{"id":1487,"date":"2026-05-22T08:55:06","date_gmt":"2026-05-22T05:55:06","guid":{"rendered":"https:\/\/kolan.net.tr\/blog\/?p=1487"},"modified":"2026-05-22T13:23:07","modified_gmt":"2026-05-22T10:23:07","slug":"wordpress-guvenlik-aciklari","status":"publish","type":"post","link":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/","title":{"rendered":"WordPress&#8217;te En Yayg\u0131n 10 G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve Korunma Y\u00f6ntemleri"},"content":{"rendered":"<p>WordPress, d\u00fcnyadaki web sitelerinin yakla\u015f\u0131k y\u00fczde k\u0131rk\u0131n\u0131 \u00e7al\u0131\u015ft\u0131ran en pop\u00fcler i\u00e7erik y\u00f6netim sistemidir. Bu pop\u00fclerlik beraberinde b\u00fcy\u00fck bir sald\u0131r\u0131 y\u00fczeyi de getirir: sald\u0131rganlar her g\u00fcn milyonlarca WordPress sitesini otomatik ara\u00e7larla tarayarak bilinen a\u00e7\u0131klar\u0131 s\u00f6m\u00fcrmeye \u00e7al\u0131\u015f\u0131r. \u0130yi haber \u015fu ki, WordPress hack vakalar\u0131n\u0131n b\u00fcy\u00fck \u00e7o\u011funlu\u011fu s\u0131f\u0131r\u0131nc\u0131 g\u00fcn a\u00e7\u0131klar\u0131ndan de\u011fil, ihmal edilen klasik g\u00fcvenlik hatalar\u0131ndan kaynaklan\u0131r. Bu rehberde <strong>WordPress&#8217;te en yayg\u0131n 10 g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131<\/strong>, her birinin ger\u00e7ek d\u00fcnyada nas\u0131l s\u00f6m\u00fcr\u00fcld\u00fc\u011f\u00fcn\u00fc ve sitenizi korumak i\u00e7in atman\u0131z gereken pratik ad\u0131mlar\u0131 ele alaca\u011f\u0131z.<\/p>\n<h2>Neden WordPress Bu Kadar S\u0131k Hedef Al\u0131n\u0131r?<\/h2>\n<p>WordPress&#8217;in sald\u0131rganlar i\u00e7in cazip olmas\u0131n\u0131n birka\u00e7 temel nedeni vard\u0131r:<\/p>\n<ul>\n<li><strong>Yayg\u0131nl\u0131k:<\/strong> Tek bir a\u00e7\u0131k milyonlarca siteyi etkileyebilir; sald\u0131rganlar i\u00e7in \u00f6l\u00e7ek ekonomisi sa\u011flar.<\/li>\n<li><strong>A\u00e7\u0131k kaynak yap\u0131s\u0131:<\/strong> \u00c7ekirdek kodun yan\u0131 s\u0131ra binlerce eklenti ve tema kamuya a\u00e7\u0131kt\u0131r; sald\u0131rganlar kaynak kodu analiz ederek a\u00e7\u0131k arar.<\/li>\n<li><strong>Eklenti ekosistemi:<\/strong> 60.000&#8217;den fazla eklenti vard\u0131r ve kalite kontrol\u00fc de\u011fi\u015fkendir. A\u00e7\u0131klar\u0131n b\u00fcy\u00fck \u00e7o\u011funlu\u011fu \u00e7ekirdekte de\u011fil, \u00fc\u00e7\u00fcnc\u00fc taraf eklentilerde bulunur.<\/li>\n<li><strong>Kullan\u0131c\u0131 profili:<\/strong> WordPress kullan\u0131c\u0131lar\u0131n\u0131n \u00f6nemli bir b\u00f6l\u00fcm\u00fc teknik bilgi sahibi olmayan ki\u015filerdir; g\u00fcncelleme, yedekleme ve g\u00fcvenlik sertle\u015ftirmesi s\u0131kl\u0131kla ihmal edilir.<\/li>\n<li><strong>Standart yap\u0131:<\/strong> Y\u00f6netici paneli URL&#8217;si, dosya yollar\u0131 ve veritaban\u0131 yap\u0131s\u0131 \u00e7o\u011fu sitede ayn\u0131d\u0131r; bu da otomatik sald\u0131r\u0131 ara\u00e7lar\u0131n\u0131 kolayla\u015ft\u0131r\u0131r.<\/li>\n<\/ul>\n<p>\u015eimdi en s\u0131k kar\u015f\u0131la\u015f\u0131lan a\u00e7\u0131klar\u0131 teker teker inceleyelim.<\/p>\n<h2>1. G\u00fcncel Olmayan WordPress \u00c7ekirde\u011fi, Eklenti ve Temalar<\/h2>\n<p>Hacklenmi\u015f WordPress sitelerinin b\u00fcy\u00fck \u00e7o\u011funlu\u011funun arkas\u0131nda tek bir sebep vard\u0131r: <strong>g\u00fcncellenmemi\u015f yaz\u0131l\u0131m<\/strong>. Bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 duyuruldu\u011fu anda, sald\u0131rganlar etkilenen s\u00fcr\u00fcmleri tarayan botlar\u0131 devreye al\u0131r. A\u00e7\u0131k duyurusu ile s\u00f6m\u00fcr\u00fc aras\u0131ndaki s\u00fcre \u00e7o\u011fu zaman saatlerle \u00f6l\u00e7\u00fcl\u00fcr.<\/p>\n<p>En kritik risk eklentilerdedir. Wordfence ve Patchstack raporlar\u0131na g\u00f6re WordPress a\u00e7\u0131klar\u0131n\u0131n y\u00fczde doksandan fazlas\u0131 \u00fc\u00e7\u00fcnc\u00fc taraf eklentilerden gelir. \u00d6zellikle uzun s\u00fcredir g\u00fcncellenmeyen veya geli\u015ftirici deste\u011fi b\u0131rak\u0131lm\u0131\u015f (abandoned) eklentiler ciddi tehdit olu\u015fturur.<\/p>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li>WordPress \u00e7ekirde\u011fini, eklentileri ve temalar\u0131 d\u00fczenli olarak g\u00fcncelleyin; m\u00fcmk\u00fcnse <em>auto-update<\/em> \u00f6zelli\u011fini a\u00e7\u0131n.<\/li>\n<li>Kullanmad\u0131\u011f\u0131n\u0131z eklenti ve temalar\u0131 yaln\u0131zca devre d\u0131\u015f\u0131 b\u0131rakmakla yetinmeyin, tamamen <strong>silin<\/strong>. Pasif dosyalar bile sald\u0131r\u0131 y\u00fczeyidir.<\/li>\n<li>Bir y\u0131ldan uzun s\u00fcredir g\u00fcncellenmemi\u015f veya WordPress.org&#8217;dan kald\u0131r\u0131lm\u0131\u015f eklentileri terk edin.<\/li>\n<li>G\u00fcncelleme \u00f6ncesi mutlaka tam yedek al\u0131n ve m\u00fcmk\u00fcnse <em>staging<\/em> ortam\u0131nda test edin.<\/li>\n<li>WPScan, Patchstack veya Wordfence Intelligence gibi kaynaklardan a\u00e7\u0131k bildirimlerine abone olun.<\/li>\n<\/ul>\n<h2>2. Zay\u0131f Parolalar ve Brute Force (Kaba Kuvvet) Sald\u0131r\u0131lar\u0131<\/h2>\n<p>Brute force, WordPress&#8217;e y\u00f6nelik en eski ve en yayg\u0131n sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. Sald\u0131rgan, <code>\/wp-login.php<\/code> sayfas\u0131na saniyede y\u00fczlerce kullan\u0131c\u0131 ad\u0131 ve parola kombinasyonu g\u00f6ndererek hesap ele ge\u00e7irmeye \u00e7al\u0131\u015f\u0131r. &#8220;admin&#8221;, &#8220;administrator&#8221;, &#8220;root&#8221; gibi varsay\u0131lan kullan\u0131c\u0131 adlar\u0131 ve &#8220;123456&#8221;, &#8220;password&#8221;, &#8220;qwerty&#8221; gibi yayg\u0131n parolalar sald\u0131rganlar\u0131n ilk denedi\u011fi kombinasyonlard\u0131r.<\/p>\n<p>Sald\u0131r\u0131n\u0131n daha tehlikeli bir varyant\u0131 <strong>credential stuffing<\/strong>&#8216;tir: ba\u015fka sitelerden s\u0131zd\u0131r\u0131lm\u0131\u015f kullan\u0131c\u0131 ad\u0131\/parola \u00e7iftleri WordPress giri\u015f sayfas\u0131nda denenir. Parolas\u0131n\u0131 birden fazla sitede kullanan kullan\u0131c\u0131lar bu sald\u0131r\u0131ya a\u00e7\u0131kt\u0131r.<\/p>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li>Varsay\u0131lan <em>admin<\/em> kullan\u0131c\u0131 ad\u0131n\u0131 asla kullanmay\u0131n; tahmin edilmesi g\u00fc\u00e7 bir kullan\u0131c\u0131 ad\u0131 se\u00e7in.<\/li>\n<li>En az 16 karakterli, b\u00fcy\u00fck\/k\u00fc\u00e7\u00fck harf, rakam ve \u00f6zel karakter i\u00e7eren parolalar olu\u015fturun. Bir <strong>parola y\u00f6neticisi<\/strong> kullan\u0131n.<\/li>\n<li><strong>\u0130ki ad\u0131ml\u0131 do\u011frulamay\u0131 (2FA)<\/strong> mutlaka etkinle\u015ftirin. Wordfence, WP 2FA veya Google Authenticator entegrasyonu sa\u011flayan eklentiler kullan\u0131labilir.<\/li>\n<li>Giri\u015f denemelerini s\u0131n\u0131rlay\u0131n: Limit Login Attempts Reloaded gibi eklentilerle ba\u015far\u0131s\u0131z giri\u015f sonras\u0131 IP&#8217;yi ge\u00e7ici olarak engelleyin.<\/li>\n<li>Giri\u015f sayfas\u0131n\u0131 <code>\/wp-login.php<\/code> d\u0131\u015f\u0131nda \u00f6zel bir URL&#8217;ye ta\u015f\u0131y\u0131n (\u00f6rn. WPS Hide Login).<\/li>\n<li>M\u00fcmk\u00fcnse <code>wp-admin<\/code> dizinine sunucu seviyesinde IP k\u0131s\u0131tlamas\u0131 veya HTTP Basic Auth (htpasswd) ekleyin.<\/li>\n<\/ul>\n<h2>3. SQL Injection (SQL Enjeksiyonu)<\/h2>\n<p>SQL Injection, kullan\u0131c\u0131dan gelen verinin do\u011frudan veritaban\u0131 sorgusuna eklendi\u011fi durumlarda ortaya \u00e7\u0131kar. Sald\u0131rgan, form alan\u0131 veya URL parametresi \u00fczerinden g\u00f6nderdi\u011fi \u00f6zel haz\u0131rlanm\u0131\u015f girdiyle veritaban\u0131ndan veri \u00e7ekebilir, kullan\u0131c\u0131 parolas\u0131 hash&#8217;lerini s\u0131zd\u0131rabilir, hatta yeni y\u00f6netici hesab\u0131 olu\u015fturabilir.<\/p>\n<p>WordPress \u00e7ekirde\u011fi <code>$wpdb-&gt;prepare()<\/code> ile parametrize sorgu kulland\u0131\u011f\u0131 i\u00e7in iyi korunur; ancak <strong>\u00fc\u00e7\u00fcnc\u00fc taraf eklentilerde<\/strong> SQL Injection a\u00e7\u0131klar\u0131 s\u0131k\u00e7a bulunur. \u00d6zellikle arama, filtreleme, raporlama ve \u00f6zel form eklentileri tarihsel olarak risklidir.<\/p>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li>Eklenti ve temalar\u0131 g\u00fcncel tutun (1. maddeye bak\u0131n).<\/li>\n<li>WPScan veya Patchstack ile sitenizdeki eklentilerin bilinen a\u00e7\u0131klar\u0131n\u0131 taray\u0131n.<\/li>\n<li>\u00d6n\u00fcn\u00fcze bir <strong>Web Application Firewall (WAF)<\/strong> koyun: Cloudflare WAF, Sucuri, Wordfence veya sunucu taraf\u0131nda ModSecurity OWASP CRS.<\/li>\n<li>\u00d6zel kod yaz\u0131yorsan\u0131z her zaman <code>$wpdb-&gt;prepare()<\/code> kullan\u0131n; <em>string concatenation<\/em> ile sorgu olu\u015fturmay\u0131n.<\/li>\n<li>Veritaban\u0131 kullan\u0131c\u0131s\u0131n\u0131n yetkisini gerekli olanla s\u0131n\u0131rlay\u0131n; <em>DROP<\/em>, <em>GRANT<\/em> gibi yetkiler genelde gerekli de\u011fildir.<\/li>\n<li>Varsay\u0131lan <code>wp_<\/code> tablo \u00f6nekini de\u011fi\u015ftirin; tek ba\u015f\u0131na yeterli de\u011fildir ama otomatik ara\u00e7lar\u0131n i\u015fini zorla\u015ft\u0131r\u0131r.<\/li>\n<\/ul>\n<h2>4. Cross-Site Scripting (XSS)<\/h2>\n<p>XSS, sald\u0131rgan\u0131n bir web sayfas\u0131na k\u00f6t\u00fc ama\u00e7l\u0131 JavaScript kodu enjekte etmesidir. Ziyaret\u00e7i sayfay\u0131 a\u00e7t\u0131\u011f\u0131nda bu kod taray\u0131c\u0131s\u0131nda \u00e7al\u0131\u015f\u0131r; \u00e7erezleri \u00e7alabilir, oturumu ele ge\u00e7irebilir, kullan\u0131c\u0131y\u0131 sahte sayfalara y\u00f6nlendirebilir veya y\u00f6netici taray\u0131c\u0131s\u0131nda istek yapabilir.<\/p>\n<p>WordPress&#8217;te en s\u0131k g\u00f6r\u00fclen XSS senaryolar\u0131 \u015funlard\u0131r:<\/p>\n<ul>\n<li>Yorum alanlar\u0131nda filtrelenmemi\u015f HTML\/JavaScript girdisi.<\/li>\n<li>Form eklentilerinin <em>output<\/em> a\u015famas\u0131nda veriyi escape etmemesi.<\/li>\n<li>Tema ve eklentilerin <code>echo $_GET['param']<\/code> gibi g\u00fcvensiz kal\u0131plar kullanmas\u0131.<\/li>\n<li>Y\u00f6netici panelinde g\u00f6sterilen eklenti ayarlar\u0131nda <em>stored XSS<\/em>.<\/li>\n<\/ul>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li>Eklenti ve temalar\u0131 g\u00fcncel tutun; XSS yamalar\u0131 en s\u0131k yay\u0131nlanan d\u00fczeltmeler aras\u0131ndad\u0131r.<\/li>\n<li>Bilinmeyen kullan\u0131c\u0131lardan gelen yorumlar\u0131 onaya tabi tutun; spam filtresi olarak Akismet veya Antispam Bee kullan\u0131n.<\/li>\n<li>HTTP yan\u0131t ba\u015fl\u0131klar\u0131n\u0131za <strong>Content Security Policy (CSP)<\/strong>, <code>X-XSS-Protection<\/code>, <code>X-Content-Type-Options: nosniff<\/code> ekleyin.<\/li>\n<li>\u00d6zel kod yaz\u0131yorsan\u0131z \u00e7\u0131kt\u0131y\u0131 her zaman <code>esc_html()<\/code>, <code>esc_attr()<\/code>, <code>esc_url()<\/code>, <code>wp_kses()<\/code> ile temizleyin.<\/li>\n<li>WAF kurallar\u0131 \u00e7o\u011fu klasik XSS denemesini engeller; CDN seviyesinde aktif edin.<\/li>\n<\/ul>\n<h2>5. Cross-Site Request Forgery (CSRF)<\/h2>\n<p>CSRF, oturumu a\u00e7\u0131k bir y\u00f6neticiyi fark\u0131nda olmadan istemedi\u011fi bir i\u015flem yapmaya zorlayan sald\u0131r\u0131 t\u00fcr\u00fcd\u00fcr. Y\u00f6netici, ba\u015fka sekmede a\u00e7\u0131k bir k\u00f6t\u00fc ama\u00e7l\u0131 sayfay\u0131 ziyaret etti\u011finde, sayfa arka planda WordPress sitesine istek g\u00f6nderir: yeni kullan\u0131c\u0131 olu\u015ftur, eklenti y\u00fckle, ayar de\u011fi\u015ftir gibi.<\/p>\n<p>WordPress, bu sald\u0131r\u0131ya kar\u015f\u0131 <strong>nonce<\/strong> (number used once) mekanizmas\u0131yla korunur. Ancak nonce kontrol\u00fcn\u00fc eksik veya hatal\u0131 uygulayan eklentiler ciddi a\u00e7\u0131klar yarat\u0131r; ge\u00e7mi\u015fte pop\u00fcler eklentilerde defalarca CSRF kaynakl\u0131 y\u00f6netici hesab\u0131 olu\u015fturma a\u00e7\u0131\u011f\u0131 bulunmu\u015ftur.<\/p>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li>T\u00fcm eklentileri g\u00fcncel tutun; CSRF a\u00e7\u0131klar\u0131 i\u00e7in yamalar\u0131 zaman ge\u00e7irmeden uygulay\u0131n.<\/li>\n<li>\u0130ki ad\u0131ml\u0131 do\u011frulama, y\u00f6neticiye y\u00f6nelik CSRF&#8217;in etkisini b\u00fcy\u00fck \u00f6l\u00e7\u00fcde azalt\u0131r.<\/li>\n<li>\u00d6nemli i\u015flemler sonras\u0131 y\u00f6neticiyi oturumdan otomatik \u00e7\u0131karacak \u015fekilde oturum s\u00fcresini k\u0131salt\u0131n.<\/li>\n<li>\u00d6zel form veya AJAX endpoint yaz\u0131yorsan\u0131z <code>wp_nonce_field()<\/code> ve <code>check_admin_referer()<\/code> \/ <code>check_ajax_referer()<\/code> kullanmadan istek i\u015flemeyin.<\/li>\n<li>\u00c7erez g\u00fcvenli\u011fi i\u00e7in <code>SameSite=Lax<\/code> veya <code>Strict<\/code> politikas\u0131n\u0131 uygulay\u0131n.<\/li>\n<\/ul>\n<h2>6. G\u00fcvensiz Dosya Y\u00fckleme A\u00e7\u0131klar\u0131<\/h2>\n<p>Bir\u00e7ok WordPress eklentisi kullan\u0131c\u0131ya dosya y\u00fckleme imk\u00e2n\u0131 verir: galeri, form eki, profil resmi, \u00fcr\u00fcn dosyas\u0131 vb. Y\u00fckleme a\u015famas\u0131nda dosya t\u00fcr\u00fc ve i\u00e7eri\u011fi yeterince do\u011frulanmazsa, sald\u0131rgan PHP uzant\u0131l\u0131 bir <strong>shell<\/strong> (web kabu\u011fu) y\u00fckleyerek sunucuda komut \u00e7al\u0131\u015ft\u0131rabilir. Bu, \u00e7o\u011fu zaman tam sunucu ele ge\u00e7irilmesiyle sonu\u00e7lan\u0131r.<\/p>\n<p>Klasik hatalar:<\/p>\n<ul>\n<li>Dosya uzant\u0131s\u0131n\u0131n yaln\u0131zca client-side (JavaScript) ile kontrol edilmesi.<\/li>\n<li><code>.php<\/code>, <code>.phtml<\/code>, <code>.phar<\/code> uzant\u0131lar\u0131n\u0131n kara liste yerine beyaz liste ile filtrelenmemesi.<\/li>\n<li>Y\u00fcklenen dosyan\u0131n <code>wp-content\/uploads<\/code> i\u00e7inde do\u011frudan \u00e7al\u0131\u015ft\u0131r\u0131labilir olmas\u0131.<\/li>\n<li>Dosya ad\u0131n\u0131n kullan\u0131c\u0131dan gelen de\u011ferle korunmadan olu\u015fturulmas\u0131 (Path Traversal).<\/li>\n<\/ul>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li><code>wp-content\/uploads<\/code> dizininde PHP \u00e7al\u0131\u015ft\u0131rmay\u0131 sunucu seviyesinde engelleyin. <em>.htaccess<\/em> ile:\n<pre><code>&lt;FilesMatch \"\\.(php|phtml|phar|php5|php7|php8)$\"&gt;\r\n  Require all denied\r\n&lt;\/FilesMatch&gt;<\/code><\/pre>\n<p>  Nginx&#8217;te benzer location blo\u011fu kullan\u0131n.<\/li>\n<li>Y\u00fckleme i\u015flevi olan eklentileri g\u00fcncel tutun ve m\u00fcmk\u00fcnse az say\u0131da, iyi bak\u0131lan eklentilerle s\u0131n\u0131rlay\u0131n.<\/li>\n<li>Kullan\u0131c\u0131 bazl\u0131 y\u00fckleme yetkilerini g\u00f6zden ge\u00e7irin: <em>Subscriber<\/em> rol\u00fcn\u00fcn dosya y\u00fcklememesi gerekir.<\/li>\n<li>WAF ile y\u00fcklenen dosya i\u00e7eri\u011fini taray\u0131n; Imunify360, Wordfence veya Sucuri bu konuda etkilidir.<\/li>\n<\/ul>\n<h2>7. Yanl\u0131\u015f Dosya ve Dizin \u0130zinleri<\/h2>\n<p>Linux sunucularda dosya izinleri yanl\u0131\u015f ayarland\u0131\u011f\u0131nda, sald\u0131rgan k\u00fc\u00e7\u00fck bir a\u00e7\u0131ktan yetkilerini y\u00fckseltebilir veya sitedeki di\u011fer kullan\u0131c\u0131lar\u0131n alanlar\u0131na s\u0131\u00e7rayabilir. \u00d6zellikle payla\u015f\u0131ml\u0131 hostinglerde 777 izinli bir dizin t\u00fcm sunucu i\u00e7in risk olu\u015fturur.<\/p>\n<p>WordPress i\u00e7in \u00f6nerilen izinler:<\/p>\n<ul>\n<li>Dizinler: <strong>755<\/strong><\/li>\n<li>Dosyalar: <strong>644<\/strong><\/li>\n<li><code>wp-config.php<\/code>: <strong>600<\/strong> veya <strong>640<\/strong><\/li>\n<li>Sahiplik: dosyalar\u0131n web sunucu kullan\u0131c\u0131s\u0131 (\u00f6rn. <em>nobody<\/em>, <em>www-data<\/em>) yerine site sahibi kullan\u0131c\u0131ya ait olmas\u0131, sunucu kullan\u0131c\u0131s\u0131n\u0131n yaln\u0131zca grup \u00fcyesi olmas\u0131 idealdir.<\/li>\n<\/ul>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li>cPanel&#8217;de &#8220;Fix File Permissions&#8221; arac\u0131n\u0131 kullan\u0131n veya SSH ile \u015fu komutlar\u0131 \u00e7al\u0131\u015ft\u0131r\u0131n:\n<pre><code>find \/home\/kullanici\/public_html -type d -exec chmod 755 {} \\;\r\nfind \/home\/kullanici\/public_html -type f -exec chmod 644 {} \\;\r\nchmod 600 \/home\/kullanici\/public_html\/wp-config.php<\/code><\/pre>\n<\/li>\n<li>Payla\u015f\u0131ml\u0131 hostingte <strong>suPHP<\/strong>, <strong>PHP-FPM with user pools<\/strong> veya <strong>CloudLinux CageFS<\/strong> kullanan sa\u011flay\u0131c\u0131lar\u0131 tercih edin.<\/li>\n<li>777 izninden mutlak surette ka\u00e7\u0131n\u0131n; &#8220;\u00e7al\u0131\u015ft\u0131, izinleri a\u00e7t\u0131m&#8221; ge\u00e7ici \u00e7\u00f6z\u00fcmler kal\u0131c\u0131 a\u00e7\u0131\u011fa d\u00f6n\u00fc\u015f\u00fcr.<\/li>\n<\/ul>\n<h2>8. wp-config.php ve Hassas Dosyalar\u0131n Korunmamas\u0131<\/h2>\n<p><code>wp-config.php<\/code> WordPress&#8217;in en kritik dosyas\u0131d\u0131r; veritaban\u0131 bilgileri, kimlik do\u011frulama anahtarlar\u0131 (<em>SALT<\/em>) ve s\u00fcr\u00fcc\u00fc ayarlar\u0131 burada tutulur. Bu dosyan\u0131n i\u00e7eri\u011fi sald\u0131rgan\u0131n eline ge\u00e7erse sitenin tamam\u0131 tehlikededir. Yedek alma ara\u00e7lar\u0131n\u0131n b\u0131rakt\u0131\u011f\u0131 <code>wp-config.php.bak<\/code>, <code>wp-config.old<\/code> gibi dosyalar taray\u0131c\u0131dan do\u011frudan indirilebilir ve s\u0131z\u0131nt\u0131ya yol a\u00e7abilir.<\/p>\n<p>Ayn\u0131 tehlike <code>.git<\/code> dizininin, <code>debug.log<\/code>, <code>.env<\/code>, <code>phpinfo.php<\/code> ve veritaban\u0131 dump dosyalar\u0131n\u0131n halka a\u00e7\u0131k dizinlerde b\u0131rak\u0131lmas\u0131 i\u00e7in de ge\u00e7erlidir.<\/p>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li><code>wp-config.php<\/code>&#8216;yi m\u00fcmk\u00fcnse <code>public_html<\/code>&#8216;in <strong>bir \u00fcst dizinine<\/strong> ta\u015f\u0131y\u0131n. WordPress bunu otomatik olarak okur.<\/li>\n<li>A\u015fa\u011f\u0131daki <em>.htaccess<\/em> kural\u0131n\u0131 ekleyin:\n<pre><code>&lt;Files wp-config.php&gt;\r\n  Require all denied\r\n&lt;\/Files&gt;\r\n&lt;FilesMatch \"\\.(bak|old|sql|log|env)$\"&gt;\r\n  Require all denied\r\n&lt;\/FilesMatch&gt;<\/code><\/pre>\n<\/li>\n<li>WordPress kurulumunda <em>secret keys<\/em>&#8216;i <a href=\"https:\/\/api.wordpress.org\/secret-key\/1.1\/salt\/\">api.wordpress.org\/secret-key\/1.1\/salt\/<\/a> \u00fczerinden yenileyin; bir ihlal \u015f\u00fcphesi sonras\u0131 mutlaka de\u011fi\u015ftirin.<\/li>\n<li><code>WP_DEBUG<\/code>&#8216;\u0131 \u00fcretim ortam\u0131nda <em>false<\/em>, en az\u0131ndan <code>WP_DEBUG_DISPLAY<\/code>&#8216;\u0131 <em>false<\/em> yap\u0131n; <code>debug.log<\/code>&#8216;u taray\u0131c\u0131dan eri\u015filemez konuma al\u0131n.<\/li>\n<li>FTP yerine her zaman <strong>SFTP<\/strong> veya <strong>SSH<\/strong> kullan\u0131n.<\/li>\n<\/ul>\n<h2>9. XML-RPC ve REST API&#8217;nin K\u00f6t\u00fcye Kullan\u0131m\u0131<\/h2>\n<p>XML-RPC, WordPress&#8217;in eski mobil istemci ve uzaktan yay\u0131n \u00f6zelli\u011fi i\u00e7in kulland\u0131\u011f\u0131 bir endpoint&#8217;tir (<code>\/xmlrpc.php<\/code>). G\u00fcn\u00fcm\u00fczde yerini b\u00fcy\u00fck \u00f6l\u00e7\u00fcde REST API&#8217;ye b\u0131rakm\u0131\u015ft\u0131r, ancak h\u00e2l\u00e2 varsay\u0131lan olarak aktiftir. Sald\u0131rganlar XML-RPC&#8217;yi \u00fc\u00e7 \u015fekilde k\u00f6t\u00fcye kullan\u0131r:<\/p>\n<ul>\n<li><strong>Brute force amplification:<\/strong> <code>system.multicall<\/code> metodu ile tek bir HTTP iste\u011finde y\u00fczlerce parola denemesi yap\u0131labilir.<\/li>\n<li><strong>DDoS pingback:<\/strong> <code>pingback.ping<\/code> metodu, WordPress sitesini ba\u015fka bir hedefe sald\u0131ran bir arac\u0131ya d\u00f6n\u00fc\u015ft\u00fcrebilir.<\/li>\n<li><strong>Bilgi s\u0131zd\u0131rma:<\/strong> Etkinle\u015ftirilmi\u015f metodlardan kullan\u0131c\u0131 listesi elde edilebilir.<\/li>\n<\/ul>\n<p>REST API taraf\u0131nda ise <code>\/wp-json\/wp\/v2\/users<\/code> endpoint&#8217;i, kimlik do\u011frulamas\u0131 yap\u0131lmam\u0131\u015f kullan\u0131c\u0131lara dahi kullan\u0131c\u0131 adlar\u0131n\u0131 listeleyebilir. Bu, brute force sald\u0131r\u0131lar\u0131 i\u00e7in alt\u0131n de\u011ferinde bir bilgidir.<\/p>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li>XML-RPC&#8217;ye ihtiyac\u0131n\u0131z yoksa tamamen kapat\u0131n. <em>.htaccess<\/em> ile:\n<pre><code>&lt;Files xmlrpc.php&gt;\r\n  Require all denied\r\n&lt;\/Files&gt;<\/code><\/pre>\n<\/li>\n<li>Disable XML-RPC veya Wordfence gibi eklentilerle de kapat\u0131labilir.<\/li>\n<li>REST API&#8217;de <code>users<\/code> endpoint&#8217;ini anonim kullan\u0131c\u0131lara kapat\u0131n; bunu yapan bir\u00e7ok g\u00fcvenlik eklentisi vard\u0131r.<\/li>\n<li>Yazar ar\u015fiv sayfas\u0131 <code>?author=1<\/code> sorgusunu engelleyin; bu sorgu kullan\u0131c\u0131 <em>slug<\/em>&#8216;\u0131n\u0131 if\u015fa eder.<\/li>\n<\/ul>\n<h2>10. Tedarik Zinciri A\u00e7\u0131klar\u0131: Nulled, Pirated ve Terk Edilmi\u015f Eklentiler<\/h2>\n<p>&#8220;Nulled&#8221; yani lisans\u0131 k\u0131r\u0131lm\u0131\u015f premium eklenti ve temalar, WordPress d\u00fcnyas\u0131ndaki en yayg\u0131n <strong>arka kap\u0131 (backdoor)<\/strong> kaynaklar\u0131ndan biridir. \u00dccretsiz olarak da\u011f\u0131t\u0131lan bu paketlerin b\u00fcy\u00fck \u00e7o\u011funlu\u011fu, i\u00e7ine yerle\u015ftirilmi\u015f k\u00f6t\u00fc ama\u00e7l\u0131 kod ile birlikte gelir: site sahibine fark ettirmeden sald\u0131rgana uzaktan eri\u015fim sa\u011flar, spam i\u00e7erik enjekte eder veya siteyi botnet&#8217;in par\u00e7as\u0131 h\u00e2line getirir.<\/p>\n<p>Benzer \u015fekilde, GitHub veya k\u00fc\u00e7\u00fck geli\u015ftirici sitelerinden indirilen kod, geli\u015ftiricinin kendi hesab\u0131 ele ge\u00e7irildi\u011finde <em>supply chain<\/em> sald\u0131r\u0131s\u0131n\u0131n ta\u015f\u0131y\u0131c\u0131s\u0131 olabilir. Ge\u00e7mi\u015fte birden fazla pop\u00fcler eklenti, yeni sahibine devredildikten sonra zararl\u0131 kod ile g\u00fcncellenmi\u015ftir.<\/p>\n<p><strong>Korunma ad\u0131mlar\u0131:<\/strong><\/p>\n<ul>\n<li>Eklenti ve temalar\u0131 yaln\u0131zca <strong>WordPress.org<\/strong>, geli\u015ftiricinin resmi sitesi veya CodeCanyon gibi denetlenen pazaryerlerinden temin edin.<\/li>\n<li>Nulled yaz\u0131l\u0131m kullanmay\u0131n; ekonomik kazanc\u0131n bedeli neredeyse her zaman site ele ge\u00e7irmedir.<\/li>\n<li>El de\u011fi\u015ftiren veya uzun s\u00fcredir g\u00fcncellenmeyen eklentileri yak\u0131n takibe al\u0131n; Patchstack <em>&#8220;abandoned plugin&#8221;<\/em> uyar\u0131lar\u0131n\u0131 izleyin.<\/li>\n<li>Sitede dosya b\u00fct\u00fcnl\u00fc\u011f\u00fc taramas\u0131 yap\u0131n: Wordfence &#8220;scan&#8221;, Sucuri SiteCheck veya MalCare ile \u00e7ekirdek ve eklenti dosyalar\u0131n\u0131n orijinal s\u00fcr\u00fcmleriyle kar\u015f\u0131la\u015ft\u0131r\u0131n.<\/li>\n<li>\u015e\u00fcpheli durumlarda <code>wp-content\/plugins<\/code>, <code>wp-content\/themes<\/code> ve <code>wp-content\/uploads<\/code> i\u00e7inde ola\u011fand\u0131\u015f\u0131 PHP dosyalar\u0131n\u0131, <code>eval(base64_decode(...))<\/code> kal\u0131plar\u0131n\u0131 aray\u0131n.<\/li>\n<\/ul>\n<h2>Bonus: Eksikli\u011fi A\u00e7\u0131k Kadar Tehlikeli 5 \u00d6nlem<\/h2>\n<p>Yukar\u0131daki on a\u00e7\u0131\u011fa ek olarak, bir WordPress sitesinde bulunmas\u0131 gereken temel savunma katmanlar\u0131n\u0131 da hat\u0131rlatmakta fayda var:<\/p>\n<ul>\n<li><strong>SSL\/TLS (HTTPS):<\/strong> Let&#8217;s Encrypt ile \u00fccretsiz sertifika al\u0131n; HTTP&#8217;den HTTPS&#8217;e 301 y\u00f6nlendirme yap\u0131n; HSTS ba\u015fl\u0131\u011f\u0131 ekleyin.<\/li>\n<li><strong>D\u00fczenli yedekleme:<\/strong> UpdraftPlus, Jetpack VaultPress veya sunucu seviyesinde JetBackup ile g\u00fcnl\u00fck yedek al\u0131n ve yede\u011fi siteyle <em>ayn\u0131 sunucuda tutmay\u0131n<\/em>.<\/li>\n<li><strong>Web Application Firewall:<\/strong> Cloudflare, Sucuri veya Wordfence ile uygulama katman\u0131 korumas\u0131.<\/li>\n<li><strong>Log izleme:<\/strong> Ba\u015far\u0131s\u0131z giri\u015f denemeleri, 404 patlamalar\u0131 ve <code>xmlrpc.php<\/code> trafi\u011fi i\u00e7in uyar\u0131 kurun.<\/li>\n<li><strong>En az yetki prensibi:<\/strong> Her kullan\u0131c\u0131ya yaln\u0131zca i\u015fini yapmas\u0131 i\u00e7in gereken rol verin; g\u00fcnl\u00fck \u00e7al\u0131\u015fma i\u00e7in <em>Administrator<\/em> hesab\u0131 kullanmay\u0131n.<\/li>\n<\/ul>\n<h2>Olas\u0131 Bir \u0130hlal Sonras\u0131 Yap\u0131lacaklar<\/h2>\n<p>Her \u015feye ra\u011fmen siteniz ele ge\u00e7irilirse, panik yapmadan \u015fu ad\u0131mlar\u0131 izleyin:<\/p>\n<ol>\n<li>Siteyi ge\u00e7ici olarak bak\u0131m moduna al\u0131n veya sunucudan izole edin.<\/li>\n<li>T\u00fcm kullan\u0131c\u0131lar\u0131n parolalar\u0131n\u0131 ve cPanel\/FTP\/SSH eri\u015fim bilgilerini s\u0131f\u0131rlay\u0131n.<\/li>\n<li><code>wp-config.php<\/code> i\u00e7indeki SALT anahtarlar\u0131n\u0131 yenileyin; bu, mevcut t\u00fcm oturumlar\u0131 ge\u00e7ersiz k\u0131lar.<\/li>\n<li>Wordfence, Sucuri veya MalCare ile tam tarama yap\u0131n; dosya b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc \u00e7ekirdek kayna\u011f\u0131yla kar\u015f\u0131la\u015ft\u0131r\u0131n.<\/li>\n<li>\u015e\u00fcpheli kullan\u0131c\u0131lar\u0131, planlanm\u0131\u015f g\u00f6revleri (<code>wp_cron<\/code>) ve zamanlanm\u0131\u015f SQL kay\u0131tlar\u0131n\u0131 inceleyin.<\/li>\n<li>Temiz bir yede\u011fe d\u00f6nmek en h\u0131zl\u0131 \u00e7\u00f6z\u00fcmd\u00fcr; ancak yede\u011fin de zararl\u0131 kod i\u00e7erebilece\u011fini unutmay\u0131n.<\/li>\n<li>Olay\u0131n k\u00f6k nedenini bulmadan siteyi tekrar yay\u0131na almay\u0131n; aksi takdirde ayn\u0131 yoldan tekrar girilir.<\/li>\n<\/ol>\n<h2>Sonu\u00e7<\/h2>\n<p>WordPress g\u00fcvenli\u011finin s\u0131rr\u0131, sihirli bir eklenti veya pahal\u0131 bir hizmet de\u011fil; <strong>disiplinli bak\u0131md\u0131r<\/strong>. Bu rehberde ele ald\u0131\u011f\u0131m\u0131z on a\u00e7\u0131\u011f\u0131n neredeyse tamam\u0131, d\u00fczenli g\u00fcncelleme, g\u00fc\u00e7l\u00fc parolalar, iki ad\u0131ml\u0131 do\u011frulama, do\u011fru dosya izinleri ve \u00f6n\u00fcn\u00fcze koyaca\u011f\u0131n\u0131z bir WAF ile b\u00fcy\u00fck \u00f6l\u00e7\u00fcde kapat\u0131labilir. Sitenizi y\u0131lda bir kez de\u011fil, ayda bir kez g\u00f6zden ge\u00e7irin; eklenti envanterinizi sade tutun; yedeklerinizi test edin. Bu k\u00fc\u00e7\u00fck rutin, sizi olas\u0131 bir hack vakas\u0131n\u0131n maliyetli kurtarma s\u00fcrecinden koruyacakt\u0131r.<\/p>\n<p>Sitenizin g\u00fcvenli\u011fine ad\u0131m atmak i\u00e7in bug\u00fcnden ba\u015flayabilece\u011finiz en somut \u00fc\u00e7 \u015fey: <strong>t\u00fcm yaz\u0131l\u0131m\u0131 g\u00fcncelleyin<\/strong>, <strong>iki ad\u0131ml\u0131 do\u011frulamay\u0131 a\u00e7\u0131n<\/strong> ve <strong>tam bir yedek alarak g\u00fcvenli bir konuma yedekleyin<\/strong>. Gerisi zaman i\u00e7inde in\u015fa edilir.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>WordPress, d\u00fcnyadaki web sitelerinin yakla\u015f\u0131k y\u00fczde k\u0131rk\u0131n\u0131 \u00e7al\u0131\u015ft\u0131ran en pop\u00fcler i\u00e7erik y\u00f6netim sistemidir. Bu pop\u00fclerlik beraberinde b\u00fcy\u00fck bir sald\u0131r\u0131 y\u00fczeyi de getirir: sald\u0131rganlar her g\u00fcn&#8230;<\/p>\n","protected":false},"author":1,"featured_media":1488,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[195,128],"tags":[235,243,239,233,234,241,244,236,242,238,237,240],"class_list":["post-1487","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ssl-guvenlik","category-wordpress","tag-wordpress-brute-force","tag-wordpress-dosya-izinleri","tag-wordpress-eklenti-guvenligi","tag-wordpress-guvenlik","tag-wordpress-hack-koruma","tag-wordpress-iki-adimli-dogrulama","tag-wordpress-malware-temizleme","tag-wordpress-sql-injection","tag-wordpress-wp-admin-koruma","tag-wordpress-xml-rpc","tag-wordpress-xss","tag-wp-config-guvenligi"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>WordPress&#039;te En Yayg\u0131n 10 G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve Korunma Y\u00f6ntemleri - Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri<\/title>\n<meta name=\"description\" content=\"WordPress sitelerinde en s\u0131k kar\u015f\u0131la\u015f\u0131lan 10 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, ger\u00e7ek sald\u0131r\u0131 senaryolar\u0131 ve her biri i\u00e7in ad\u0131m ad\u0131m korunma y\u00f6ntemleri tek rehberde.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/\" \/>\n<meta property=\"og:locale\" content=\"tr_TR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"WordPress&#039;te En Yayg\u0131n 10 G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve Korunma Y\u00f6ntemleri - Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri\" \/>\n<meta property=\"og:description\" content=\"WordPress sitelerinde en s\u0131k kar\u015f\u0131la\u015f\u0131lan 10 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, ger\u00e7ek sald\u0131r\u0131 senaryolar\u0131 ve her biri i\u00e7in ad\u0131m ad\u0131m korunma y\u00f6ntemleri tek rehberde.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/\" \/>\n<meta property=\"og:site_name\" content=\"Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-22T05:55:06+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-22T10:23:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/kolan.net.tr\/blog\/wp-content\/uploads\/2026\/05\/wordpress.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Kolan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Yazan:\" \/>\n\t<meta name=\"twitter:data1\" content=\"Kolan\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/\",\"url\":\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/\",\"name\":\"WordPress'te En Yayg\u0131n 10 G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve Korunma Y\u00f6ntemleri - Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri\",\"isPartOf\":{\"@id\":\"https:\/\/kolan.net.tr\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/kolan.net.tr\/blog\/wp-content\/uploads\/2026\/05\/wordpress.jpg\",\"datePublished\":\"2026-05-22T05:55:06+00:00\",\"dateModified\":\"2026-05-22T10:23:07+00:00\",\"author\":{\"@id\":\"https:\/\/kolan.net.tr\/blog\/#\/schema\/person\/6b0ce995fe69ff3a01d581574284c5de\"},\"description\":\"WordPress sitelerinde en s\u0131k kar\u015f\u0131la\u015f\u0131lan 10 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, ger\u00e7ek sald\u0131r\u0131 senaryolar\u0131 ve her biri i\u00e7in ad\u0131m ad\u0131m korunma y\u00f6ntemleri tek rehberde.\",\"breadcrumb\":{\"@id\":\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#breadcrumb\"},\"inLanguage\":\"tr\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#primaryimage\",\"url\":\"https:\/\/kolan.net.tr\/blog\/wp-content\/uploads\/2026\/05\/wordpress.jpg\",\"contentUrl\":\"https:\/\/kolan.net.tr\/blog\/wp-content\/uploads\/2026\/05\/wordpress.jpg\",\"width\":1200,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Anasayfa\",\"item\":\"https:\/\/kolan.net.tr\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"WordPress&#8217;te En Yayg\u0131n 10 G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve Korunma Y\u00f6ntemleri\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kolan.net.tr\/blog\/#website\",\"url\":\"https:\/\/kolan.net.tr\/blog\/\",\"name\":\"Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri\",\"description\":\"Bili\u015fimde G\u00fcncel Bilgi, G\u00fcvenilir \u00c7\u00f6z\u00fcmler\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kolan.net.tr\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"tr\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/kolan.net.tr\/blog\/#\/schema\/person\/6b0ce995fe69ff3a01d581574284c5de\",\"name\":\"Kolan\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"tr\",\"@id\":\"https:\/\/kolan.net.tr\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/76d181bb98c9f8342c086263856c43874e31a6d97aa6459f24daaa32284cd282?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/76d181bb98c9f8342c086263856c43874e31a6d97aa6459f24daaa32284cd282?s=96&d=mm&r=g\",\"caption\":\"Kolan\"},\"sameAs\":[\"https:\/\/kolan.net.tr\/blog\"],\"url\":\"https:\/\/kolan.net.tr\/blog\/author\/kolan\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"WordPress'te En Yayg\u0131n 10 G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve Korunma Y\u00f6ntemleri - Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri","description":"WordPress sitelerinde en s\u0131k kar\u015f\u0131la\u015f\u0131lan 10 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, ger\u00e7ek sald\u0131r\u0131 senaryolar\u0131 ve her biri i\u00e7in ad\u0131m ad\u0131m korunma y\u00f6ntemleri tek rehberde.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/","og_locale":"tr_TR","og_type":"article","og_title":"WordPress'te En Yayg\u0131n 10 G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve Korunma Y\u00f6ntemleri - Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri","og_description":"WordPress sitelerinde en s\u0131k kar\u015f\u0131la\u015f\u0131lan 10 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, ger\u00e7ek sald\u0131r\u0131 senaryolar\u0131 ve her biri i\u00e7in ad\u0131m ad\u0131m korunma y\u00f6ntemleri tek rehberde.","og_url":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/","og_site_name":"Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri","article_published_time":"2026-05-22T05:55:06+00:00","article_modified_time":"2026-05-22T10:23:07+00:00","og_image":[{"width":1200,"height":900,"url":"https:\/\/kolan.net.tr\/blog\/wp-content\/uploads\/2026\/05\/wordpress.jpg","type":"image\/jpeg"}],"author":"Kolan","twitter_card":"summary_large_image","twitter_misc":{"Yazan:":"Kolan"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/","url":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/","name":"WordPress'te En Yayg\u0131n 10 G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve Korunma Y\u00f6ntemleri - Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri","isPartOf":{"@id":"https:\/\/kolan.net.tr\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#primaryimage"},"image":{"@id":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#primaryimage"},"thumbnailUrl":"https:\/\/kolan.net.tr\/blog\/wp-content\/uploads\/2026\/05\/wordpress.jpg","datePublished":"2026-05-22T05:55:06+00:00","dateModified":"2026-05-22T10:23:07+00:00","author":{"@id":"https:\/\/kolan.net.tr\/blog\/#\/schema\/person\/6b0ce995fe69ff3a01d581574284c5de"},"description":"WordPress sitelerinde en s\u0131k kar\u015f\u0131la\u015f\u0131lan 10 g\u00fcvenlik a\u00e7\u0131\u011f\u0131, ger\u00e7ek sald\u0131r\u0131 senaryolar\u0131 ve her biri i\u00e7in ad\u0131m ad\u0131m korunma y\u00f6ntemleri tek rehberde.","breadcrumb":{"@id":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#breadcrumb"},"inLanguage":"tr","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/"]}]},{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#primaryimage","url":"https:\/\/kolan.net.tr\/blog\/wp-content\/uploads\/2026\/05\/wordpress.jpg","contentUrl":"https:\/\/kolan.net.tr\/blog\/wp-content\/uploads\/2026\/05\/wordpress.jpg","width":1200,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/kolan.net.tr\/blog\/wordpress-guvenlik-aciklari\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Anasayfa","item":"https:\/\/kolan.net.tr\/blog\/"},{"@type":"ListItem","position":2,"name":"WordPress&#8217;te En Yayg\u0131n 10 G\u00fcvenlik A\u00e7\u0131\u011f\u0131 ve Korunma Y\u00f6ntemleri"}]},{"@type":"WebSite","@id":"https:\/\/kolan.net.tr\/blog\/#website","url":"https:\/\/kolan.net.tr\/blog\/","name":"Kolan Bili\u015fim Teknolojileri | Blog - Dijital \u00c7\u00f6z\u00fcmler, Sunucu Y\u00f6netimi ve Teknoloji Haberleri","description":"Bili\u015fimde G\u00fcncel Bilgi, G\u00fcvenilir \u00c7\u00f6z\u00fcmler","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kolan.net.tr\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"tr"},{"@type":"Person","@id":"https:\/\/kolan.net.tr\/blog\/#\/schema\/person\/6b0ce995fe69ff3a01d581574284c5de","name":"Kolan","image":{"@type":"ImageObject","inLanguage":"tr","@id":"https:\/\/kolan.net.tr\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/76d181bb98c9f8342c086263856c43874e31a6d97aa6459f24daaa32284cd282?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/76d181bb98c9f8342c086263856c43874e31a6d97aa6459f24daaa32284cd282?s=96&d=mm&r=g","caption":"Kolan"},"sameAs":["https:\/\/kolan.net.tr\/blog"],"url":"https:\/\/kolan.net.tr\/blog\/author\/kolan\/"}]}},"_links":{"self":[{"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/posts\/1487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/comments?post=1487"}],"version-history":[{"count":1,"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/posts\/1487\/revisions"}],"predecessor-version":[{"id":1489,"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/posts\/1487\/revisions\/1489"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/media\/1488"}],"wp:attachment":[{"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/media?parent=1487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/categories?post=1487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kolan.net.tr\/blog\/wp-json\/wp\/v2\/tags?post=1487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}