{"id":1331,"date":"2026-01-10T15:48:41","date_gmt":"2026-01-10T12:48:41","guid":{"rendered":"https:\/\/tuncersen.com.tr\/blog\/?p=1331"},"modified":"2026-01-10T15:48:41","modified_gmt":"2026-01-10T12:48:41","slug":"wordpress-guvenligi-15-altin-kural","status":"publish","type":"post","link":"https:\/\/tuncersen.com.tr\/blog\/wordpress-guvenligi-15-altin-kural.html","title":{"rendered":"WordPress G\u00fcvenli\u011fi: 15 Y\u0131ll\u0131k Tecr\u00fcbeden 15 Alt\u0131n Kural"},"content":{"rendered":"

Web siteniz, dijital d\u00fcnyadaki evinizdir. Peki, bu evin kap\u0131s\u0131n\u0131 a\u00e7\u0131k b\u0131rak\u0131p uyur musunuz? Ben Tun\u00e7er \u015een. Sakarya sanayisindeki kaynak at\u00f6lyelerinde \u00f6\u011frendi\u011fim “\u00f6nce g\u00fcvenlik” ilkesini, 15 y\u0131ld\u0131r American LIFE Dil Okullar\u0131\u2019n\u0131n t\u00fcm \u015fubeleri i\u00e7in y\u00f6netti\u011fim dijital altyap\u0131lara uyguluyorum.<\/p>\n

Bir\u00e7ok ki\u015fi WordPress g\u00fcvenli\u011fi<\/b><\/a> denince karma\u015f\u0131k kodlar hayal eder. Oysa Toyota fabrikas\u0131nda \u00f6\u011frendi\u011fim “Poka-Yoke” (Hata \u00d6nleme) sistemi gibi, g\u00fcvenlik de basit ama disiplinli ad\u0131mlarla ba\u015flar. Sa\u011fl\u0131k sorunlar\u0131m nedeniyle fiziksel m\u00fcdahalelerim k\u0131s\u0131tl\u0131 olsa da, do\u011fru kurulan bir g\u00fcvenlik sistemi sayesinde geceleri ba\u015f\u0131m\u0131 yast\u0131\u011fa rahat koyuyorum. \u0130\u015fte tecr\u00fcbeyle sabit, sitenizi bir kaleye \u00e7evirecek 15 alt\u0131n kural.<\/p>\n

1. “Admin” Kullan\u0131c\u0131 Ad\u0131n\u0131 Tarihe G\u00f6m\u00fcn<\/strong><\/h2>\n

Bir hacker sitenize sald\u0131rd\u0131\u011f\u0131nda deneyece\u011fi ilk kullan\u0131c\u0131 ad\u0131 “admin<\/em>“dir. Bu, anahtar\u0131n\u0131z\u0131 paspas\u0131n alt\u0131na b\u0131rakmak gibidir. Kullan\u0131c\u0131 ad\u0131n\u0131z\u0131 tahmin edilmesi zor bir isimle de\u011fi\u015ftirin.<\/p>\n

2. \u015eifreleriniz “\u015ease Kayna\u011f\u0131” Kadar Sa\u011flam Olsun<\/strong><\/h2>\n

Do\u011fum tarihiniz, evcil hayvan\u0131n\u0131z\u0131n ad\u0131 veya “123456<\/em>” gibi \u015fifreler, dijital intihard\u0131r. En az 12 karakterli, b\u00fcy\u00fck-k\u00fc\u00e7\u00fck harf ve \u00f6zel karakter i\u00e7eren \u015fifreler kullan\u0131n.<\/p>\n

3. \u0130ki Fakt\u00f6rl\u00fc Do\u011frulama (2FA) Hayat Kurtar\u0131r<\/strong><\/h2>\n

American LIFE sistemlerinde uygulad\u0131\u011f\u0131m de\u011fi\u015fmez kurald\u0131r: \u015eifreniz \u00e7al\u0131nsa bile telefonunuza gelen kod olmadan kimse i\u00e7eri girememeli. Google Authenticator gibi ara\u00e7larla WordPress g\u00fcvenli\u011fi<\/b> seviyenizi ikiye katlay\u0131n.<\/p>\n

4. G\u00fcncellemeler: Dijital “Kaizen”iniz Olsun<\/strong><\/h2>\n

Toyota\u2019daki “s\u00fcrekli iyile\u015ftirme” (Kaizen) mant\u0131\u011f\u0131 burada da ge\u00e7erli. WordPress \u00e7ekirde\u011fi, temalar ve eklentiler s\u00fcrekli g\u00fcncellenmelidir. Eski s\u00fcr\u00fcm yaz\u0131l\u0131m, paslanm\u0131\u015f demir gibidir; en k\u00fc\u00e7\u00fck darbede k\u0131r\u0131l\u0131r.<\/p>\n

\"WordPress

WordPress G\u00fcvenli\u011fi<\/p><\/div>\n

5. Giri\u015f Denemelerini S\u0131n\u0131rland\u0131r\u0131n<\/strong><\/h2>\n

Hackerlar “Brute Force” (Kaba Kuvvet) sald\u0131r\u0131s\u0131yla \u015fifrenizi binlerce kez dener. “Limit Login Attempts<\/em>” gibi eklentilerle, 3 hatal\u0131 denemeden sonra kap\u0131lar\u0131 kilitleyin.<\/p>\n

6. SSL Sertifikas\u0131: Olmazsa Olmaz<\/strong><\/h2>\n

Adres \u00e7ubu\u011fundaki o kilit i\u015fareti (HTTPS), verilerin \u015fifreli gitti\u011fini g\u00f6sterir. Google, SSL olmayan siteleri “G\u00fcvenli De\u011fil<\/em>” olarak i\u015faretler. Bu, itibar\u0131n\u0131z i\u00e7in bir y\u0131k\u0131md\u0131r.<\/p>\n

7. D\u00fczenli Yedekleme: Dijital Kaskonuz<\/strong><\/h2>\n

En iyi WordPress g\u00fcvenli\u011fi<\/b> \u00f6nlemi, siteniz yok oldu\u011funda onu geri getirebilme yetene\u011finizdir. Ben otomasyon ara\u00e7lar\u0131yla g\u00fcnl\u00fck yedek al\u0131r\u0131m. Site \u00e7\u00f6kerse, 5 dakika i\u00e7inde yeniden aya\u011fa kald\u0131rabilirim.<\/p>\n

8. Dosya \u0130zinlerini Do\u011fru Ayarlay\u0131n<\/strong><\/h2>\n

Sunucu taraf\u0131nda wp-config.php<\/code><\/span> gibi kritik dosyalar\u0131n izinlerini (genellikle 400 veya 440<\/em>) do\u011fru yap\u0131land\u0131r\u0131n. Herkesin her dosyay\u0131 yaz\u0131p silmesine izin vermeyin.<\/p>\n

9. XML-RPC \u00d6zelli\u011fini Kapat\u0131n<\/strong><\/h2>\n

E\u011fer mobil uygulama \u00fczerinden site y\u00f6netmiyorsan\u0131z, bu eski protokol\u00fc kapat\u0131n. Hackerlar i\u00e7in s\u0131k kullan\u0131lan bir arka kap\u0131d\u0131r.<\/p>\n

\"G\u00fcvenlik

G\u00fcvenlik Eklentisi – WordPress G\u00fcvenli\u011fi<\/p><\/div>\n

10. G\u00fcvenlik Eklentisi Kullan\u0131n (Ama Abartmay\u0131n)<\/strong><\/h2>\n

Wordfence veya iThemes Security gibi kendini kan\u0131tlam\u0131\u015f WordPress g\u00fcvenli\u011fi<\/b> eklentilerinden birini kullan\u0131n. American LIFE projelerimde Wordfence<\/a> tercih ediyorum \u00e7\u00fcnk\u00fc anl\u0131k tehditleri \u00e7ok iyi raporluyor.<\/p>\n

11. WordPress S\u00fcr\u00fcm Bilgisini Gizleyin<\/strong><\/h2>\n

Kaynak kodunuzda “WordPress 6.4.2 kullan\u0131yor” diye ba\u011f\u0131rmay\u0131n. Eski bir s\u00fcr\u00fcm kullan\u0131yorsan\u0131z, hackerlar o s\u00fcr\u00fcm\u00fcn a\u00e7\u0131klar\u0131n\u0131 bildikleri i\u00e7in i\u015flerini kolayla\u015ft\u0131rm\u0131\u015f olursunuz.<\/p>\n

12. Veritaban\u0131 \u00d6nekinizi De\u011fi\u015ftirin<\/strong><\/h2>\n

Varsay\u0131lan wp_<\/span><\/code> \u00f6neki, sald\u0131rganlar\u0131n tablolar\u0131n\u0131z\u0131 tahmin etmesini kolayla\u015ft\u0131r\u0131r. Kurulum a\u015famas\u0131nda bunu ts80_<\/span><\/code> veya al_<\/span><\/code> gibi benzersiz bir \u00f6nekle de\u011fi\u015ftirin.<\/p>\n

13. Kaliteli Hosting Se\u00e7imi<\/strong><\/h2>\n

Temeli \u00e7\u00fcr\u00fck binaya \u00e7elik kap\u0131 tak\u0131lmaz. G\u00fcvenli\u011fi sunucu taraf\u0131nda sa\u011flayan, WAF (Web Application Firewall) hizmeti sunan kaliteli bir hosting firmas\u0131yla \u00e7al\u0131\u015f\u0131n.<\/p>\n

14. Kullan\u0131lmayan Eklenti ve Temalar\u0131 Silin<\/strong><\/h2>\n

Sitenizde aktif olmayan her eklenti, potansiyel bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131d\u0131r. “Belki laz\u0131m olur<\/em>” diyerek dijital \u00e7\u00f6pl\u00fck yaratmay\u0131n; kullanm\u0131yorsan\u0131z silin.<\/p>\n

15. Etkinlik G\u00fcnl\u00fcklerini (Log) \u0130zleyin<\/strong><\/h2>\n

Sitenizde kim ne zaman oturum a\u00e7t\u0131? Hangi dosyay\u0131 de\u011fi\u015ftirdi? “WP Activity Log<\/em>” gibi eklentilerle sitenizin nabz\u0131n\u0131 tutun.<\/p>\n

\"Etkinlik

Etkinlik G\u00fcnl\u00fcklerini – WordPress G\u00fcvenli\u011fi<\/p><\/div>\n

G\u00fcvenlik Bir Var\u0131\u015f Noktas\u0131 De\u011fil, Bir Yolculuktur<\/strong><\/h3>\n

45 y\u0131ll\u0131k hayat\u0131mda, sanayiden IT uzmanl\u0131\u011f\u0131na uzanan yolda \u00f6\u011frendi\u011fim en b\u00fcy\u00fck ders \u015fudur: Disiplin, yetenekten daha \u00f6nemlidir. Bu 15 kural\u0131 uygulad\u0131\u011f\u0131n\u0131zda, sadece WordPress g\u00fcvenli\u011fi<\/b> sa\u011flam\u0131\u015f olmazs\u0131n\u0131z; ayn\u0131 zamanda benim gibi sa\u011fl\u0131k sorunlar\u0131na ra\u011fmen \u00fcretmeye devam eden bir profesyonelin “i\u00e7 huzuruna” sahip olursunuz.<\/p>\n

Unutmay\u0131n, dijital miras\u0131n\u0131z\u0131 korumak sizin elinizde. E\u011fer teman\u0131z\u0131 se\u00e7tiyseniz (Bkz: [WordPress Tema Se\u00e7imi Rehberi<\/a>]), \u015fimdi onu koruma vakti.<\/p>\n","protected":false},"excerpt":{"rendered":"

Web siteniz, dijital d\u00fcnyadaki evinizdir. Peki, bu evin kap\u0131s\u0131n\u0131 a\u00e7\u0131k b\u0131rak\u0131p uyur musunuz? Ben Tun\u00e7er \u015een. Sakarya sanayisindeki kaynak at\u00f6lyelerinde \u00f6\u011frendi\u011fim “\u00f6nce g\u00fcvenlik” ilkesini, 15…<\/p>\n","protected":false},"author":1,"featured_media":1332,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,61],"tags":[],"class_list":["post-1331","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guvenlik","category-wordpress"],"menu_order":0,"_links":{"self":[{"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=1331"}],"version-history":[{"count":0,"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/posts\/1331\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/media\/1332"}],"wp:attachment":[{"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=1331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=1331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tuncersen.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=1331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}