• 赤色のリンクは、まだ日本語Codexに存在しないページ・画像です。英語版と併せてご覧ください。(詳細

このWikiはいつでも誰でも編集できます

FAQ/セキュリティ

提供: WordPress Codex 日本語版
< FAQ
2010年1月24日 (日) 15:05時点におけるBono (トーク | 投稿記録)による版 (リンク・カテゴリ等調整)

移動先: 案内検索

このページ「FAQ/セキュリティ」は未翻訳です。和訳や日本語情報を加筆してくださる協力者を求めています

Where do I report security issues?

Send an email with the details to security@wordpress.org.

情報募集中 日本語で報告できるところはありますか? 該当部分を編集するか、このページのノートまたはフォーラム等で教えてください。


Where do I report copyright infringements, libel, and other legal issues?

You don't! WordPress.org does not host sites. WordPress.org provides publishing software that anyone can download and use. The organization, WordPress.org, has no control over who uses the software or how they use it. In other words, WordPress.org does NOT have the power to take down comments, posts, sites, or anything else. Perform a whois lookup to track down the operator or host of a particular site, then report the infringement to those organizations.


I've been hacked. What do I do now?

The WordPress Exploit Scanner plugin can help detect damage so that it can be cleaned up. Other things you should do:

  • Change passwords for all users, especially Administrators and Editors.
  • If you upload files to your site via FTP, change your FTP password.
  • Re-install the latest version of WordPress.
  • Make sure all of your plugins and themes are up-to-date.
  • Update your security keys.
  • See FAQ My Sites Was Hacked/en.

Why are some users allowed to post unfiltered HTML?

Users with Administrator or Editor privileges are allowed to publish unfiltered HTML in post titles and content. WordPress is, after all, a publishing tool, and people need to be able to include whatever markup they need to communicate. Users with lesser privileges are not allowed to post unfiltered content. If you are running security tests against WordPress, use a lesser privileged user so that all content is filtered. If you are concerned about an Administrator putting XSS into content and stealing cookies, note that all cookies are marked for HTTP only delivery and are divided into privileged cookies used for admin pages and unprivileged cookies used for public facing pages. Content is never displayed unfiltered in the admin. Regardless, an Administrator has wide-ranging super powers among which unfiltered HTML is a lesser one.


Why are there path disclosures when directly loading certain files?

This is considered a server configuration problem. Never enable display_errors on a production site.

Back to FAQ

最新英語版: WordPress Codex » FAQ Security最新版との差分