• 赤色のリンクは、まだ日本語Codexに存在しないページ・画像です。英語版と併せてご覧ください。(詳細

このWikiはいつでも誰でも編集できます

「FAQ/セキュリティ」の版間の差分

提供: WordPress Codex 日本語版
< FAQ
移動先: 案内検索
(en:FAQ Security 16:53, 23 January 2010 MichaelH 版を翻訳用にコピー)
 
(リンク・カテゴリ等調整)
1行目: 1行目:
[[FAQ|Back to FAQ]]
+
{{NeedTrans}}
 
__TOC__
 
__TOC__
 
<div style="clear:both">
 
<div style="clear:both">
 
</div>
 
</div>
  
=== Where do I report security issues? ===
+
=== Where do I report security issues? <span id="Where_do_I_report_security_issues.3F"></span>===
 
Send an email with the details to security@wordpress.org.
 
Send an email with the details to security@wordpress.org.
 +
 +
{{募集中||日本語で報告できるところはありますか?}}
  
  
=== Where do I report copyright infringements, libel, and other legal issues? ===
+
=== Where do I report copyright infringements, libel, and other legal issues? <span id="Where_do_I_report_copyright_infringements.2C_libel.2C_and_other_legal_issues.3F"></span>===
 
You don't!  [http://wordpress.org/ WordPress.org] does not host sites. [http://wordpress.org/ WordPress.org] provides publishing software that anyone can download and use.  The organization, [http://wordpress.org/ WordPress.org], has no control over who uses the software or how they use it.  In other words, [http://wordpress.org/ WordPress.org] does NOT have the power to take down comments, posts, sites, or anything else. Perform a [http://whois.domaintools.com/ whois] lookup to track down the operator or host of a particular site, then report the infringement to those organizations.
 
You don't!  [http://wordpress.org/ WordPress.org] does not host sites. [http://wordpress.org/ WordPress.org] provides publishing software that anyone can download and use.  The organization, [http://wordpress.org/ WordPress.org], has no control over who uses the software or how they use it.  In other words, [http://wordpress.org/ WordPress.org] does NOT have the power to take down comments, posts, sites, or anything else. Perform a [http://whois.domaintools.com/ whois] lookup to track down the operator or host of a particular site, then report the infringement to those organizations.
  
  
=== I've been hacked. What do I do now? ===
+
=== I've been hacked. What do I do now? <span id="I.27ve_been_hacked._What_do_I_do_now.3F"></span>===
The [http://wordpress.org/extend/plugins/exploit-scanner/ Exploit Scanner] plugin can help detect damage so that it can be cleaned up. Other things you should do:
+
The [[Plugin:WordPress Exploit Scanner|WordPress Exploit Scanner]] plugin can help detect damage so that it can be cleaned up. Other things you should do:
  
 
* Change passwords for all users, especially Administrators and Editors.
 
* Change passwords for all users, especially Administrators and Editors.
19行目: 21行目:
 
* Re-install the latest version of WordPress.
 
* Re-install the latest version of WordPress.
 
* Make sure all of your plugins and themes are up-to-date.
 
* Make sure all of your plugins and themes are up-to-date.
* Update your [[Editing_wp-config.php#Security_Keys security keys]].
+
* Update your [[wp-config.php の編集#Security_Keys|security keys]].
* See [[FAQ_My_site_was_hacked|FAQ My Sites Was Hacked]].
+
* See [[FAQ My site was hacked|FAQ My Sites Was Hacked]]/[[:en:FAQ My site was hacked|en]].
  
=== Why are some users allowed to post unfiltered HTML? ===
+
=== Why are some users allowed to post unfiltered HTML? <span id="Why_are_some_users_allowed_to_post_unfiltered_HTML.3F"></span>===
 
Users with Administrator or Editor privileges are allowed to publish unfiltered HTML in post titles and content.  WordPress is, after all, a publishing tool, and people need to be able to include whatever markup they need to communicate.  Users with lesser privileges are not allowed to post unfiltered content.  If you are running security tests against WordPress, use a lesser privileged user so that all content is filtered.  If you are concerned about an Administrator putting XSS into content and stealing cookies, note that all cookies are marked for HTTP only delivery and are divided into privileged cookies used for admin pages and unprivileged cookies used for public facing pages.  Content is never displayed unfiltered in the admin.  Regardless, an Administrator has wide-ranging super powers among which unfiltered HTML is a lesser one.
 
Users with Administrator or Editor privileges are allowed to publish unfiltered HTML in post titles and content.  WordPress is, after all, a publishing tool, and people need to be able to include whatever markup they need to communicate.  Users with lesser privileges are not allowed to post unfiltered content.  If you are running security tests against WordPress, use a lesser privileged user so that all content is filtered.  If you are concerned about an Administrator putting XSS into content and stealing cookies, note that all cookies are marked for HTTP only delivery and are divided into privileged cookies used for admin pages and unprivileged cookies used for public facing pages.  Content is never displayed unfiltered in the admin.  Regardless, an Administrator has wide-ranging super powers among which unfiltered HTML is a lesser one.
  
  
=== Why are there path disclosures when directly loading certain files? ===
+
=== Why are there path disclosures when directly loading certain files? <span id="Why_are_there_path_disclosures_when_directly_loading_certain_files.3F"></span>===
 
This is considered a server configuration problem.  Never enable display_errors on a production site.
 
This is considered a server configuration problem.  Never enable display_errors on a production site.
  
33行目: 35行目:
 
{{原文|FAQ Security|82357}}<!-- 16:53, 23 January 2010 MichaelH 版 -->
 
{{原文|FAQ Security|82357}}<!-- 16:53, 23 January 2010 MichaelH 版 -->
  
[[Category:Troubleshooting]]
+
{{DEFAULTSORT:FAQせきゆりてい}}
[[Category:WordPress Help]]
+
[[Category:トラブルシューティング]]
 +
[[Category:WordPress ヘルプ]]
 +
[[Category:セキュリティ]]<!-- 試験的な分野別カテゴリ -->
  
 
[[en:FAQ Security]]
 
[[en:FAQ Security]]

2010年1月24日 (日) 15:05時点における版

このページ「FAQ/セキュリティ」は未翻訳です。和訳や日本語情報を加筆してくださる協力者を求めています

Where do I report security issues?

Send an email with the details to security@wordpress.org.

情報募集中 日本語で報告できるところはありますか? 該当部分を編集するか、このページのノートまたはフォーラム等で教えてください。


Where do I report copyright infringements, libel, and other legal issues?

You don't! WordPress.org does not host sites. WordPress.org provides publishing software that anyone can download and use. The organization, WordPress.org, has no control over who uses the software or how they use it. In other words, WordPress.org does NOT have the power to take down comments, posts, sites, or anything else. Perform a whois lookup to track down the operator or host of a particular site, then report the infringement to those organizations.


I've been hacked. What do I do now?

The WordPress Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:

  • Change passwords for all users, especially Administrators and Editors.
  • If you upload files to your site via FTP, change your FTP password.
  • Re-install the latest version of WordPress.
  • Make sure all of your plugins and themes are up-to-date.
  • Update your security keys.
  • See FAQ My Sites Was Hacked/en.

Why are some users allowed to post unfiltered HTML?

Users with Administrator or Editor privileges are allowed to publish unfiltered HTML in post titles and content. WordPress is, after all, a publishing tool, and people need to be able to include whatever markup they need to communicate. Users with lesser privileges are not allowed to post unfiltered content. If you are running security tests against WordPress, use a lesser privileged user so that all content is filtered. If you are concerned about an Administrator putting XSS into content and stealing cookies, note that all cookies are marked for HTTP only delivery and are divided into privileged cookies used for admin pages and unprivileged cookies used for public facing pages. Content is never displayed unfiltered in the admin. Regardless, an Administrator has wide-ranging super powers among which unfiltered HTML is a lesser one.


Why are there path disclosures when directly loading certain files?

This is considered a server configuration problem. Never enable display_errors on a production site.

Back to FAQ

最新英語版: WordPress Codex » FAQ Security最新版との差分