B\u1ea1n c\u00f3 bi\u1ebft r\u1eb1ng c\u1ee9 10 website WordPress th\u00ec c\u00f3 t\u1edbi 7 website \u0111\u1ed1i m\u1eb7t v\u1edbi nguy c\u01a1 b\u1ecb t\u1ea5n c\u00f4ng? Con s\u1ed1 73% n\u00e0y kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ed9t th\u1ed1ng k\u00ea kh\u00f4 khan m\u00e0 l\u00e0 h\u1ed3i chu\u00f4ng c\u1ea3nh b\u00e1o cho h\u00e0ng tri\u1ec7u ch\u1ee7 website tr\u00ean to\u00e0n th\u1ebf gi\u1edbi. H\u00e3y t\u01b0\u1edfng t\u01b0\u1ee3ng b\u1ea1n th\u1ee9c d\u1eady v\u00e0o m\u1ed9t bu\u1ed5i s\u00e1ng, m\u1edf website c\u1ee7a m\u00ecnh v\u00e0 th\u1ea5y to\u00e0n b\u1ed9 n\u1ed9i dung \u0111\u00e3 bi\u1ebfn m\u1ea5t, thay v\u00e0o \u0111\u00f3 l\u00e0 nh\u1eefng qu\u1ea3ng c\u00e1o \u0111en ho\u1eb7c th\u00f4ng b\u00e1o website b\u1ecb hack. \u0110\u00f3 ch\u00ednh l\u00e0 c\u00e2u chuy\u1ec7n c\u00f3 th\u1eadt c\u1ee7a h\u00e0ng ng\u00e0n ch\u1ee7 website WordPress m\u1ed7i ng\u00e0y.<\/p>\n
Trong b\u00e0i vi\u1ebft n\u00e0y, ch\u00fang ta s\u1ebd \u0111i s\u00e2u ph\u00e2n t\u00edch t\u1ea1i sao WordPress l\u1ea1i tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau b\u00e9o b\u1edf c\u1ee7a hacker, nh\u1eefng nguy\u00ean nh\u00e2n ch\u00ednh khi\u1ebfn website d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng, v\u00e0 quan tr\u1ecdng nh\u1ea5t – nh\u1eefng gi\u1ea3i ph\u00e1p c\u1ee5 th\u1ec3, c\u00f3 th\u1ec3 th\u1ef1c hi\u1ec7n ngay \u0111\u1ec3 b\u1ea3o v\u1ec7 t\u00e0i s\u1ea3n s\u1ed1 c\u1ee7a b\u1ea1n. D\u00f9 b\u1ea1n l\u00e0 ng\u01b0\u1eddi m\u1edbi b\u1eaft \u0111\u1ea7u hay \u0111\u00e3 c\u00f3 kinh nghi\u1ec7m, b\u00e0i vi\u1ebft n\u00e0y s\u1ebd cung c\u1ea5p \u0111\u1ea7y \u0111\u1ee7 ki\u1ebfn th\u1ee9c v\u00e0 c\u00f4ng c\u1ee5 \u0111\u1ec3 bi\u1ebfn website WordPress c\u1ee7a b\u1ea1n th\u00e0nh m\u1ed9t ph\u00e1o \u0111\u00e0i ki\u00ean c\u1ed1.<\/p>\n
Anh Minh, ch\u1ee7 m\u1ed9t c\u1eeda h\u00e0ng online b\u00e1n \u0111\u1ed3 handmade t\u1ea1i H\u00e0 N\u1ed9i, \u0111\u00e3 d\u00e0nh 2 n\u0103m x\u00e2y d\u1ef1ng website WordPress v\u1edbi h\u01a1n 500 s\u1ea3n ph\u1ea9m v\u00e0 10.000 kh\u00e1ch h\u00e0ng th\u00e2n thi\u1ebft. M\u1ed9t bu\u1ed5i s\u00e1ng th\u00e1ng 3\/2023, anh nh\u1eadn \u0111\u01b0\u1ee3c h\u00e0ng lo\u1ea1t email ph\u00e0n n\u00e0n t\u1eeb kh\u00e1ch h\u00e0ng v\u1ec1 vi\u1ec7c website hi\u1ec3n th\u1ecb n\u1ed9i dung khi\u00eau d\u00e2m. Khi ki\u1ec3m tra, anh ph\u00e1t hi\u1ec7n website \u0111\u00e3 b\u1ecb hack ho\u00e0n to\u00e0n, database kh\u00e1ch h\u00e0ng b\u1ecb \u0111\u00e1nh c\u1eafp, v\u00e0 Google \u0111\u00e3 \u0111\u01b0a website v\u00e0o blacklist.<\/p>\n
Chi ph\u00ed kh\u00f4i ph\u1ee5c? H\u01a1n 50 tri\u1ec7u \u0111\u1ed3ng cho d\u1ecbch v\u1ee5 chuy\u00ean gia, 3 th\u00e1ng m\u1ea5t doanh thu, v\u00e0 m\u1ea5t \u0111i 40% kh\u00e1ch h\u00e0ng do m\u1ea5t ni\u1ec1m tin. C\u00e2u chuy\u1ec7n c\u1ee7a anh Minh kh\u00f4ng ph\u1ea3i l\u00e0 ngo\u1ea1i l\u1ec7 – \u0111\u00f3 l\u00e0 th\u1ef1c t\u1ebf m\u00e0 h\u00e0ng ng\u00e0n ch\u1ee7 website WordPress \u0111ang \u0111\u1ed1i m\u1eb7t m\u1ed7i ng\u00e0y.<\/p>\n
Con s\u1ed1 73% xu\u1ea5t ph\u00e1t t\u1eeb nghi\u00ean c\u1ee9u c\u1ee7a Sucuri n\u0103m 2023, m\u1ed9t trong nh\u1eefng c\u00f4ng ty b\u1ea3o m\u1eadt website h\u00e0ng \u0111\u1ea7u th\u1ebf gi\u1edbi. Theo b\u00e1o c\u00e1o Website Hacked Trend Report, trong t\u1ed5ng s\u1ed1 c\u00e1c website b\u1ecb hack \u0111\u01b0\u1ee3c ph\u00e2n t\u00edch, WordPress chi\u1ebfm t\u1edbi 73% – m\u1ed9t con s\u1ed1 \u0111\u00e1ng b\u00e1o \u0111\u1ed9ng.<\/p>\n
Tuy nhi\u00ean, \u0111i\u1ec1u quan tr\u1ecdng c\u1ea7n hi\u1ec3u l\u00e0 con s\u1ed1 n\u00e0y kh\u00f4ng c\u00f3 ngh\u0129a WordPress k\u00e9m an to\u00e0n h\u01a1n c\u00e1c n\u1ec1n t\u1ea3ng kh\u00e1c. Th\u1ef1c t\u1ebf, WordPress chi\u1ebfm 43.5% t\u1ed5ng s\u1ed1 website tr\u00ean Internet (theo W3Techs), khi\u1ebfn n\u00f3 tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau b\u00e9o b\u1edf nh\u1ea5t cho hacker. Gi\u1ed1ng nh\u01b0 k\u1ebb tr\u1ed9m th\u01b0\u1eddng nh\u1eafm v\u00e0o nh\u1eefng khu ph\u1ed1 \u0111\u00f4ng d\u00e2n c\u01b0 h\u01a1n, hacker c\u0169ng t\u1eadp trung v\u00e0o n\u1ec1n t\u1ea3ng ph\u1ed5 bi\u1ebfn nh\u1ea5t \u0111\u1ec3 t\u1ed1i \u0111a h\u00f3a "l\u1ee3i nhu\u1eadn".<\/p>\n
C\u00f3 ba l\u00fd do ch\u00ednh khi\u1ebfn WordPress tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau \u01b0a th\u00edch:<\/p>\n
Th\u1ee9 nh\u1ea5t<\/strong>, t\u00ednh ph\u1ed5 bi\u1ebfn t\u1ea1o ra "quy m\u00f4 kinh t\u1ebf" cho hacker. Khi ph\u00e1t tri\u1ec3n m\u1ed9t c\u00f4ng c\u1ee5 t\u1ea5n c\u00f4ng WordPress, hacker c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng n\u00f3 tr\u00ean h\u00e0ng tri\u1ec7u website kh\u00e1c nhau. M\u1ed9t l\u1ed7 h\u1ed5ng trong plugin ph\u1ed5 bi\u1ebfn c\u00f3 th\u1ec3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn h\u00e0ng tr\u0103m ng\u00e0n website c\u00f9ng l\u00fac.<\/p>\n Th\u1ee9 hai<\/strong>, WordPress l\u00e0 n\u1ec1n t\u1ea3ng m\u00e3 ngu\u1ed3n m\u1edf, ngh\u0129a l\u00e0 to\u00e0n b\u1ed9 code \u0111\u1ec1u c\u00f4ng khai. M\u1eb7c d\u00f9 \u0111i\u1ec1u n\u00e0y gi\u00fap c\u1ed9ng \u0111\u1ed3ng ph\u00e1t tri\u1ec3n v\u00e0 c\u1ea3i thi\u1ec7n b\u1ea3o m\u1eadt, nh\u01b0ng c\u0169ng cho ph\u00e9p hacker nghi\u00ean c\u1ee9u v\u00e0 t\u00ecm ra l\u1ed7 h\u1ed5ng d\u1ec5 d\u00e0ng h\u01a1n.<\/p>\n Th\u1ee9 ba<\/strong>, h\u1ec7 sinh th\u00e1i plugin v\u00e0 theme kh\u1ed5ng l\u1ed3 (h\u01a1n 60.000 plugin v\u00e0 10.000 theme) t\u1ea1o ra v\u00f4 s\u1ed1 \u0111i\u1ec3m y\u1ebfu ti\u1ec1m \u1ea9n. M\u1ed7i plugin l\u00e0 m\u1ed9t c\u00e1nh c\u1eeda c\u00f3 th\u1ec3 b\u1ecb m\u1edf n\u1ebfu kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o m\u1eadt \u0111\u00fang c\u00e1ch.<\/p>\n H\u1eadu qu\u1ea3 c\u1ee7a m\u1ed9t v\u1ee5 hack kh\u00f4ng ch\u1ec9 d\u1eebng l\u1ea1i \u1edf vi\u1ec7c m\u1ea5t d\u1eef li\u1ec7u. Theo nghi\u00ean c\u1ee9u c\u1ee7a IBM Security, chi ph\u00ed trung b\u00ecnh cho m\u1ed9t v\u1ee5 vi ph\u1ea1m d\u1eef li\u1ec7u l\u00e0 4.35 tri\u1ec7u USD (t\u01b0\u01a1ng \u0111\u01b0\u01a1ng 100 t\u1ef7 VN\u0110) cho doanh nghi\u1ec7p l\u1edbn.<\/p>\n \u0110\u1ed1i v\u1edbi website v\u1eeba v\u00e0 nh\u1ecf t\u1ea1i Vi\u1ec7t Nam, h\u1eadu qu\u1ea3 bao g\u1ed3m:<\/p>\n Theo Wordfence, 52% c\u00e1c v\u1ee5 hack WordPress xu\u1ea5t ph\u00e1t t\u1eeb l\u1ed7 h\u1ed5ng trong plugin. \u0110\u00e2y l\u00e0 nguy\u00ean nh\u00e2n h\u00e0ng \u0111\u1ea7u v\u00e0 c\u0169ng d\u1ec5 ph\u00f2ng tr\u00e1nh nh\u1ea5t.<\/p>\n Plugin l\u1ed7i th\u1eddi<\/strong> l\u00e0 nh\u1eefng plugin kh\u00f4ng \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt th\u01b0\u1eddng xuy\u00ean. Khi nh\u00e0 ph\u00e1t tri\u1ec3n ph\u00e1t hi\u1ec7n l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt v\u00e0 ph\u00e1t h\u00e0nh b\u1ea3n v\u00e1, nh\u1eefng website kh\u00f4ng c\u1eadp nh\u1eadt s\u1ebd tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau d\u1ec5 d\u00e0ng. Hacker th\u01b0\u1eddng qu\u00e9t h\u00e0ng lo\u1ea1t website \u0111\u1ec3 t\u00ecm nh\u1eefng phi\u00ean b\u1ea3n plugin c\u0169 \u0111\u00e3 c\u00f3 l\u1ed7 h\u1ed5ng c\u00f4ng khai.<\/p>\n Plugin v\u00e0 theme nulled<\/strong> (b\u1ea3n crack kh\u00f4ng b\u1ea3n quy\u1ec1n) c\u00f2n nguy hi\u1ec3m h\u01a1n nhi\u1ec1u. Nh\u1eefng file n\u00e0y th\u01b0\u1eddng ch\u1ee9a s\u1eb5n backdoor, malware ho\u1eb7c code \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c nh\u00fang kh\u00e9o l\u00e9o. Theo nghi\u00ean c\u1ee9u c\u1ee7a Sucuri, 100% theme nulled \u0111\u01b0\u1ee3c ki\u1ec3m tra \u0111\u1ec1u ch\u1ee9a m\u00e3 \u0111\u1ed9c. B\u1ea1n c\u00f3 th\u1ec3 ti\u1ebft ki\u1ec7m \u0111\u01b0\u1ee3c v\u00e0i tr\u0103m ngh\u00ecn \u0111\u1ed3ng, nh\u01b0ng \u0111\u00e1nh \u0111\u1ed5i b\u1eb1ng nguy c\u01a1 m\u1ea5t to\u00e0n b\u1ed9 website.<\/p>\n M\u1eadt kh\u1ea9u "admin\/admin" ho\u1eb7c "admin\/123456" v\u1eabn c\u00f2n ph\u1ed5 bi\u1ebfn \u0111\u1ebfn \u0111\u00e1ng s\u1ee3. Theo NordPass, "123456" v\u1eabn l\u00e0 m\u1eadt kh\u1ea9u \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng nhi\u1ec1u nh\u1ea5t n\u0103m 2023 v\u1edbi h\u01a1n 4.5 tri\u1ec7u l\u1ea7n xu\u1ea5t hi\u1ec7n.<\/p>\n C\u00e1c v\u1ea5n \u0111\u1ec1 ph\u1ed5 bi\u1ebfn v\u1ec1 m\u1eadt kh\u1ea9u:<\/p>\n M\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng brute force (v\u00e9t c\u1ea1n) c\u00f3 th\u1ec3 th\u1eed h\u00e0ng tri\u1ec7u t\u1ed5 h\u1ee3p m\u1eadt kh\u1ea9u trong v\u00e0i gi\u1edd. M\u1eadt kh\u1ea9u y\u1ebfu ch\u1ec9 c\u1ea7n v\u00e0i ph\u00fat \u0111\u1ec3 b\u1ecb ph\u00e1.<\/p>\n WordPress ph\u00e1t h\u00e0nh c\u1eadp nh\u1eadt b\u1ea3o m\u1eadt th\u01b0\u1eddng xuy\u00ean, nh\u01b0ng nhi\u1ec1u ch\u1ee7 website l\u1ea1i b\u1ecf qua nh\u1eefng th\u00f4ng b\u00e1o n\u00e0y. L\u00fd do? S\u1ee3 website b\u1ecb l\u1ed7i sau khi c\u1eadp nh\u1eadt, ho\u1eb7c \u0111\u01a1n gi\u1ea3n l\u00e0 kh\u00f4ng bi\u1ebft c\u00e1ch c\u1eadp nh\u1eadt an to\u00e0n.<\/p>\n Th\u1ed1ng k\u00ea cho th\u1ea5y ch\u1ec9 38% website WordPress \u0111ang ch\u1ea1y phi\u00ean b\u1ea3n m\u1edbi nh\u1ea5t. 62% c\u00f2n l\u1ea1i \u0111ang s\u1eed d\u1ee5ng c\u00e1c phi\u00ean b\u1ea3n c\u0169 v\u1edbi c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt \u0111\u00e3 \u0111\u01b0\u1ee3c c\u00f4ng khai. \u0110\u00e2y gi\u1ed1ng nh\u01b0 vi\u1ec7c b\u1ea1n \u0111\u1ec3 c\u1eeda nh\u00e0 m\u1edf toang d\u00f9 bi\u1ebft c\u00f3 tr\u1ed9m trong khu v\u1ef1c.<\/p>\n M\u1ed7i b\u1ea3n c\u1eadp nh\u1eadt WordPress kh\u00f4ng ch\u1ec9 th\u00eam t\u00ednh n\u0103ng m\u1edbi m\u00e0 c\u00f2n v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt nghi\u00eam tr\u1ecdng. Vi\u1ec7c tr\u00ec ho\u00e3n c\u1eadp nh\u1eadt c\u00f3 ngh\u0129a l\u00e0 b\u1ea1n \u0111ang \u0111\u1ec3 website trong t\u00ecnh tr\u1ea1ng d\u1ec5 b\u1ecb t\u1ed5n th\u01b0\u01a1ng.<\/p>\n Nhi\u1ec1u ng\u01b0\u1eddi ch\u1ecdn hosting gi\u00e1 r\u1ebb (d\u01b0\u1edbi 500k\/n\u0103m) \u0111\u1ec3 ti\u1ebft ki\u1ec7m chi ph\u00ed, kh\u00f4ng bi\u1ebft r\u1eb1ng \u0111\u00e2y l\u00e0 m\u1ed9t trong nh\u1eefng quy\u1ebft \u0111\u1ecbnh nguy hi\u1ec3m nh\u1ea5t. Hosting gi\u00e1 r\u1ebb th\u01b0\u1eddng c\u00f3 nh\u1eefng v\u1ea5n \u0111\u1ec1:<\/p>\n SSL (Secure Sockets Layer) m\u00e3 h\u00f3a d\u1eef li\u1ec7u truy\u1ec1n t\u1ea3i gi\u1eefa tr\u00ecnh duy\u1ec7t v\u00e0 server. N\u1ebfu website kh\u00f4ng c\u00f3 SSL, m\u1ecdi th\u00f4ng tin (bao g\u1ed3m m\u1eadt kh\u1ea9u \u0111\u0103ng nh\u1eadp) \u0111\u1ec1u \u0111\u01b0\u1ee3c truy\u1ec1n d\u01b0\u1edbi d\u1ea1ng v\u0103n b\u1ea3n thu\u1ea7n t\u00fay, d\u1ec5 d\u00e0ng b\u1ecb \u0111\u00e1nh c\u1eafp.<\/p>\n K\u1ec3 t\u1eeb 2018, Google Chrome \u0111\u00e3 \u0111\u00e1nh d\u1ea5u t\u1ea5t c\u1ea3 website HTTP l\u00e0 "Not Secure". \u0110i\u1ec1u n\u00e0y kh\u00f4ng ch\u1ec9 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn b\u1ea3o m\u1eadt m\u00e0 c\u00f2n l\u00e0m gi\u1ea3m th\u1ee9 h\u1ea1ng SEO v\u00e0 t\u1ef7 l\u1ec7 chuy\u1ec3n \u0111\u1ed5i. Theo nghi\u00ean c\u1ee9u, 84% ng\u01b0\u1eddi d\u00f9ng s\u1ebd t\u1eeb b\u1ecf giao d\u1ecbch n\u1ebfu th\u1ea5y c\u1ea3nh b\u00e1o kh\u00f4ng an to\u00e0n.<\/p>\n Brute Force l\u00e0 ph\u01b0\u01a1ng ph\u00e1p t\u1ea5n c\u00f4ng \u0111\u01a1n gi\u1ea3n nh\u01b0ng hi\u1ec7u qu\u1ea3: hacker s\u1eed d\u1ee5ng bot \u0111\u1ec3 th\u1eed h\u00e0ng tri\u1ec7u t\u1ed5 h\u1ee3p username\/password cho \u0111\u1ebfn khi t\u00ecm \u0111\u01b0\u1ee3c \u0111\u00fang.<\/p>\n C\u00e1c d\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft:<\/p>\n Theo Wordfence, trung b\u00ecnh m\u1ed9t website WordPress b\u1ecb t\u1ea5n c\u00f4ng brute force 90 l\u1ea7n m\u1ed7i ng\u00e0y. Nh\u1eefng website kh\u00f4ng c\u00f3 bi\u1ec7n ph\u00e1p b\u1ea3o v\u1ec7 s\u1ebd s\u1edbm b\u1ecb x\u00e2m nh\u1eadp.<\/p>\n SQL Injection<\/strong> l\u00e0 k\u1ef9 thu\u1eadt hacker ch\u00e8n code SQL \u0111\u1ed9c h\u1ea1i v\u00e0o form input (t\u00ecm ki\u1ebfm, \u0111\u0103ng nh\u1eadp, comment) \u0111\u1ec3 truy c\u1eadp tr\u1ef1c ti\u1ebfp v\u00e0o database. M\u1ed9t cu\u1ed9c t\u1ea5n c\u00f4ng th\u00e0nh c\u00f4ng c\u00f3 th\u1ec3 cho ph\u00e9p hacker:<\/p>\n Cross-Site Scripting (XSS)<\/strong> cho ph\u00e9p hacker ch\u00e8n JavaScript \u0111\u1ed9c h\u1ea1i v\u00e0o website. Khi ng\u01b0\u1eddi d\u00f9ng truy c\u1eadp, script n\u00e0y th\u1ef1c thi v\u00e0 c\u00f3 th\u1ec3 \u0111\u00e1nh c\u1eafp cookies, session, ho\u1eb7c chuy\u1ec3n h\u01b0\u1edbng ng\u01b0\u1eddi d\u00f9ng \u0111\u1ebfn website gi\u1ea3 m\u1ea1o.<\/p>\n Malware<\/strong> (ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i) c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t th\u00f4ng qua plugin nhi\u1ec5m \u0111\u1ed9c, theme nulled, ho\u1eb7c khai th\u00e1c l\u1ed7 h\u1ed5ng. C\u00e1c lo\u1ea1i malware ph\u1ed5 bi\u1ebfn:<\/p>\n D\u1ea5u hi\u1ec7u nh\u1eadn bi\u1ebft: Website ch\u1eadm, xu\u1ea5t hi\u1ec7n file l\u1ea1 trong th\u01b0 m\u1ee5c wp-content, Google c\u1ea3nh b\u00e1o malware, traffic b\u1ea5t th\u01b0\u1eddng t\u1eeb c\u00e1c qu\u1ed1c gia l\u1ea1.<\/p>\n DDoS (Distributed Denial of Service) kh\u00f4ng nh\u1eb1m \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u m\u00e0 l\u00e0m s\u1eadp website b\u1eb1ng c\u00e1ch g\u1eedi h\u00e0ng tri\u1ec7u request gi\u1ea3 m\u1ea1o c\u00f9ng l\u00fac. Server kh\u00f4ng th\u1ec3 x\u1eed l\u00fd \u0111\u01b0\u1ee3c l\u01b0\u1ee3ng traffic kh\u1ed5ng l\u1ed3 n\u00e0y v\u00e0 ng\u1eebng ho\u1ea1t \u0111\u1ed9ng.<\/p>\n H\u1eadu qu\u1ea3:<\/p>\n B\u01b0\u1edbc 1: T\u1ea1o m\u1eadt kh\u1ea9u m\u1ea1nh cho t\u1ea5t c\u1ea3 t\u00e0i kho\u1ea3n<\/strong><\/p>\n B\u01b0\u1edbc 2: Thay \u0111\u1ed5i username m\u1eb7c \u0111\u1ecbnh "admin"<\/strong><\/p>\n B\u01b0\u1edbc 3: K\u00edch ho\u1ea1t Two-Factor Authentication (2FA)<\/strong><\/p>\n B\u01b0\u1edbc 4: Gi\u1edbi h\u1ea1n s\u1ed1 l\u1ea7n \u0111\u0103ng nh\u1eadp th\u1ea5t b\u1ea1i<\/strong><\/p>\n B\u01b0\u1edbc 5: Thay \u0111\u1ed5i URL \u0111\u0103ng nh\u1eadp m\u1eb7c \u0111\u1ecbnh<\/strong><\/p>\n B\u01b0\u1edbc 6: C\u1eadp nh\u1eadt WordPress Core ngay khi c\u00f3 b\u1ea3n m\u1edbi<\/strong><\/p>\n B\u01b0\u1edbc 7: Ch\u1ec9 c\u00e0i \u0111\u1eb7t plugin\/theme t\u1eeb ngu\u1ed3n uy t\u00edn<\/strong><\/p>\n B\u01b0\u1edbc 8: X\u00f3a plugin v\u00e0 theme kh\u00f4ng s\u1eed d\u1ee5ng<\/strong><\/p>\n B\u01b0\u1edbc 9: C\u1eadp nh\u1eadt plugin\/theme th\u01b0\u1eddng xuy\u00ean<\/strong><\/p>\n B\u01b0\u1edbc 10: C\u00e0i \u0111\u1eb7t SSL certificate<\/strong><\/p>\n B\u01b0\u1edbc 11: Thay \u0111\u1ed5i database prefix<\/strong><\/p>\n B\u01b0\u1edbc 12: B\u1ea3o v\u1ec7 file wp-config.php<\/strong><\/p>\n B\u01b0\u1edbc 13: Thi\u1ebft l\u1eadp backup t\u1ef1 \u0111\u1ed9ng h\u00e0ng ng\u00e0y<\/strong><\/p>\n B\u01b0\u1edbc 14: C\u00e0i \u0111\u1eb7t plugin b\u1ea3o m\u1eadt v\u00e0 firewall<\/strong><\/p>\n B\u01b0\u1edbc 15: Gi\u00e1m s\u00e1t ho\u1ea1t \u0111\u1ed9ng v\u00e0 log<\/strong><\/p>\n 1. Wordfence Security (Mi\u1ec5n ph\u00ed + Premium $119\/n\u0103m)<\/strong><\/p>\n \u01afu \u0111i\u1ec3m:<\/p>\n Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/p>\n 2. Sucuri Security (Mi\u1ec5n ph\u00ed + Platform t\u1eeb $199\/n\u0103m)<\/strong><\/p>\n \u01afu \u0111i\u1ec3m:<\/p>\n Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/p>\n 3. iThemes Security (Mi\u1ec5n ph\u00ed + Pro $99\/n\u0103m)<\/strong><\/p>\n \u01afu \u0111i\u1ec3m:<\/p>\n Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/p>\n 4. UpdraftPlus (Mi\u1ec5n ph\u00ed + Premium t\u1eeb $70\/n\u0103m)<\/strong><\/p>\n Plugin backup ph\u1ed5 bi\u1ebfn nh\u1ea5t v\u1edbi 3 tri\u1ec7u+ c\u00e0i \u0111\u1eb7t. Cho ph\u00e9p backup to\u00e0n b\u1ed9 website v\u00e0 l\u01b0u tr\u1eef tr\u00ean Google Drive, Dropbox, S3, v.v. Phi\u00ean b\u1ea3n mi\u1ec5n ph\u00ed \u0111\u00e3 \u0111\u1ee7 cho h\u1ea7u h\u1ebft nhu c\u1ea7u.<\/p>\n 5. BackupBuddy ($80\/n\u0103m)<\/strong><\/p>\n Gi\u1ea3i ph\u00e1p backup premium v\u1edbi t\u00ednh n\u0103ng migration website, real-time backup, v\u00e0 l\u01b0u tr\u1eef cloud ri\u00eang. Ph\u00f9 h\u1ee3p cho website th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed.<\/p>\n 6. Limit Login Attempts Reloaded (Mi\u1ec5n ph\u00ed)<\/strong><\/p>\n Ch\u1eb7n brute force \u0111\u01a1n gi\u1ea3n v\u00e0 hi\u1ec7u qu\u1ea3. Gi\u1edbi h\u1ea1n s\u1ed1 l\u1ea7n \u0111\u0103ng nh\u1eadp sai v\u00e0 t\u1ef1 \u0111\u1ed9ng kh\u00f3a IP.<\/p>\n 7. WPS Hide Login (Mi\u1ec5n ph\u00ed)<\/strong><\/p>\n Thay \u0111\u1ed5i URL \u0111\u0103ng nh\u1eadp wp-admin th\u00e0nh URL t\u00f9y ch\u1ec9nh. Ng\u0103n ch\u1eb7n bot t\u1ea5n c\u00f4ng t\u1ef1 \u0111\u1ed9ng.<\/p>\n 8. WP Activity Log (Mi\u1ec5n ph\u00ed + Premium $99\/n\u0103m)<\/strong><\/p>\n Ghi l\u1ea1i m\u1ecdi thay \u0111\u1ed5i tr\u00ean website: ai \u0111\u0103ng nh\u1eadp, s\u1eeda g\u00ec, khi n\u00e0o. Kh\u00f4ng th\u1ec3 thi\u1ebfu cho website nhi\u1ec1u ng\u01b0\u1eddi qu\u1ea3n tr\u1ecb.<\/p>\n 9. Shield Security (Mi\u1ec5n ph\u00ed + Pro $100\/n\u0103m)<\/strong><\/p>\n Plugin b\u1ea3o m\u1eadt all-in-one nh\u1eb9 h\u01a1n Wordfence, ph\u00f9 h\u1ee3p cho shared hosting. C\u00f3 t\u00ednh n\u0103ng \u0111\u1ed9c \u0111\u00e1o l\u00e0 t\u1ef1 \u0111\u1ed9ng v\u00f4 hi\u1ec7u h\u00f3a n\u1ebfu l\u00e0m h\u1ecfng website.<\/p>\n 10. All In One WP Security (Mi\u1ec5n ph\u00ed)<\/strong><\/p>\n Plugin b\u1ea3o m\u1eadt mi\u1ec5n ph\u00ed to\u00e0n di\u1ec7n v\u1edbi firewall, login security, database security. Giao di\u1ec7n tr\u1ef1c quan v\u1edbi \u0111\u1ed3 th\u1ecb \u0111\u00e1nh gi\u00e1 m\u1ee9c \u0111\u1ed9 b\u1ea3o m\u1eadt.<\/p>\n File .htaccess l\u00e0 c\u00f4ng c\u1ee5 m\u1ea1nh m\u1ebd \u0111\u1ec3 b\u1ea3o v\u1ec7 WordPress. Th\u00eam c\u00e1c \u0111o\u1ea1n code sau (backup file g\u1ed1c tr\u01b0\u1edbc khi ch\u1ec9nh s\u1eeda):<\/p>\n B\u1ea3o v\u1ec7 wp-config.php:<\/strong><\/p>\nH\u1eadu qu\u1ea3 nghi\u00eam tr\u1ecdng khi website b\u1ecb t\u1ea5n c\u00f4ng<\/h3>\n
\n
7 Nguy\u00ean Nh\u00e2n Ch\u00ednh Khi\u1ebfn Website WordPress D\u1ec5 B\u1ecb Hack<\/h2>\n
Plugin v\u00e0 Theme l\u1ed7i th\u1eddi ho\u1eb7c nulled – K\u1ebb th\u00f9 s\u1ed1 1<\/h3>\n
M\u1eadt kh\u1ea9u y\u1ebfu v\u00e0 quy\u1ec1n truy c\u1eadp qu\u1ea3n tr\u1ecb kh\u00f4ng \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7<\/h3>\n
\n
WordPress Core kh\u00f4ng \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt th\u01b0\u1eddng xuy\u00ean<\/h3>\n
Hosting gi\u00e1 r\u1ebb v\u1edbi b\u1ea3o m\u1eadt k\u00e9m<\/h3>\n
\n
Thi\u1ebfu SSL\/HTTPS v\u00e0 m\u00e3 h\u00f3a d\u1eef li\u1ec7u<\/h3>\n
C\u00e1c D\u1ea1ng T\u1ea5n C\u00f4ng Ph\u1ed5 Bi\u1ebfn Nh\u1ea5t Tr\u00ean WordPress<\/h2>\n
Brute Force Attack – T\u1ea5n c\u00f4ng v\u00e9t c\u1ea1n m\u1eadt kh\u1ea9u<\/h3>\n
\n
SQL Injection v\u00e0 Cross-Site Scripting (XSS)<\/h3>\n
\n
Malware, Backdoor v\u00e0 m\u00e3 \u0111\u1ed9c trong plugin<\/h3>\n
\n
DDoS Attack – T\u1ea5n c\u00f4ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5<\/h3>\n
\n
Checklist 15 B\u01b0\u1edbc B\u1ea3o M\u1eadt WordPress C\u01a1 B\u1ea3n<\/h2>\n
Nh\u00f3m 1: B\u1ea3o m\u1eadt t\u00e0i kho\u1ea3n v\u00e0 truy c\u1eadp (B\u1eaft bu\u1ed9c)<\/h3>\n
\n
\n
\n
\n
\n
Nh\u00f3m 2: C\u1eadp nh\u1eadt v\u00e0 qu\u1ea3n l\u00fd Plugin\/Theme<\/h3>\n
\n
\n
\n
\n
Nh\u00f3m 3: B\u1ea3o v\u1ec7 file v\u00e0 database<\/h3>\n
\n
\n
\n
Nh\u00f3m 4: Sao l\u01b0u v\u00e0 gi\u00e1m s\u00e1t<\/h3>\n
\n
\n
\n
Top 10 Plugin B\u1ea3o M\u1eadt WordPress T\u1ed1t Nh\u1ea5t 2024<\/h2>\n
Plugin b\u1ea3o m\u1eadt to\u00e0n di\u1ec7n<\/h3>\n
\n
\n
\n
\n
\n
\n
Plugin sao l\u01b0u t\u1ef1 \u0111\u1ed9ng<\/h3>\n
Plugin chuy\u00ean bi\u1ec7t<\/h3>\n
Gi\u1ea3i Ph\u00e1p N\u00e2ng Cao: Hardening WordPress Nh\u01b0 Chuy\u00ean Gia<\/h2>\n
C\u1ea5u h\u00ecnh .htaccess \u0111\u1ec3 t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt<\/h3>\n
<files wp-config.php>\r\norder allow,deny\r\ndeny from all\r\n<\/files><\/code><\/pre>\n