{"id":522,"date":"2026-05-18T09:00:00","date_gmt":"2026-05-18T09:00:00","guid":{"rendered":"https:\/\/asenvirocon.me\/?p=522"},"modified":"2026-05-18T09:00:00","modified_gmt":"2026-05-18T09:00:00","slug":"wordpress-security-zastita","status":"publish","type":"post","link":"https:\/\/asenvirocon.me\/en\/wordpress-security-zastita\/","title":{"rendered":"WordPress security \u2014 kako da za\u0161titite sajt od napada"},"content":{"rendered":"<p>WordPress pokre\u0107e preko 40% svih sajtova na internetu \u2014 \u0161to ga \u010dini najpopularnijom CMS platformom, ali i naj\u010de\u0161\u0107om metom hakera. Dobra vijest: <strong>WordPress je siguran<\/strong> ako se pravilno konfiguri\u0161e i odr\u017eava. Lo\u0161a vijest: ve\u0107ina sajtova <em>nije<\/em> dobro za\u0161ti\u0107ena. U ovom vodi\u010du prolazimo kroz security osnove koje svaki WordPress sajt mora imati.<\/p>\n<h2>Naj\u010de\u0161\u0107i tipovi napada<\/h2>\n<ul>\n<li><strong>Brute force<\/strong> \u2014 poku\u0161aji poga\u0111anja lozinke<\/li>\n<li><strong>SQL injection<\/strong> \u2014 iskori\u0161\u0107avanje ranjivosti u bazi<\/li>\n<li><strong>Cross-site scripting (XSS)<\/strong> \u2014 injektovanje malicioznog koda<\/li>\n<li><strong>Malware<\/strong> \u2014 ubacivanje virusa kroz ranjive plugine<\/li>\n<li><strong>DDoS<\/strong> \u2014 preoptere\u0107enje sajta saobra\u0107ajem<\/li>\n<\/ul>\n<h2>Osnovne security mjere<\/h2>\n<h3>1. Jake lozinke<\/h3>\n<p>Ne &#8220;admin123&#8221;. Koristite password manager (Bitwarden, 1Password) i generi\u0161ite duge, random lozinke. Posebno za admin nalog.<\/p>\n<h3>2. Two-factor authentication (2FA)<\/h3>\n<p>Dodajte 2FA sloj sa Google Authenticator-om ili sli\u010dnim. \u010cak i ako neko dobije lozinku, ne\u0107e mo\u0107i da u\u0111e.<\/p>\n<h3>3. Promijenite default &#8220;admin&#8221; korisni\u010dko ime<\/h3>\n<p>Koristite ne\u0161to jedinstveno. &#8220;admin&#8221; je prvo \u0161to bot-ovi poku\u0161avaju.<\/p>\n<h3>4. Redovna a\u017euriranja<\/h3>\n<p>WordPress core, teme, plugini \u2014 sve mora biti a\u017eurno. 99% hakovanih WordPress sajtova je imalo zastarjeli softver.<\/p>\n<h3>5. Backup strategija<\/h3>\n<p>Dnevni automatski backup. \u010cuvajte ih off-site (ne na istom serveru kao sajt). Alati: UpdraftPlus, BackWPup.<\/p>\n<h3>6. Security plugin<\/h3>\n<p>Preporu\u010dujemo <strong>Wordfence<\/strong> ili <strong>Sucuri<\/strong> \u2014 firewall, malware skener, brute force za\u0161tita. Ve\u0107 imate Wordfence instaliran \u2014 samo ga konfiguri\u0161ite.<\/p>\n<h3>7. SSL sertifikat<\/h3>\n<p>HTTPS je obavezno. Ve\u0107ina hostera nudi besplatan Let&#8217;s Encrypt.<\/p>\n<h3>8. Ograni\u010dite login poku\u0161aje<\/h3>\n<p>Blokirajte IP-ove koji poku\u0161avaju vi\u0161e od 5 puta. Ve\u0107ina security plugina ima ovu funkcionalnost.<\/p>\n<h3>9. Sakrijte WordPress verziju<\/h3>\n<p>Hakeri prvo provjere verziju da na\u0111u ranjivosti. Sakrivanje verzije dodaje sloj obscurity-ja.<\/p>\n<h3>10. Minimalno plugina<\/h3>\n<p>Svaki plugin je potencijalna ranjivost. Koristite samo one koje stvarno trebate i koji se redovno a\u017euriraju.<\/p>\n<h2>Napredne mjere<\/h2>\n<ul>\n<li>Promijeniti default URL za login stranicu (\/wp-admin)<\/li>\n<li>Disable file editing iz admin panela<\/li>\n<li>Disable XML-RPC ako ga ne koristite<\/li>\n<li>Konfigurisati .htaccess za dodatnu za\u0161titu<\/li>\n<li>Ograni\u010diti pristup wp-config.php<\/li>\n<li>Content Security Policy headers<\/li>\n<\/ul>\n<h2>\u0160ta ako je sajt ve\u0107 hakovan<\/h2>\n<ol>\n<li>Stavite sajt u maintenance mode<\/li>\n<li>Identifikujte malware (security plugin ili ru\u010dno)<\/li>\n<li>Obri\u0161ite inficirane fajlove<\/li>\n<li>Vratite \u010dist backup<\/li>\n<li>Promijenite SVE lozinke (admin, FTP, baza, hosting)<\/li>\n<li>A\u017eurirajte sve<\/li>\n<li>Pokrenite full malware scan<\/li>\n<li>Obavijestite korisnike ako su im podaci mogli biti kompromitovani<\/li>\n<\/ol>\n<h2>\u010cesto postavljana pitanja<\/h2>\n<h3>Koliko \u010desto da radim backup?<\/h3>\n<p>Za aktivne sajtove \u2014 dnevno. Za stati\u010dne \u2014 nedjeljno.<\/p>\n<h3>Da li je WordPress nesiguran po svojoj prirodi?<\/h3>\n<p>Ne. WordPress core je jako siguran. Problem su obi\u010dno plugini i teme, ili lo\u0161e konfiguracije.<\/p>\n<h3>Koliko ko\u0161ta WordPress security?<\/h3>\n<p>Osnove su besplatne. Napredne mjere i odr\u017eavanje obi\u010dno ulaze u mjese\u010dni maintenance paket.<\/p>\n<h2>Treba vam za\u0161tita WordPress sajta?<\/h2>\n<p>Asenvirocon obezbje\u0111uje i odr\u017eava WordPress sajtove za crnogorske firme \u2014 od osnovnog security setup-a do kompletnog monitoring-a 24\/7. <a href=\"\/en\/#contact\"><strong>Zakazite konsultacije \u2192<\/strong><\/a> ili pozovite <strong>+382 68 090 161<\/strong>.<\/p>","protected":false},"excerpt":{"rendered":"<p>WordPress je najpopularnija platforma \u2014 \u0161to zna\u010di i naj\u010de\u0161\u0107a meta. Vodi\u010d kako da za\u0161titite va\u0161 sajt od hakera i malware-a.<\/p>","protected":false},"author":1,"featured_media":523,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[73,74,21,75],"class_list":["post-522","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-izrada-sajtova","tag-security","tag-sigurnost","tag-wordpress","tag-wordpress-zastita"],"_links":{"self":[{"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/posts\/522","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/comments?post=522"}],"version-history":[{"count":1,"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/posts\/522\/revisions"}],"predecessor-version":[{"id":588,"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/posts\/522\/revisions\/588"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/media\/523"}],"wp:attachment":[{"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/media?parent=522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/categories?post=522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/asenvirocon.me\/en\/wp-json\/wp\/v2\/tags?post=522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}