opravdu nezbytn\u011b pot\u0159ebujete, \u010di za n\u011b neexistuje adekv\u00e1tn\u00ed n\u00e1hrada.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ssl-https\">SSL a HTTPS<\/h2>\n\n\n\n<p>Internetov\u00fd protokol <strong>HTTPS a SSL<\/strong> certifik\u00e1ty jsou s n\u00e1mi ji\u017e pom\u011brn\u011b dlouho a v\u011bt\u0161ina web\u016f je m\u00e1 nasazen\u00e9.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Co je HTTPS a k \u010demu slou\u017e\u00ed?<\/h3>\n\n\n\n<p>Jde o <strong>\u0161ifrovan\u00fd protokol<\/strong>, kter\u00fd zabezpe\u010duje komunikaci mezi serverem, kde m\u00e1te web a internetov\u00fdm prohl\u00ed\u017ee\u010dem. Pokud pou\u017e\u00edv\u00e1te tento protokol, ve\u0161ker\u00e1 komunikace je asymetricky \u0161ifrov\u00e1na a \u201cp\u0159e\u010d\u00edst\u201d si ji mohou jen strany, kter\u00e9 maj\u00ed k dispozici odpov\u00eddaj\u00edc\u00ed kl\u00ed\u010de.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">SSL certifik\u00e1t<\/h3>\n\n\n\n<p>SSL certifik\u00e1t je takov\u00e9 osv\u011bd\u010den\u00ed o tom, \u017ee jste <strong>d\u016fv\u011bryhodn\u00fd zdroj<\/strong> a \u017ee jste to opravdu vy. Prohl\u00ed\u017ee\u010d i server tak maj\u00ed jistotu, \u017ee komunikuj\u00ed se spr\u00e1vn\u00fdm zdrojem a ne s n\u011bk\u00fdm, kdo se za v\u00e1s vyd\u00e1v\u00e1. Z\u00e1rove\u0148 SSL protokol umo\u017en\u00ed v\u00fdm\u011bnu \u0161ifrovac\u00edch kl\u00ed\u010d\u016f a samotn\u00e9 za\u0161ifrov\u00e1n\u00ed komunikace.&nbsp;<\/p>\n\n\n\n<p>To \u017ee pou\u017e\u00edv\u00e1te<strong> bezpe\u010dn\u00e9 spojen\u00ed<\/strong>, pozn\u00e1te podle z\u00e1me\u010dku, kter\u00fd se objev\u00ed v adresn\u00edm \u0159\u00e1dku, vedle adresy webu.&nbsp;<\/p>\n\n\n\n<p>To jak <strong>z\u00edskat SSL certifik\u00e1t<\/strong> a zprovoznit HTTPS na WordPressu je pops\u00e1no v \u0159ad\u011b \u010dl\u00e1nk\u016f a n\u00e1vod\u016f, kter\u00e9 lehce dohled\u00e1te. Samotn\u00e9 nasazen\u00ed by m\u011blo b\u00fdt naprostou samoz\u0159ejmost\u00ed a \u017e\u00e1dn\u00fd nov\u00fd web by se bez HTTPS nem\u011bl spou\u0161t\u011bt.<\/p>\n\n\n\n<p>V p\u0159\u00edpad\u011b, \u017ee m\u00e1te SSL certifik\u00e1t a HTTPS a p\u0159esto v\u00e1m prohl\u00ed\u017ee\u010d ukazuje, \u017ee <strong>nepou\u017e\u00edv\u00e1te zabezpe\u010den\u00e9 spojen\u00ed<\/strong>, m\u016f\u017ee se jednat o mixed content probl\u00e9m, co\u017e znamen\u00e1, \u017ee na webu m\u00e1te url, kter\u00e9 stahuj\u00ed zdroje z http adresy. WordPress toti\u017e ukl\u00e1d\u00e1 absolutn\u00ed url a po zm\u011bn\u011b protokolu, budou v datab\u00e1zi ulo\u017eeny star\u00e9 adresy a ty zp\u016fsobuj\u00ed probl\u00e9m. Sta\u010d\u00ed proj\u00edt datab\u00e1zi a v\u0161e upravit. M\u016f\u017eete k tomu pou\u017e\u00edt plugin<a href=\"https:\/\/cs.wordpress.org\/plugins\/better-search-replace\/\" target=\"_blank\" rel=\"noopener\"> https:\/\/cs.wordpress.org\/plugins\/better-search-replace\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"zalohy-docasne\">Z\u00e1lohy a do\u010dasn\u00e9 soubory<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Z\u00e1lohov\u00e1n\u00ed<\/h3>\n\n\n\n<p>Z\u00e1lohov\u00e1n\u00ed je <strong>kritick\u00e1 \u010d\u00e1st zabezpe\u010den\u00ed<\/strong> va\u0161eho webu. M\u016f\u017eete d\u011blat cokoliv a p\u0159esto se v\u00e1m m\u016f\u017ee do syst\u00e9mu n\u011bkdo nabourat. M\u016f\u017ee to b\u00fdt p\u0159es slab\u00e9 heslo n\u011bkter\u00e9ho z u\u017eivatel\u016f a probl\u00e9m je na sv\u011bt\u011b.&nbsp;<\/p>\n\n\n\n<p>Pravideln\u00e1 z\u00e1loha v\u00e1m umo\u017en\u00ed <strong>jednodu\u0161e obnovit data<\/strong> a minimalizovat \u0161kody. Zkr\u00e1tka, z\u00e1lohov\u00e1n\u00ed by m\u011bl m\u00edt nastaven\u00e9 ka\u017ed\u00fd web.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Pro z\u00e1lohov\u00e1n\u00ed existuje cel\u00e1 \u0159ada plugin\u016f, jen\u017e v\u00e1m s t\u00edm pom\u016f\u017eou.&nbsp;<\/h4>\n\n\n\n<p>Bohu\u017eel, <strong>vytv\u00e1\u0159en\u00ed z\u00e1loh<\/strong> m\u016f\u017ee b\u00fdt i bezpe\u010dnostn\u00ed probl\u00e9m. Ve v\u011bt\u0161in\u011b pluginu, jako je nap\u0159\u00edklad Updraft, si m\u016f\u017eete zvolit, kam chcete soubory se z\u00e1lohou ulo\u017eit. M\u016f\u017ee to b\u00fdt do cloudu, k v\u00e1m do po\u010d\u00edta\u010de a v neposledn\u00ed \u0159ad\u011b i na FTP.&nbsp;<\/p>\n\n\n\n<p>A tady <strong>m\u016f\u017ee vzniknout probl\u00e9m<\/strong>, kdy p\u0159i \u0161patn\u00e9 konfiguraci, m\u016f\u017eete ukl\u00e1dat soubory se z\u00e1lohou do ve\u0159ejn\u011b p\u0159\u00edstupn\u00e9 slo\u017eky. Tam se k n\u00ed m\u016f\u017ee dostat kdokoliv a ze z\u00e1lohy zjistit citliv\u00e9 informace. Neznamen\u00e1 to samoz\u0159ejm\u011b, \u017ee z\u00e1lohu ka\u017ed\u00fd najde, ale riziko tu je.&nbsp;<\/p>\n\n\n\n<p>Zkontrolujte tedy, zda je mo\u017en\u00e9 k souboru z\u00e1lohy p\u0159istoupit, nebo <strong>z\u00e1lohujte mimo FTP va\u0161eho webu<\/strong>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Do\u010dasn\u00e9 soubory<\/h3>\n\n\n\n<p>Podobn\u011b, jako soubory z\u00e1loh, mohou b\u00fdt <strong>do\u010dasn\u00e9 soubory<\/strong> ve \u0161patn\u00e9 lokaci, bezpe\u010dnostn\u00edm rizikem.&nbsp;<\/p>\n\n\n\n<p>\u0158ekn\u011bme, \u017ee admin pou\u017e\u00edv\u00e1 pro \u00fapravu soubor\u016f n\u011bjak\u00fd textov\u00fd editor a ten z n\u011bjak\u00e9ho d\u016fvodu spadne, je tu pom\u011brn\u011b velk\u00e1 \u0161ance, \u017ee z\u016fstanou zachov\u00e1ny i do\u010dasn\u00e9 soubory.&nbsp;<\/p>\n\n\n\n<p>Nap\u0159\u00edklad editor Vim, <strong>ukl\u00e1d\u00e1 do\u010dasn\u00e9 soubory s p\u0159\u00edponou ext<\/strong>. V p\u0159\u00edpad\u011b, \u017ee je server \u0161patn\u011b nakonfigurovan\u00fd a do\u010dasn\u00fd soubor bude ve ve\u0159ejn\u011b dostupn\u00e9 slo\u017ece, je relativn\u011b snadn\u00e9 jej p\u0159e\u010d\u00edst. Proto by m\u011bla b\u00fdt slo\u017eka a soubory v n\u00ed, ve\u0159ejn\u011b nep\u0159\u00edstupn\u00e9.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Zm\u011bna slo\u017eky pro soubor debug.log<\/h3>\n\n\n\n<p>Debug log je v\u00fdborn\u00e1 <strong>pom\u016fcka pro v\u00fdvoj\u00e1\u0159e<\/strong>. Pokud je aktivn\u00ed, ukl\u00e1daj\u00ed se do n\u011bj v\u0161echna upozorn\u011bn\u00ed na chyba a probl\u00e9my p\u0159i vykon\u00e1v\u00e1n\u00ed PHP ve WordPressu. Program\u00e1tor tak m\u016f\u017ee zjistit, pro\u010d v\u00e1m spadne platba na pokladn\u011b, nebo pro\u010d m\u00e1te na str\u00e1nce jen b\u00edlou barvu.&nbsp;<\/p>\n\n\n\n<p>Probl\u00e9m je ale v tom, \u017ee pro \u00fato\u010dn\u00edka m\u016f\u017ee soubor <strong>obsahovat velmi zaj\u00edmav\u00e9 a citliv\u00e9 informace<\/strong>, kter\u00e9 nechceme, aby z\u00edskal. Spr\u00e1vn\u00fd postup by m\u011bl b\u00fdt, \u017ee po dokon\u010den\u00ed \u00faprav se debug log deaktivuje a hlavn\u011b se soubor sma\u017ee. Na co\u017e se dost \u010dasto zapom\u00edn\u00e1.&nbsp;<\/p>\n\n\n\n<p>Na\u0161t\u011bst\u00ed od verze WordPressu 5.1, je mo\u017en\u00e9, zm\u011bnit um\u00edst\u011bn\u00ed souboru.<\/p>\n\n\n\n<p>V z\u00e1pisu <\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">define( \u2018WP_DEBUG_LOG\u2019, true ); <\/pre>\n\n\n\n<p>pou\u017eijete m\u00edsto true path slo\u017eky do kter\u00e9 chcete log um\u00edstit. T\u00edm p\u0159\u00edpadn\u00fdm \u201chleda\u010d\u016fm\u201d zt\u00ed\u017e\u00edte pr\u00e1ci, i kdy\u017e tam ten soubor zapomenete.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Odebr\u00e1n\u00ed git soubor\u016f<\/h3>\n\n\n\n<p>Podobn\u011b, jako oba p\u0159edchoz\u00ed p\u0159\u00edpady, i <strong>git soubory v pluginech a \u0161ablon\u00e1ch<\/strong>, mohou b\u00fdt p\u0159\u00edpadn\u00fdm bezpe\u010dnostn\u00edm probl\u00e9mem.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Co jsou git soubory?<\/h4>\n\n\n\n<p>Jedn\u00e1 se o soubory, kter\u00e9 si ukl\u00e1d\u00e1 <strong>verzovac\u00ed syst\u00e9m<\/strong>. Jsou to z\u00e1znamy o v\u0161ech zm\u011bn\u00e1ch v souborech a jsou vyu\u017e\u00edv\u00e1ny v\u00fdvoj\u00e1\u0159i. V \u017e\u00e1dn\u00e9m p\u0159\u00edpad\u011b by se nem\u011bly <strong>dostat na produk\u010dn\u00ed web<\/strong>, proto\u017ee jsou ur\u010deny jen pro v\u00fdvoj a pr\u00e1ci v t\u00fdmu program\u00e1tor\u016f.&nbsp;<\/p>\n\n\n\n<p>P\u0159esto se to d\u011bje. a kdy\u017e si p\u0159edstav\u00edte, \u017ee v t\u00e9 slo\u017ece je kompletn\u00ed k\u00f3d i s histori\u00ed, tak to je bezpe\u010dnostn\u00ed probl\u00e9m jak hrom. V p\u0159\u00edpad\u011b, \u017ee si mysl\u00edte, \u017ee to je n\u011bjak\u00e1 margin\u00e1ln\u00ed z\u00e1le\u017eitost, doporu\u010duji tento skv\u011bl\u00fd \u010dl\u00e1nek <a href=\"https:\/\/lynt.cz\/blog\/globalni-scan-otevrenych-git-repozitaru\/\" target=\"_blank\" rel=\"noopener\">https:\/\/lynt.cz\/blog\/globalni-scan-otevrenych-git-repozitaru\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"security-keys\">WordPress Security Keys<\/h2>\n\n\n\n<p>Jednodu\u0161e \u0159e\u010deno, <strong>WordPress security keys<\/strong> a salts jsou komplikovan\u00e1 hesla, o pom\u011brn\u011b zna\u010dn\u00e9 d\u00e9lce, kter\u00e1 obsahuj\u00ed speci\u00e1ln\u00ed znaky a kter\u00e9 je velmi slo\u017eit\u00e9 prolomit.&nbsp;<\/p>\n\n\n\n<p>Jsou pou\u017e\u00edv\u00e1ny pro lep\u0161\u00ed <strong>zak\u00f3dov\u00e1n\u00ed \u00fadaj\u016f v cookies<\/strong> a p\u0159ihla\u0161ovac\u00edch \u00fadaj\u016f. D\u00edky tomu, jsou data ochr\u00e1n\u011bna dal\u0161\u00ed bezpe\u010dnostn\u00ed vrstvou, pokud tedy nedojde k z\u00edsk\u00e1n\u00ed p\u0159\u00edstupu k souboru wp_config.php, kde jsou ulo\u017eena, jinou cestou.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Definov\u00e1n\u00ed security keys a salts<\/h3>\n\n\n\n<p>Jak je uvedeno v p\u0159edchoz\u00edm odstavci, jsou tato data <strong>ulo\u017eena v souboru wp_config.php<\/strong> jako konstanty a u\u017eivatel s nimi nemus\u00ed nijak pracovat.&nbsp;<\/p>\n\n\n\n<p>V souboru m\u00e1me celkem 4 keys a 4 salts<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>AUTH_KEY<\/li><li>SECURE_AUTH_KEY<\/li><li>LOGGED_IN_KEY<\/li><li>NONCE_KEY<\/li><li>AUTH_SALT<\/li><li>SECURE_AUTH_SALT<\/li><li>LOGGED_IN_SALT<\/li><li>NONCE_SALT<\/li><\/ul>\n\n\n\n<p>V p\u0159\u00edpad\u011b, \u017ee pou\u017e\u00edv\u00e1te vlastn\u00ed zp\u016fsob instalace a nap\u0159\u00edklad kop\u00edrujete p\u0159ipraven\u00e9 soubory, m\u011bli byste \u00fadaje pro ka\u017ed\u00fd web zm\u011bnit. D\u016fle\u017eit\u00e9 je to z toho d\u016fvodu, aby jeden kompromitovan\u00fd web, neohrozil dal\u0161\u00ed.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">WordPress keys generator&nbsp;<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/salts.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"697\" height=\"139\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/salts.png\" alt=\"\" class=\"wp-image-6024\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/salts.png 697w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/salts-300x60.png 300w\" sizes=\"(max-width: 697px) 100vw, 697px\" \/><\/a><\/figure>\n\n\n\n<p>Proto\u017ee vym\u00fd\u0161let dloooouh\u00fd \u0159et\u011bzec, <strong>pln\u00fd speci\u00e1ln\u00edch znak\u016f<\/strong>, by bylo celkem komplikovan\u00e9, m\u016f\u017eete pou\u017e\u00edt online gener\u00e1tor na t\u00e9to adrese <a href=\"https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/\" target=\"_blank\" rel=\"noopener\">https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/<\/a><\/p>\n\n\n\n<p>Vygenerovan\u00fd k\u00f3d pak jen p\u0159ekop\u00edrujete do souboru wp_config.php<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Salt shaker<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/salt-shaker.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"978\" height=\"471\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/salt-shaker.png\" alt=\"\" class=\"wp-image-6025\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/salt-shaker.png 978w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/salt-shaker-300x144.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/salt-shaker-768x370.png 768w\" sizes=\"(max-width: 978px) 100vw, 978px\" \/><\/a><\/figure>\n\n\n\n<p>Samoz\u0159ejm\u011b, ka\u017ed\u00fd k\u00f3d lze prolomit, kdy\u017e m\u00e1te dostatek \u010dasu, p\u0159\u00edpadn\u011b se m\u016f\u017ee \u00fato\u010dn\u00edk dostat k \u00fadaj\u016fm z config souboru (t\u0159eba ze zapomenut\u00e9 z\u00e1lohy). <strong>C\u00edlem zabezpe\u010den\u00ed je co nejv\u00edce zkomplikovat z\u00edsk\u00e1n\u00ed citliv\u00fdch \u00fadaj\u016f<\/strong>. A u keys a salts m\u016f\u017eeme vyu\u017e\u00edt plugin, kter\u00fd n\u00e1m, v p\u0159edem ur\u010den\u00e9m intervalu p\u0159egeneruje \u0159et\u011bzce, tak\u017ee i kdyby n\u011bjak unikly, druh\u00fd den u\u017e nebudou platn\u00e1. Plugin najdete na WordPress.org &#8211; <a href=\"https:\/\/wordpress.org\/plugins\/salt-shaker\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wordpress.org\/plugins\/salt-shaker\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"wp-config\">WP Config<\/h2>\n\n\n\n<p>WP config je z hlediska bezpe\u010dnosti ten<strong> nejd\u016fle\u017eit\u011bj\u0161\u00ed soubor<\/strong>, kter\u00fd v instalaci WordPressu je. A z\u00e1rove\u0148 je i neju\u017eite\u010dn\u011bj\u0161\u00ed. Obsahuje p\u0159\u00edstupy do datab\u00e1ze a security keys. Nav\u00edc je do n\u011bj mo\u017en\u00e9 zapsat definice, jen\u017e v\u00e1m s bezpe\u010dnost\u00ed pomohou.&nbsp;<\/p>\n\n\n\n<p>Proto\u017ee <strong>obsahuje citliv\u00e9 \u00fadaje<\/strong>, jedn\u00edm ze zp\u016fsobu ochrany, je p\u0159em\u00edst\u011bn\u00ed t\u011bchto \u00fadaj\u016f na jin\u00e9 m\u00edsto.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">P\u0159esunut\u00ed wp-config souboru<\/h3>\n\n\n\n<p>Jedn\u00edm ze zp\u016fsob\u016f, jak v\u00edce <strong>zabezpe\u010dit konfigura\u010dn\u00ed soubor<\/strong>, je p\u0159esun mimo root slo\u017eku WordPressu (root slo\u017ekou je my\u0161lena slo\u017eka, obsahuj\u00edc\u00ed soubory WordPressu).<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/move-wp-config.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"431\" height=\"209\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/move-wp-config.png\" alt=\"\" class=\"wp-image-6027\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/move-wp-config.png 431w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/move-wp-config-300x145.png 300w\" sizes=\"(max-width: 431px) 100vw, 431px\" \/><\/a><\/figure>\n\n\n\n<p>V p\u016fvodn\u00edm souboru nech\u00e1te jen definici ABSPATH a p\u0159id\u00e1te vlo\u017een\u00ed souboru, kter\u00fd je um\u00edst\u011bn mimo root WordPressu. Dejte pozor na to, \u017ee u n\u011bkter\u00fdch hosting\u016f, <strong>je nad\u0159azen\u00e1 slo\u017eka tak\u00e9 ve\u0159ejn\u00e1<\/strong> a soubor rad\u011bji dejte do vlastn\u00ed podslo\u017eky.<\/p>\n\n\n\n<p>Tento zp\u016fsob zabezpe\u010den\u00ed konfigura\u010dn\u00edho souboru m\u00e1 sv\u00e9 p\u0159\u00edznivce i odp\u016frce. N\u011bkdo \u0159\u00edk\u00e1, \u017ee to m\u00e1te ud\u011blat v\u017edy, n\u011bkdo zase tvrd\u00ed, \u017ee to nem\u00e1 re\u00e1ln\u011b \u017e\u00e1dn\u00fd p\u0159\u00ednos. V ka\u017ed\u00e9m p\u0159\u00edpad\u011b t\u00edm nic nepokaz\u00edte.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Zm\u011bna prefixu datab\u00e1ze<\/h3>\n\n\n\n<p>Tabulky v datab\u00e1zi WordPressu maj\u00ed <strong>vlastn\u00ed prefix<\/strong>. P\u0159i v\u00fdchoz\u00ed instalaci to je wp_. To znamen\u00e1, \u017ee ka\u017ed\u00e1 posts tabulka se jmenuje wp_posts. Proto\u017ee to je ve\u0159ejn\u011b zn\u00e1m\u00e1 informace, <strong>\u00fato\u010dn\u00edk<\/strong>, kter\u00fd se zkou\u0161\u00ed dostat do datab\u00e1ze, <strong>zn\u00e1 n\u00e1zvy tabulek.<\/strong>&nbsp;<\/p>\n\n\n\n<p>Proto je b\u011b\u017enou prax\u00ed, <strong>prefix m\u011bnit<\/strong>. Kdy\u017e instalujete WordPress, tak zde m\u00e1te p\u0159edvypln\u011bnou hodnotu wp_ ve formul\u00e1\u0159i. Sta\u010d\u00ed ji zm\u011bnit a nic v\u00edce d\u011blat nemus\u00edte.&nbsp;<\/p>\n\n\n\n<p>Jakmile ji\u017e m\u00e1te WordPress nainstalov\u00e1n, <strong>zm\u011bna prefixu je tro\u0161ku komplikovan\u011bj\u0161\u00ed<\/strong>.&nbsp;<\/p>\n\n\n\n<p>M\u016f\u017eete jej zm\u011bnit \u201cru\u010dn\u011b\u201d, co\u017e znamen\u00e1, p\u0159epsat hodnotu v souboru wp_config.php a pak v datab\u00e1zi <strong>p\u0159ejmenovat v\u0161echny tabulky<\/strong>.&nbsp;<\/p>\n\n\n\n<p>Nebo m\u016f\u017eete pou\u017e\u00edt plugin Brozzme DB Prefix &amp; Tool Adons<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/change-prefix.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"960\" height=\"321\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/change-prefix.png\" alt=\"\" class=\"wp-image-6028\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/change-prefix.png 960w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/change-prefix-300x100.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/change-prefix-768x257.png 768w\" sizes=\"(max-width: 960px) 100vw, 960px\" \/><\/a><\/figure>\n\n\n\n<p>Ten v\u00e1m umo\u017en\u00ed z administrace pom\u011brn\u011b jednodu\u0161e zm\u011bnit prefix datab\u00e1ze. Najdete jej zde <a href=\"https:\/\/wordpress.org\/plugins\/brozzme-db-prefix-change\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wordpress.org\/plugins\/brozzme-db-prefix-change\/<\/a><\/p>\n\n\n\n<p>Pamatujte &#8211; <strong>z\u00e1lohovat, z\u00e1lohovat, z\u00e1lohovat<\/strong>. Ne v\u017edy se v\u0161echno povede a ne v\u017edy pluginy ud\u011blaj\u00ed p\u0159esn\u011b to co tvrd\u00ed.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"automaticke-aktualizace\">Automatick\u00e9 aktualizace &#8211; j\u00e1dro<\/h3>\n\n\n\n<p>Jako core, neboli j\u00e1dro, ozna\u010dujeme soubory WordPressu, kter\u00e9 jsou obsa\u017eeny v rootu a ve slo\u017ek\u00e1ch <strong>wp-includes a wp-admin<\/strong>. A pomoc\u00ed definice v configu, m\u016f\u017eeme povolit automatick\u00e9 aktualizace j\u00e1dra.&nbsp;<\/p>\n\n\n\n<p><strong>Proto\u017ee se WordPress st\u00e1le vyv\u00edj\u00ed a z\u00e1rove\u0148 se odstra\u0148uj\u00ed p\u0159\u00edpadn\u00e9 bezpe\u010dnostn\u00ed chyby, jsou aktualizace rozd\u011bleny do t\u0159\u00ed typ\u016f:<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\"><li><strong>v\u00fdvojov\u00e9 aktualizace<\/strong> &#8211; jsou dostupn\u00e9 pouze, kdy\u017e jste v development re\u017eimu<\/li><li><strong>minor aktualizace<\/strong> &#8211; \u00fadr\u017eba a bezpe\u010dnost<\/li><li><strong>major aktualizace<\/strong><\/li><\/ol>\n\n\n\n<p>Prvn\u00ed typ n\u00e1s nezaj\u00edm\u00e1, je ur\u010den pro v\u00fdvoj\u00e1\u0159e, kte\u0159\u00ed testuj\u00ed nov\u00e9 funkce. Pro povolen\u00ed automatick\u00fdch aktualizac\u00ed jsou pro n\u00e1s d\u016fle\u017eit\u00e9 minor a major aktualizace.&nbsp;<\/p>\n\n\n\n<p>V komunit\u011b kolem WordPressu, doch\u00e1z\u00ed neust\u00e1le k <strong>testov\u00e1n\u00ed zranitelnosti j\u00e1dra<\/strong> a v p\u0159\u00edpad\u011b, \u017ee je n\u011bjak\u00e1 chyba objevena, dojde k jej\u00ed oprav\u011b.&nbsp;<\/p>\n\n\n\n<p>Pak je vyd\u00e1na minor aktualizace, proto\u017ee neobsahuje \u017e\u00e1dn\u00e9 vylep\u0161en\u00ed, nebo nov\u011b p\u0159idan\u00e9 funkce. To je dom\u00e9nou major aktualizac\u00ed. A pokud by v\u00e1s zm\u00e1tlo \u010d\u00edslov\u00e1n\u00ed verz\u00ed, zde je<strong> p\u0159\u00edklad minor aktualizace<\/strong>:<\/p>\n\n\n\n<p>Objev\u00ed se bezpe\u010dnostn\u00ed probl\u00e9m a vy m\u00e1te nainstalov\u00e1n WordPress verze 5.7. &#8211; <strong>minor aktualizace bude m\u00edt \u010d\u00edslo 5.7.1.<\/strong><\/p>\n\n\n\n<p>V p\u0159\u00edpad\u011b, \u017ee m\u00e1te nainstalov\u00e1nu star\u0161\u00ed verzi, nap\u0159\u00edklad 5.5. &#8211; <strong>minor aktualizace bude m\u00edt \u010d\u00edslo 5.5.1.<\/strong><\/p>\n\n\n\n<p>D\u016fvodem je ochr\u00e1n\u011bn\u00ed v\u0161ech podporovan\u00fdch verz\u00ed WordPressu, ne jen t\u011bch aktu\u00e1ln\u00edch.&nbsp;<\/p>\n\n\n\n<p>Vysv\u011btluji to proto\u017ee, kdy\u017e budete povolovat <strong>automatick\u00e9 aktualizace j\u00e1dra<\/strong>, mus\u00edte se rozhodnout, zda je chcete povolit pro oboje, nebo jen pro minor. Osobn\u011b doporu\u010duji jen minor a jen v p\u0159\u00edpad\u011b, \u017ee se o web nestar\u00e1te denn\u011b, nebo na to nem\u00e1te webmastera,&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Povolen\u00ed automatick\u00fdch aktualizac\u00ed j\u00e1dra:<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">define( \u2018WP_AUTO_UPDATE_CORE\u2019, true );<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\">Povolen\u00ed automatick\u00fdch aktualizac\u00ed j\u00e1dra pro minor verze:<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">define( \u2018WP_AUTO_UPDATE_CORE\u2019, \u2018minor\u2019 );<\/pre>\n\n\n\n<p>V\u00fdhodou minor automatick\u00fdch aktualizac\u00ed, je, \u017ee i kdy\u017e nebudete j\u00e1dro aktualizovat na vy\u0161\u0161\u00ed major verzi, p\u0159i bezpe\u010dnostn\u00edm probl\u00e9mu se v\u00e1m<strong> automaticky zaktualizuje<\/strong> na bezpe\u010dnou verzi.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Vypnut\u00ed editoru soubor\u016f v administraci WordPressu<\/h3>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/editor.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"417\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/editor-1024x417.png\" alt=\"\" class=\"wp-image-6029\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/editor-1024x417.png 1024w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/editor-300x122.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/editor-768x312.png 768w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/editor-1536x625.png 1536w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/editor.png 1740w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p>Administrace WordPressu obsahuje <strong>editor soubor\u016f \u0161ablon a plugin\u016f<\/strong>. Pomoc\u00ed n\u011bj, m\u016f\u017eete zasahovat do k\u00f3du a m\u011bnit jej. P\u0159esto\u017ee jej tak\u00e9 n\u011bkdy pou\u017eiji &#8211; p\u0159edev\u0161\u00edm, kdy\u017e je t\u0159eba ud\u011blat rychl\u00e1 oprava a nen\u00ed p\u0159\u00edstup na FTP, m\u011bl by b\u00fdt z <strong>bezpe\u010dnostn\u00edch d\u016fvod\u016f zak\u00e1z\u00e1n<\/strong>.&nbsp;<\/p>\n\n\n\n<p>Kdy\u017e pomineme to, \u017ee nezku\u0161en\u00fd u\u017eivatel m\u016f\u017ee pomoc\u00ed p\u0159eklepu v souboru shodit cel\u00fd web (u\u017e to by m\u011bl b\u00fdt dostate\u010dn\u00fd d\u016fvod), tak je to pom\u011brn\u011b velk\u00e9 <strong>bezpe\u010dnost\u00ed riziko<\/strong>, v p\u0159\u00edpad\u011b, \u017ee m\u00e1te web, kde umo\u017e\u0148ujete registraci u\u017eivatel\u016f. V r\u016fzn\u00fdch pluginech se objevuj\u00ed \u010das od \u010dasu chyby, kter\u00e9 umo\u017en\u00ed u\u017eivateli zm\u011bnit si opr\u00e1vn\u011bn\u00ed.&nbsp;<\/p>\n\n\n\n<p>Jakmile se dostane k editoru, nic mu nebr\u00e1n\u00ed v zaps\u00e1n\u00ed <strong>\u0161kodliv\u00e9ho k\u00f3du<\/strong> do \u0161ablony, nebo pluginu.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Pro vypnut\u00ed editoru sta\u010d\u00ed do wp_config.php p\u0159idat \u0159\u00e1dek:<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">define( \u2018DISALLOW_FILE_MODS\u2019, true );<\/pre>\n\n\n\n<p>N\u00e1sledn\u011b pak ji\u017e v podmenu plugin\u016f a vzhledu, nenajdete polo\u017eku editor.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Automatick\u00e1 aktualizace \u0161ablon a plugin\u016f<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/helphub-update-theme-enable.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"855\" height=\"412\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/helphub-update-theme-enable.png\" alt=\"\" class=\"wp-image-6030\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/helphub-update-theme-enable.png 855w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/helphub-update-theme-enable-300x145.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/helphub-update-theme-enable-768x370.png 768w\" sizes=\"(max-width: 855px) 100vw, 855px\" \/><\/a><\/figure>\n\n\n\n<p>Automatick\u00e1 aktualizace \u0161ablon a plugin\u016f z hlediska bezpe\u010dnosti je technika, jen\u017e nen\u00ed pou\u017eiteln\u00e1 pro ka\u017ed\u00e9ho. Z m\u00e9ho pohledu je ve v\u011bt\u0161in\u011b p\u0159\u00edpad\u016f nepou\u017eiteln\u00e1 pro v\u011bt\u0161inu web\u016f. <strong>Ekosyst\u00e9m WordPressu je natolik chaotick\u00fd<\/strong>, \u017ee nem\u016f\u017eete nikdy p\u0159edem v\u011bd\u011bt, zda v\u00e1m aktualizace nezbo\u0159\u00ed web. Tak\u017ee, pokud m\u00e1te blog, kde pou\u017e\u00edv\u00e1te defaultn\u00ed \u0161ablonu, m\u00e1te tam seo plugin a t\u0159eba dal\u0161\u00edch p\u011bt hojn\u011b pou\u017e\u00edvan\u00fdch plugin\u016f, tak ano, <strong>ale osobn\u011b bych to neriskoval<\/strong>.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">P\u0159esto nem\u016f\u017ee b\u00fdt tato mo\u017enost opominuta.&nbsp;<\/h4>\n\n\n\n<p>WordPress od verze 5.5 umo\u017e\u0148uje administr\u00e1tor\u016fm <strong>zapnout automatickou aktualizaci<\/strong> \u0161ablona a plugin\u016f p\u0159\u00edmo z administrace. Tak\u017ee nemus\u00edte \u0159e\u0161it k\u00f3d a sta\u010d\u00ed jen u ka\u017ed\u00e9 \u0161ablony a pluginu aktualizaci povolit.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/helphub-update-plugins-enable-1.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"368\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/helphub-update-plugins-enable-1-1024x368.png\" alt=\"\" class=\"wp-image-6031\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/helphub-update-plugins-enable-1-1024x368.png 1024w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/helphub-update-plugins-enable-1-300x108.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/helphub-update-plugins-enable-1-768x276.png 768w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/helphub-update-plugins-enable-1.png 1193w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p>Samoz\u0159ejm\u011b, \u017ee i toto lze vy\u0159e\u0161it pomoc\u00ed k\u00f3du a to pou\u017eit\u00edm filtr\u016f, kter\u00e9 um\u00ed tuto mo\u017enost vypnout, nebo zapnout. Krom\u011b aktualizace \u0161ablon a plugin\u016f uv\u00e1d\u00edm i <strong>filtr pro povolen\u00ed automatick\u00e9 aktualizace p\u0159eklad\u016f<\/strong>.&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">add_filter( \u2018auto_update_theme\u2019, \u2018__return_true\u2019);\nadd_filter( \u2018auto_update_plugin\u2019, \u2018__return_true\u2019);\nadd_filter( \u2018auto_update_translation\u2019, \u2018__return_true\u2019);<\/pre>\n\n\n\n<p>P\u0159esto\u017ee automatick\u00e9 aktualizace jsou uv\u00e1d\u011bny jako zv\u00fd\u0161en\u00ed zabezpe\u010den\u00ed webu, j\u00e1 je nepou\u017e\u00edv\u00e1m. Riziko, \u017ee v\u00e1m web nebude fungovat je p\u0159\u00edli\u0161 velk\u00e9 a to riziko za to nestoj\u00ed. Jedin\u00e1 vyj\u00edmka jsou minor aktualizace j\u00e1dra.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"zakazani-prochazeni\">Zak\u00e1z\u00e1n\u00ed proch\u00e1zen\u00ed a indexace slo\u017eek<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/zobrazeni-slozky.jpg\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"562\" height=\"363\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/zobrazeni-slozky.jpg\" alt=\"\" class=\"wp-image-6032\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/zobrazeni-slozky.jpg 562w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/zobrazeni-slozky-300x194.jpg 300w\" sizes=\"(max-width: 562px) 100vw, 562px\" \/><\/a><\/figure>\n\n\n\n<p>Mo\u017enost proch\u00e1zen\u00ed slo\u017eek webu nen\u00ed moc obvykl\u00e1, p\u0159esto se u n\u011bkter\u00fdch web\u016f m\u016f\u017ee vyskytnout. To co vid\u00edte na obr\u00e1zku, je<strong> ve\u0159ejn\u011b p\u0159\u00edstupn\u00e1 slo\u017eka uploads<\/strong>. Co\u017e je \u0161patn\u011b z n\u011bkolika d\u016fvod\u016f. Spr\u00e1vn\u011b m\u00e1te vid\u011bt n\u011bco takov\u00e9ho:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/slozka-uploads.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"262\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/slozka-uploads-1024x262.png\" alt=\"\" class=\"wp-image-6033\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/slozka-uploads-1024x262.png 1024w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/slozka-uploads-300x77.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/slozka-uploads-768x197.png 768w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/slozka-uploads.png 1187w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/a><\/figure>\n\n\n\n<p>Co\u017e znamen\u00e1, \u017ee <strong>do slo\u017eky se z prohl\u00ed\u017ee\u010de nedostanete<\/strong>. Toto je sice slo\u017eka uploads, nem\u011bl by to b\u00fdt v\u00fdznamn\u00fd bezpe\u010dnostn\u00ed probl\u00e9m, ale ostatn\u00ed slo\u017eky, ji\u017e ano. Kdy\u017e toti\u017e n\u011bkdo bude schopen zobrazit obsah slo\u017eky, m\u016f\u017ee scanovat web, zda se v n\u011bm nenach\u00e1z\u00ed n\u011bjak\u00fd soubor <strong>obsahuj\u00edc\u00ed zranitelnost<\/strong>. V\u011bt\u0161ina takov\u00fdch \u00fatok\u016f prob\u00edh\u00e1 automatizovan\u011b a vy si ani nemus\u00edte b\u00fdt v\u011bdomi toho, \u017ee se v\u00e1m n\u011bkdo prohrabuje webem.&nbsp;<\/p>\n\n\n\n<p>Kdy\u017e pominu to, \u017ee se jedn\u00e1 o bezpe\u010dnostn\u00ed riziko, tak <strong>druhou nep\u0159\u00edjemnou v\u011bc\u00ed<\/strong> je, \u017ee n\u011bkdo zvenku, zjist\u00ed co m\u00e1te ulo\u017eeno na webu. Co\u017e m\u016f\u017ee b\u00fdt i Google. <\/p>\n\n\n\n<p>Pod\u00edvejte se na v\u00fdsledky vyhled\u00e1v\u00e1n\u00ed, kolik pdf soubor\u016f indexuje &#8211; <a href=\"https:\/\/bit.ly\/2UrSWSG\" target=\"_blank\" rel=\"noopener\">https:\/\/bit.ly\/2UrSWSG<\/a><\/p>\n\n\n\n<p>To nemus\u00ed b\u00fdt \u00fapln\u011b \u0161patn\u011b, pokud v\u00e1m nevad\u00ed, \u017ee jsou <strong>soubory ve\u0159ejn\u011b<\/strong>.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Jak tomu zabr\u00e1nit?&nbsp;<\/h4>\n\n\n\n<p><strong>Nastaven\u00ed na serveru<\/strong> &#8211; ide\u00e1ln\u00ed z\u00e1le\u017eitost, nap\u0159\u00edklad cPanel v\u00e1m umo\u017e\u0148uje vypnout p\u0159\u00edstup do ur\u010dit\u00fdch slo\u017eek.<\/p>\n\n\n\n<p><strong>Htaccess <\/strong>&#8211; druh\u00e1 nejlep\u0161\u00ed mo\u017enost je upravit soubor htaccess tak, \u017ee na konec souboru p\u0159id\u00e1te \u0159\u00e1dek:&nbsp;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">Options - Indexes<\/pre>\n\n\n\n<p><strong>Pluginem <\/strong>&#8211; v\u011bt\u0161ina bezpe\u010dnostn\u00edch plugin\u016f tohle um\u00ed a nen\u00ed probl\u00e9m to nastavit.&nbsp;&nbsp;<\/p>\n\n\n\n<p>V ka\u017ed\u00e9m p\u0159\u00edpad\u011b, toto by m\u011bl m\u00edt ji\u017e v z\u00e1kladu vy\u0159e\u0161en hosting, nebo ten, kdo v\u00e1m poskytuje m\u00edsto na serveru. Kdy\u017e se budete spol\u00e9hat na to, \u017ee \u201cse to p\u0159id\u00e1\u201d do htaccess, d\u0159\u00edv nebo pozd\u011bji na to n\u011bkde zapomenete.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"blokovani-restapi\">Blokov\u00e1n\u00ed Rest API<\/h2>\n\n\n\n<p><strong>Rest API ve WordPressu<\/strong> je super v\u011bc. Na druhou stranu, umo\u017e\u0148uje z\u00edskat v\u00fdpis u\u017eivatel\u016f a ten pak v dal\u0161\u00edm kroku vyu\u017eije \u00fato\u010dn\u00edk k pokusu o prolomen\u00ed hesla.&nbsp;<\/p>\n\n\n\n<p>Probl\u00e9mem se <strong>z\u00edsk\u00e1n\u00edm seznamu u\u017eivatel\u016f<\/strong> se podrobn\u011b zab\u00fdval <a href=\"https:\/\/twitter.com\/smitka\" target=\"_blank\" rel=\"noopener\"><strong>Vl\u00e1\u010fa Smitka<\/strong><\/a> a na sv\u00e9m Gistu uve\u0159ejnil k\u00f3d, kter\u00fd citliv\u00e1 data zobraz\u00ed jen u\u017eivateli se spr\u00e1vn\u00fdm opr\u00e1vn\u011bn\u00edm <a href=\"https:\/\/gist.github.com\/lynt-smitka\/2e61c7eb545ab6a162fbc57f17b3adae\" target=\"_blank\" rel=\"noopener\">https:\/\/gist.github.com\/lynt-smitka\/2e61c7eb545ab6a162fbc57f17b3adae<\/a><\/p>\n\n\n\n<p>Druhou mo\u017enost\u00ed je <strong>zak\u00e1zat Rest API \u00fapln\u011b<\/strong>. To ale nelze v\u017edy, jen u web\u016f, kter\u00e9 Rest API v\u016fbec nepou\u017e\u00edvaj\u00ed a t\u0159eba u e-shop\u016f to prost\u011b <strong>nejde<\/strong>.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Vypnout Rest API m\u016f\u017eete pomoc\u00ed k\u00f3du:<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\">add_filter( \u2018rest_authentications_errors\u2019, function( $result ){\n       return new WP_Error('rest_not_logged_in',\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;__( 'You are not currently logged in.' ),\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;array( 'status' =&gt; 401 )\n&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;);&nbsp;\n}&nbsp;<\/pre>\n\n\n\n<p>T\u00edm budete ka\u017ed\u00e9mu \u0159\u00edkat, \u017ee nen\u00ed p\u0159ihl\u00e1\u0161en a request se neprovede.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/disable-rest-api.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"993\" height=\"279\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/disable-rest-api.png\" alt=\"\" class=\"wp-image-6034\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/disable-rest-api.png 993w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/disable-rest-api-300x84.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/disable-rest-api-768x216.png 768w\" sizes=\"(max-width: 993px) 100vw, 993px\" \/><\/a><\/figure>\n\n\n\n<p>Proto\u017ee<strong> WordPress m\u00e1 pluginy na v\u0161echno<\/strong>, tak i pro vypnut\u00ed Rest API m\u016f\u017eete pou\u017e\u00edt plugin z WordPress.org &#8211; <a href=\"https:\/\/cs.wordpress.org\/plugins\/disable-wp-rest-api\/\" target=\"_blank\" rel=\"noopener\">https:\/\/cs.wordpress.org\/plugins\/disable-wp-rest-api\/<\/a><\/p>\n\n\n\n<p>V ka\u017ed\u00e9m p\u0159\u00edpad\u011b, si deaktivaci \u0159\u00e1dn\u011b rozmyslete, proto\u017ee pokud pou\u017e\u00edv\u00e1te n\u011bjak\u00e9 <strong>propojen\u00ed na t\u0159et\u00ed strany<\/strong>, mohou oni Rest API vy\u017eadovat a \u010d\u00edm d\u00e1l v\u00edce plugin\u016f jej za\u010d\u00edn\u00e1 pou\u017e\u00edvat i v r\u00e1mci webu.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"Blokace-XMLRPC\">Blokace XMLRPC<\/h2>\n\n\n\n<p>XMLRPC je syst\u00e9m, kter\u00fd umo\u017e\u0148uje vzd\u00e1lenou pr\u00e1ci s WordPressem. N\u011bkter\u00e9 aplikace pro publikaci \u010dl\u00e1nk\u016f jej vyu\u017e\u00edvaj\u00ed pro vkl\u00e1d\u00e1n\u00ed obsahu na web. Osobn\u011b jsem to nikdy nevyu\u017eil. Mysl\u00edm si, \u017ee v sou\u010dasn\u00e9 dob\u011b je lep\u0161\u00ed pou\u017e\u00edvat Rest API a p\u0159es XMLRPC jde dost <strong>automatizovan\u00fdch \u00fatok\u016f<\/strong>, kter\u00e9 hledaj\u00ed slab\u00e9 m\u00edsto ve va\u0161em webu.&nbsp;<\/p>\n\n\n\n<p>Tak\u017ee, pokud XMLRPC nepot\u0159ebujete, deaktivujte jej.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/disable-xmlrpc.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"959\" height=\"322\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/disable-xmlrpc.png\" alt=\"\" class=\"wp-image-6036\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/disable-xmlrpc.png 959w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/disable-xmlrpc-300x101.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/disable-xmlrpc-768x258.png 768w\" sizes=\"(max-width: 959px) 100vw, 959px\" \/><\/a><\/figure>\n\n\n\n<p>M\u016f\u017eete jej vypnout jednoduch\u00fdm pluginem Manage XML RPC, kter\u00fd najdete na WordPress.org &#8211; <a href=\"https:\/\/wordpress.org\/plugins\/manage-xml-rpc\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wordpress.org\/plugins\/manage-xml-rpc\/<\/a><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Nebo m\u016f\u017eete do htaccess p\u0159idat direktivu:<\/h4>\n\n\n\n<pre class=\"wp-block-preformatted\"># Block WordPress xmlrpc.php requests\n&lt;Files xmlrpc.php&gt;\norder deny,allow\ndeny from all\nallow from 123.123.123.123\n&lt;\/Files&gt;<\/pre>\n\n\n\n<p>A samoz\u0159ejm\u011b, \u017ee WordPress m\u00e1 i na toto filtr, pro pou\u017eit\u00ed v k\u00f3du:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">add_filter('xmlrpc_enabled', '__return_false');<\/pre>\n\n\n\n<p>Za mne, je lep\u0161\u00ed XMLRPC na ka\u017ed\u00e9m webu vyp\u00ednat, pokud jej n\u011bjak\u00fd plugin vysloven\u011b nevy\u017eaduje.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"hide-wp\">Zt\u00ed\u017een\u00ed rozezn\u00e1n\u00ed instalace WordPressu, nebo verze plugin\u016f<\/h2>\n\n\n\n<p>Prvn\u00edm krokem, p\u0159i \u00fatoku na str\u00e1nky, je <strong>rozeznat, na jak\u00e9m syst\u00e9mu b\u011b\u017e\u00ed<\/strong>. V p\u0159\u00edpad\u011b WordPressu to je pom\u011brn\u011b jednoduch\u00e9. T\u00edm \u017ee \u00fato\u010dn\u00edk zjist\u00ed, \u017ee jde o WordPress, m\u016f\u017ee nasadit n\u011bkter\u00fd z p\u0159ipraven\u00fdch \u00fatok\u016f.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>prolomen\u00ed hesla pomoc\u00ed p\u0159ihla\u0161ovac\u00edho formul\u00e1\u0159e<\/li><li>hled\u00e1n\u00ed \u0161ablon a plugin\u016f, u kter\u00fdch je zn\u00e1m\u00e1 zranitelnost a nejsou aktualizov\u00e1ny<\/li><li>to sam\u00e9 u j\u00e1dra WordPressu<\/li><li>a dal\u0161\u00ed v\u00fd\u0161e popsan\u00e9\u2026.<\/li><\/ul>\n\n\n\n<p>V\u011bt\u0161ina t\u011bchto \u00fatok\u016f<strong> nen\u00ed nijak c\u00edlen\u00e1<\/strong>, jde sp\u00ed\u0161e o plo\u0161n\u00e9 skenov\u00e1n\u00ed, kdy je v\u00e1\u0161 web v n\u011bjak\u00e9 datab\u00e1zi WordPress web\u016f a pouze se hled\u00e1, zda nen\u00ed n\u011bkde skulinka.&nbsp;<\/p>\n\n\n\n<p>V\u00fdborn\u00fd p\u0159\u00edklad byla <strong>zranitelnost v pluginu Revolution Slider<\/strong>, kter\u00fd je v \u0159ad\u011b \u0161ablon a mohli jste si b\u00fdt jisti, \u017ee pokud jste jej nezaktualizovali, b\u011bhem n\u011bkolika dn\u00ed v\u00e1m n\u011bkdo web hacknul.&nbsp;<\/p>\n\n\n\n<p>\u00dato\u010dn\u00edk zjistil, \u017ee v\u00e1\u0161 <strong>web jede na WordPressu<\/strong>, zkontroloval, zda m\u00e1te nainstalovan\u00fd Revolution Slider a jakou verzi. a by jste m\u011bli probl\u00e9m.&nbsp;<\/p>\n\n\n\n<p>Samoz\u0159ejm\u011b, \u017ee nejlep\u0161\u00ed ochrana je aktualizace, ale existuj\u00ed postupy a pluginy, kter\u00e9 se sna\u017e\u00ed \u00fato\u010dn\u00edk\u016fm zt\u00ed\u017eit pr\u00e1ci t\u00edm, \u017ee skr\u00fdvaj\u00ed zn\u00e1mky toho, \u017ee jde o WordPress.&nbsp;<\/p>\n\n\n\n<p>To je sice re\u00e1ln\u011b t\u00e9m\u011b\u0159 nemo\u017en\u00e9, ale p\u0159esto to m\u016f\u017eete ocenit v honb\u011b za <strong>bezpe\u010dn\u011bj\u0161\u00edm webem<\/strong>.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Seznam v\u0161eho, co m\u016f\u017eete skr\u00fdt a jak, by p\u0159es\u00e1hl rozsah tohoto \u010dl\u00e1nku, proto jen to nejpou\u017e\u00edvan\u011bj\u0161\u00ed :<\/h4>\n\n\n\n<ul class=\"wp-block-list\"><li>odebr\u00e1n\u00ed verze WordPressu z k\u00f3du webu<\/li><li>odstran\u011bn\u00ed wlwmanifest meta<\/li><li>odstran\u011bn\u00ed rsd_link meta<\/li><li>odebr\u00e1n\u00ed emoji<\/li><li>odstran\u011bn\u00ed pinback tagu<\/li><li>zm\u011bny obvykl\u00fdch url a cest, jako jsou wp-admin, wp-content, wp-includes, uploads a dal\u0161\u00edch<\/li><li>minifikace html, css a javascriptu<\/li><\/ul>\n\n\n\n<p>V podstat\u011b jde o <strong>odebr\u00e1n\u00ed v\u0161ech zn\u00e1mek, \u017ee jde o WordPress<\/strong>. Ov\u0161em, jde to jen do ur\u010dit\u00e9 m\u00edry. Sta\u010d\u00ed jeden request na Rest API url a je jasn\u00e9, \u017ee jde o WordPress (pokud tedy nen\u00ed pln\u011b blokov\u00e1no). Sice je mo\u017en\u00e9 url wp-json\/wp\/v2\/ modifikovat, ale pouze z \u010d\u00e1sti, kdy lze zm\u011bnit url prefix wp-json, pomoc\u00ed filtru rest_url_prefix. \u010c\u00e1st wp\/v2\/&nbsp; z\u016fst\u00e1v\u00e1 stejn\u00e1, proto\u017ee jde o namespace.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/p-hide.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"954\" height=\"320\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/p-hide.png\" alt=\"\" class=\"wp-image-6037\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/p-hide.png 954w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/p-hide-300x101.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/p-hide-768x258.png 768w\" sizes=\"(max-width: 954px) 100vw, 954px\" \/><\/a><\/figure>\n\n\n\n<p>Kdy\u017e u\u017e se rozhodnete, \u017ee chcete schovat co nejv\u00edce zn\u00e1me p\u0159\u00edtomnosti WordPressu, m\u016f\u017eete pou\u017e\u00edt plugin WP Hide &#8211; <a href=\"https:\/\/wordpress.org\/plugins\/wp-hide-security-enhancer\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wordpress.org\/plugins\/wp-hide-security-enhancer\/<\/a>, p\u0159\u00edpadn\u011b jeho premium verzi &#8211; <a href=\"https:\/\/www.wp-hide.com\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.wp-hide.com\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"bezpecnostni-pluginy\">Bezpe\u010dnostn\u00ed pluginy<\/h2>\n\n\n\n<p>V\u0161echny kapitoly tohoto \u010dl\u00e1nku se t\u00fdkaly jednotliv\u00fdch bezpe\u010dnostn\u00edch probl\u00e9m\u016f. Odkazovan\u00e9 pluginy \u0159e\u0161ily v\u011bt\u0161inou jeden konkr\u00e9tn\u00ed probl\u00e9m. Na z\u00e1v\u011br chci je\u0161t\u011b p\u0159idat n\u011bkolik plugin\u016f, kter\u00e9 jsou pon\u011bkud komplexn\u011bj\u0161\u00ed a z nich\u017e osobn\u011b vyu\u017e\u00edv\u00e1m WordFence<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/wordfence.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"955\" height=\"320\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/wordfence.png\" alt=\"\" class=\"wp-image-6038\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/wordfence.png 955w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/wordfence-300x101.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/wordfence-768x257.png 768w\" sizes=\"(max-width: 955px) 100vw, 955px\" \/><\/a><\/figure>\n\n\n\n<p>Pou\u017e\u00edv\u00e1m p\u0159edev\u0161\u00edm kv\u016fli dvoufaktorov\u00e9 autorizaci p\u0159i p\u0159ihl\u00e1\u0161en\u00ed a p\u0159ehledn\u00e9mu scanu. Tro\u0161ku n\u00e1ro\u010dn\u011bj\u0161\u00ed na server &#8211; <a href=\"https:\/\/wordpress.org\/plugins\/wordfence\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wordpress.org\/plugins\/wordfence\/<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/ithems-security.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"950\" height=\"315\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/ithems-security.png\" alt=\"\" class=\"wp-image-6039\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/ithems-security.png 950w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/ithems-security-300x99.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/ithems-security-768x255.png 768w\" sizes=\"(max-width: 950px) 100vw, 950px\" \/><\/a><\/figure>\n\n\n\n<p>P\u016fvodn\u011b Better WP Security, p\u0159ejmenovan\u00fd na iThemes Security. Ob\u010das jsem m\u00edval probl\u00e9m s t\u00edm, \u017ee kdy\u017e se p\u0159e\u017eene nastaven\u00ed, tak se do adminu nedostane ani ten kdo m\u00e1 &#8211; <a href=\"https:\/\/wordpress.org\/plugins\/better-wp-security\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wordpress.org\/plugins\/better-wp-security\/<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/all-in-one-wp.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"952\" height=\"430\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/all-in-one-wp.png\" alt=\"\" class=\"wp-image-6040\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/all-in-one-wp.png 952w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/all-in-one-wp-300x136.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/all-in-one-wp-768x347.png 768w\" sizes=\"(max-width: 952px) 100vw, 952px\" \/><\/a><\/figure>\n\n\n\n<p>Komplexn\u00ed plugin, obsahuj\u00edc\u00ed t\u00e9m\u011b\u0159 v\u0161e co pot\u0159ebujete k zabezpe\u010den\u00ed webu. Kdybych nepou\u017e\u00edval WordFence, zvolili bych z\u0159ejm\u011b All in One &#8211; <a href=\"https:\/\/wordpress.org\/plugins\/all-in-one-wp-security-and-firewall\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wordpress.org\/plugins\/all-in-one-wp-security-and-firewall\/<\/a><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/shield-security.png\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" width=\"978\" height=\"342\" src=\"https:\/\/musilda.cz\/wp-content\/uploads\/2021\/07\/shield-security.png\" alt=\"\" class=\"wp-image-6041\" srcset=\"https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/shield-security.png 978w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/shield-security-300x105.png 300w, https:\/\/affinite.io\/cs\/wp-content\/uploads\/sites\/2\/2021\/07\/shield-security-768x269.png 768w\" sizes=\"(max-width: 978px) 100vw, 978px\" \/><\/a><\/figure>\n\n\n\n<p>Velmi dobr\u00fd plugin, p\u0159edev\u0161\u00edm z hlediska ochrany proti spamu. Kdyby to z toho n\u011bjak vypreparovali, pou\u017e\u00edval bych to v kombinaci s WordFence &#8211; <a href=\"https:\/\/wordpress.org\/plugins\/wp-simple-firewall\/\" target=\"_blank\" rel=\"noopener\">https:\/\/wordpress.org\/plugins\/wp-simple-firewall\/<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Z\u00e1v\u011br<\/h2>\n\n\n\n<p>P\u0159esto\u017ee se d\u00e1 ur\u010dit\u011b ud\u011blat v\u00edce, po zabezpe\u010den\u00ed va\u0161eho webu, do\u0161li jsme na konec. Plugin\u016f pro zabezpe\u010den\u00ed tak\u00e9 najdete daleko v\u00edce, ale sna\u017eil jsem se doporu\u010dovat ty, kter\u00e9 jsem ji\u017e vyzkou\u0161el.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Najm\u011bte si n\u00e1s<\/h2>\n\n\n\n<p>Pokud pot\u0159ebujete pomoci se zabezpe\u010den\u00ed, <a href=\"https:\/\/musilda.com\/odvirovani-wordpress-webu\/\" target=\"_blank\" rel=\"noreferrer noopener\">odvirov\u00e1n\u00ed WordPressu<\/a>, nebo jen s \u00fadr\u017ebou va\u0161eho webu, j\u00e1 i m\u00ed kolegov\u00e9 v\u00e1m budeme n\u00e1pomocni. Sta\u010d\u00ed napsat na <a href=\"mailto:musilda@musilda.com\">musilda@musilda.cz<\/a>, co p\u0159esn\u011b pot\u0159ebujete. <\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Jako ka\u017ed\u00fd open source, se WordPress pot\u00fdk\u00e1 s \u00fatoky a bezpe\u010dnost nen\u00ed radno podce\u0148ovat. Doby, kdy byl internet dom\u00e9nou nad\u0161enc\u016f jsou d\u00e1vno pry\u010d a z \u201conlinu\u201d se stal regul\u00e9rn\u00ed podnikatelsk\u00fd obor.&nbsp; A stejn\u011b tak, jako si na sklad zbo\u017e\u00ed d\u00e1te m\u0159\u00ed\u017ee a bezpe\u010dnostn\u00ed dve\u0159e, mus\u00edte si ochr\u00e1nit sv\u016fj virtu\u00e1ln\u00ed majetek. Zabezpe\u010den\u00ed WordPressu se d\u00e1 rozd\u011blit<\/p>\n","protected":false},"author":1,"featured_media":1775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[6],"tags":[69,78,81,82,248],"class_list":["post-5976","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","tag-aktualizace","tag-automaticka-aktualizace-wordpress","tag-bezpecnost","tag-bezpecnost-wordpress","tag-napadeny-web"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/5976"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=5976"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/5976\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/1775"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=5976"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=5976"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=5976"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}