两款针对WildFire勒索软件的免费解密工具已上线（附工具下载和使用教程）
(window.slotbydup=window.slotbydup || []).push({
id: '2611110',
container: s,
size: '240,200',
display: 'inlay-fix'
您当前位置： &
[ 所属分类
作者 红领巾 ]
两款针对WildFire勒索软件的免费解密工具已上线（附工具下载和使用教程）
10:13:18 来源：softpedia 作者：WisFree
一、写在前面的话
根据国外媒体的最新报道，McAfee和卡巴斯基实验室发布了两款免费的解密工具。如果用户感染了WildFire（野火）勒索软件，用户就可以免费使用这两个解密工具来恢复被加密的文件了。
目前，用户可以访问NoMoreRansom网站来下载这两款解密工具。
－Intel-Security McAfee：［点我下载］
－卡巴斯基实验室：［点我下载］
注：NoMoreRansom网站是由卡巴斯基实验室、Intel-Security McAfee、荷兰警方、以及欧洲刑警组织的欧洲网络犯罪中心联合创办的。
二、关于WildFire勒索软件的那些事儿
安全研究专家于2016年4月中旬检测到了WildFire勒索软件，当时这款勒索软件的名字为“GNL”，随后更名为了“Zyklon”。直到五月底，这款勒索软件正式改名为“WildFire”，并一直沿用至今。
在今年六月至七月底这段时间里，WildFire的开发者开始通过大规模发送垃圾邮件的方式来传播这款勒索软件，其中大部分的感染用户均位于荷兰境内。
MalwareHunterTeam的安全研究专家在接受Softpedia的采访时表示，Wildfire勒索软件的恶意攻击活动一直持续到了八月份。根据Softpedia从MalwareHunterTeam那里获取到的数据来看，我们推测这款新型恶意软件变种背后的开发者应该为俄罗斯。
在其早期版本中，这款勒索软件当时的名字还是“Zyklon”。攻击者使用了形为“nlmail22”的活动ID，即“Netherlands mail [number]”，这个活动ID很可能是攻击者用来追踪不同的垃圾邮件活动所用的。在WildFire勒索软件中，攻击者还使用了不同的活动ID来标识被感染的用户。在最新版本的WildFire勒索软件样本中，这个活动ID变成了“email_spread_w27”，其中“w27”可能表示的是一种自增的标识符，即“WildFire 27th”。
三、Kelihos僵尸网络正在帮助传播WildFire勒索软件
分析结果显示，Kelihos僵尸网络很有可能正在帮助攻击者传播这一勒索软件。数据显示，当受害者的主机感染了WildFire之后，它便会不断尝试与exithub1.su，exithub2.su，exithub-pql.su和exithub-xuq.su这四个域名进行通信。下图显示的就是这些域名所接收到的请求数量：
其中绝大多数的感染报告均来自于荷兰用户。如果我们查看一下向这些域名发送请求的来源，我们就会发现其中有95%的请求都来自于荷兰。
四、别担心，WildFire会告诉你如何去支付赎金的
当用户的计算机感染了WildFire之后，它便会加密系统中的所有文件。随后，这款勒索软件会利用一个典型的“勒索软件通知页面”来通知用户。在这里有一个比较有意思的地方，该勒索软件的支付页面竟然同时采用了互联网和Tor网络来托管。通常情况下，恶意攻击者只会利用Tor来保持其匿名性，但是现在居然出现了这种情况。所以我们认为，要么是这个攻击者对托管该页面的系统太过自信了，要么就是“TA”根本不在乎匿名不匿名的问题。
五、荷兰警方已经收缴了WildFire勒索软件的C&C服务器
安全研究专家称，这款恶意软件在当初被发现的时候，外界普遍认为这一勒索软件是无法被解密的，因为它采用了非常健壮的加密机制。现在我们之所以能够获取到这两款解密工具，是因为当初WildFire的开发者决定注册荷兰域名，并使用荷兰境内的服务器来托管这一勒索软件。他们的这个决定很明显是一个错误的决定，这也就给予了安全研究专家们调查和分析这款勒索软件的机会。
卡巴斯基实验室的Jornt van der Wiel表示：“在这个案例中，我们与警方展开了密切的合作，我们目前已经收集到了大量十分有价值的数据。”利用这些数据，安全研究专家们成功开发出了两款免费的WildFire解密程序。除此之外，由于警方已经收缴了WildFire勒索软件的C&C服务器，安全研究人员就可以从中提取出服务器的统计数据。安全研究人员在对这些数据进行了分析之后发现，在过去的三十一天内，WildFire勒索软件总共感染了5309台计算机，其中有236名用户支付了数据赎金。WildFire的作者总共获益136个比特币，价值约为79000美金。
下图是卡巴斯基实验室所发布的解密工具，而McAfee发布的解密程序是一款命令行工具，对于非计算机科班出身的用户而言，可能就有些太过高端了。
六、解密工具的使用教程
（重要！）注意事项：请确保你已经彻底清除了系统中感染的WildFire勒索软件，否则在你将文件解密之后，它还是会重新锁定你的系统并加密你的文件。目前，大多数知名的反病毒软件都可以帮助你清除这款勒索软件，所以我们在此就不再进行赘述了。
（一）、卡巴斯基WildFire解密工具的使用教程－［工具下载］
1.使用类似7zip的解压工具打开并解压下载得到的WildfireDecryptor.zip文档。
2.双击鼠标左键，点击运行WildfireDecryptor.exe。
3.在Kaspersky Wildfire Decryptor解密工具的窗口中，选择一个需要进行扫描的文件夹：点击“Change parameters”（修改参数）按钮。
4.在“Settings”（设置）窗口中你可以看到“Objects to Scan”（扫描对象）标签，在下方选择需要扫描的磁盘驱动器。如果你需要在解密成功之后删除被加密的文件，你可以在“Additional options”（其他选项）中进行勾选。
5.设置完成之后，别忘了点击“OK”按钮。
6. 在Kaspersky Wildfire Decryptor解密工具的主窗口中，点击“Start scan”（开始扫描）按钮。
7.在“Specify the path to one of encrypted files”窗口中选择一个需要解密的文件，然后点击“Open”（打开）按钮。
8.扫描完成之后，你可以点击“details”选项来查看扫描任务的详细信息。
9.如果需要查看执行任务的历史记录，可以点击程序主窗口右上角的“Report”（报告）按钮来查看。
（二）、Intel-Security McAfee WildFire解密工具的使用教程－［工具下载］
这款由McAfee开发的WildFire解密程序是一个命令行工具，我们同样可以使用这款工具来恢复那些被WildFire勒索软件家族所加密的文件。
使用命令如下：
---------------
-e : -- extractid [File Path]（提取出用户ID）
-f : -- file [File Path]（设置需要解密的文件路径）
-h : -- help（在控制台中输出工具的帮助信息）
-p : -- password [Password File Path]（设置用于解密的密码文件）
-u : --userid [User ID]（设置用户ID，通过用户ID来定位解密密钥）
使用指导：
---------------
在使用这个工具之前，你必须获取到勒索软件样本所生成的用户ID。用户ID是一个由字母和数字组成的字符串（长度为10个字符），你可以在勒索软件显示给用户的警告信息中找到这部分信息。大多数情况下，这部分数据存储在一个文本文件中，该文件默认会存放在被感染主机的桌面上（例如“HOW_TO_UNLOCK_FILES_README_(2a321bd202).txt”）。当然了，你也可以通过工具提供的“提取命令”来自动提取出用户ID。命令如下所示：
&wildfiredecrypt.exe–eHOW_TO_UNLOCK_FILES_README_(2a321bd202).txt
1.将用户ID作为输入数据，运行下列命令：
&wildfiredecrypt.exe-u2a321bd202
运行之后，你将能够在控制台中看到一个URL输出数据。复制这个URL，将其拷贝到浏览器中，然后下载相关的文本文件。如果浏览器显示的是类似“404 file not found”或者“［Error］Cannot find file”这样的错误提示，那么就说明工具没有找到用于解密文件的私钥。
在我们的示例中，你已经下载好了私钥文件（2a321bd202.txt）。现在，你就可以运行另一个命令来解密文件了。我们假设你需要解密的文件是：
“2016Taxes#WildFire_Locker#3615a1##.pdf.wflx"
2.运行下列命令，将你的私钥文件和需要解密的文件作为命令参数：
&wildfiredecrypt.exe-p2a321bd202.txt-f“2016Taxes#WildFire_Locker#3615a1##.pdf.wflx”
解密工具将会尝试恢复出文件的内容和原始文件名。如果文件解密成功，解密工具将会把恢复出的文件保存在相同的文件夹内。 本文转载自 softpedia原文链接：/news/two-free-decrypters-available-f
本文业界资讯相关术语:网络安全论文 网络安全密钥 网络安全工程师 网络安全技术与应用 网络安全概念股 网络安全知识 网络安全宣传周 网络安全知识竞赛 网络安全事件
转载请注明本文标题：本站链接：
分享请点击：
1.凡CodeSecTeam转载的文章,均出自其它媒体或其他官网介绍,目的在于传递更多的信息,并不代表本站赞同其观点和其真实性负责；
2.转载的文章仅代表原创作者观点,与本站无关。其原创性以及文中陈述文字和内容未经本站证实,本站对该文以及其中全部或者部分内容、文字的真实性、完整性、及时性，不作出任何保证或承若；
3.如本站转载稿涉及版权等问题,请作者及时联系本站,我们会及时处理。
登录后可拥有收藏文章、关注作者等权限...
成功更容易光顾磨难和艰辛，正如只有经过泥泞的道路才会留下脚印！
手机客户端
，专注代码审计及安全周边编程，转载请注明出处：http://www.codesec.net
转载文章如有侵权，请邮件 admin[at]codesec.net战网桌面客户端battle for mac使用方法_百度文库
两大类热门资源免费畅读
续费一年阅读会员，立省24元！
战网桌面客户端battle for mac使用方法
上传于||文档简介
&&w​o​w​ ​魔​兽​世​界​ ​熊​猫​人​ ​魔​兽. ​魔​兽. ​b​a​t​t​l​e​.​n​e​t​ ​战​网​桌​面​客​户​端
阅读已结束，如果下载本文需要使用0下载券
想免费下载更多文档？
定制HR最喜欢的简历
你可能喜欢来自WordPress中文文档
（重定向自）
includeonlydiv style=clear: background-color:#FAEBD7; border:1px solid #CCCCCC; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:This page is
as incomplete. You can
Codex by ./div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
includeonlydiv style=clear: background-color:#FFDCDC; border:1px solid #bb0011; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:WARNING: 在您编辑这个页面之前/div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
span style=display:width:87%;padding-right:5padding-left:1border-left:1px solid #bb0011;margin-left:1请不要把您自己服务器的配置信息复制到这个 Codex 页面上，因为那会使所有人都能轻易访问您的服务器。谢谢！/span
作为 WordPress ***过程的一部分，您需要修改 wp-config.php 文件，配置 WordPress 访问 MySQL 数据库所必需的信息等内容。
wp-config.php 一开始是不存在于 WordPress 中的，您需要自己创建。请参照 wp-config-sample.php 文件样本来进行创建。高级设定及示例会在后文中说明。
要对 wp-config.php 文件做修改，您需要如下信息：
数据库名称  WordPress 所使用的数据库名称
数据库用户名  访问数据库所需的用户名
数据库密码  用户名对应的用以访问数据库的密码
数据库主机  数据库服务器的主机名称
如果您的主机供应商已为您***好了 WordPress 的话，可以向他们索要相关信息。如果你是自己配置的或主机帐号的话，就需要来获取以上这些信息了。
includeonlydiv style=clear: background-color:#EEEEFF; border:1px solid #CCCCCC; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:This article is
as in need of editing. You can
Codex by ./div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
重要：千万不要使用如Microsoft Word类型的文字处理程序来编辑WordPress文件！
在WordPress目录的基础目录下找到onlyincludecode/code/onlyinclude
div class=template-description style=padding: 0 1.5 border: 1px solid # background-color: #f9f9f9
Link to the source code on .
(option) path to codetag/code (version) or codetrunk/code. This option is only used for a new function.br /Default: codetrunk/code --
is the latest bleeding edge development version of WordPress.
Link to the stable version:
pre检查到模板循环：/pre
Link to trunk:
pre检查到模板循环：/pre
文件，并使用（text editor）打开。
includeonlydiv style=clear: background-color:# border:1px solid #c6d9e9; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:NOTE: 从2.6版开始，WordPress应用程序目录的上级目录中。/div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
这是默认的onlyincludecode/code/onlyinclude
div class=template-description style=padding: 0 1.5 border: 1px solid # background-color: #f9f9f9
Link to the source code on .
(option) path to codetag/code (version) or codetrunk/code. This option is only used for a new function.br /Default: codetrunk/code --
is the latest bleeding edge development version of WordPress.
Link to the stable version:
pre检查到模板循环：/pre
Link to trunk:
pre检查到模板循环：/pre
文件，你需要将该文件中的默认数值替换为你的数据库设定。
// ** MySQL settings - You can get this info from your web host ** //br
/** The name of the database for WordPress */br
define('DB_NAME', 'putyourdbnamehere');
/** MySQL database username */br
define('DB_USER', 'usernamehere');
/** MySQL database password */br
define('DB_PASSWORD', 'yourpasswordhere');
/** MySQL hostname */br
define('DB_HOST', 'localhost');
includeonlydiv style=clear: background-color:# border:1px solid #c6d9e9; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:NOTE: Text inside /* */ are , for information purposes only./div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
includeonlydiv style=clear: background-color:# border:1px solid #c6d9e9; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:NOTE: 编辑这个页面时，请不要使用您自己服务器的配置。/div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
将putyourdbnamehere替换为你的数据库名称，比如：MyDatabaseName
define('DB_NAME', 'MyDatabaseName'); // Example MySQL database name
将usernamehere替换为你的用户名，比如：MyUserName。
define('DB_USER', 'MyUserName'); // Example MySQL username
将yourpasswordhere替换为你的密码，比如：MyPassWord。
define('DB_PASSWORD', 'MyPassWord'); // Example MySQL password
将localhost替换为你的数据库主机，比如：MyDatabaseHost。
define('DB_HOST', 'MyDatabaseHost'); // Example MySQL Database host
includeonlydiv style=clear: background-color:# border:1px solid #c6d9e9; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:NOTE: 基本上说来你是无需修改此项的。如果你不确定的话，可以使用默认值'localhost'进行***，然后看看是否可行。如果没有成功，请联系你的网络主机供应商。/div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
不同的主机供应商会对mysql使用不同的网络设定。如果在下表左侧能找到你的主机供应商的话，那么右侧就是DB_HOST较准确的值了。你可以联系相关技术支持和/或查找你所使用的主机供应商的在线资料进行进一步确认。
Hosting Company
DB_HOST Value Guess
AN Hosting
A Small Orange
h41mysql52.secureserver.net
localhost:/tmp/mysql5.sock
LaughingSquid
MediaTemple GridServer
internal-db.
pair Networks
Hosts with cPanel
Hosts with Plesk
Hosts with DirectAdmin
Tophost.it
sql.your-domain-name.it
如果你的主机为数据库使用备用端口的话，就需要修改wp-config.php中的DB_HOST值以反映出主机备用端口设置。
对localhost
define('DB_HOST', 'localhost:3307');
define('DB_HOST', ':4454');
WordPress 中，DB_CHARSET可用，以允许数据库的标识（如TIS620 Thai，tis620）在定义MySQL数据库表时被使用。
在你尚未完全理解修改utf8( ) 默认值所带来的后果之前，不应做任何修改。请注意UTF-8支持着诸多欧洲语言，因此将为utf8的设置放着别动，而应为你的语言使用合适的DB_COLLATE值。
此例表明WordPress默认值的utf8：
define('DB_CHARSET', 'utf8');
includeonlydiv style=clear: background-color:#FFDCDC; border:1px solid #bb0011; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:WARNING: 对于执行新***的用户/div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
span style=display:width:87%;padding-right:5padding-left:1border-left:1px solid #bb0011;margin-left:1一般说来不应修改DB_CHARSET的默认值。如果你的博客需要使用不同的字符集，请阅读以明确有效的DB_CHARSET值。/span
includeonlydiv style=clear: background-color:#FFDCDC; border:1px solid #bb0011; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:WARNING:
对于执行升级的用户（尤其是对那些2.2之前的博客系统）/div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
span style=display:width:87%;padding-right:5padding-left:1border-left:1px solid #bb0011;margin-left:1如果wp-config.php文件中不存在DB_CHARSET和DB_COLLATE的话，请勿向wp-config.php添加定义，除非你已阅读并理解数据库。对于已存在的博客，向wp-config.php文件添加DB_CHARSET和DB_COLLATE会出不少问题。/span
WordPress中，DB_COLLATE可用，以允许数据库（即字符集的排序次序）。大多数情况下，此值应留空（null），这样数据库排序才能被MySQL字段分配，这是基于DB_CHARSET所指定的数据库字符集之上的。将DB_COLLATE设为中定义的某个UTF-8值。
WordPress的默认DB_COLLATE值：
define('DB_COLLATE', );
UTF-8 Unicode一般排序
define('DB_COLLATE', 'utf8_general_ci');
UTF-8 Unicode 土耳其语排序
define('DB_COLLATE', 'utf8_turkish_ci');
includeonlydiv style=clear: background-color:#FFDCDC; border:1px solid #bb0011; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:WARNING: 对于执行新***的用户/div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
span style=display:width:87%;padding-right:5padding-left:1border-left:1px solid #bb0011;margin-left:1一般不应修改DB_COLLATE的默认值。将其留空（null）能保证在数据库表格被创建时，排序能自动为MySQL所分派。/span
includeonlydiv style=clear: background-color:#FFDCDC; border:1px solid #bb0011; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:WARNING: 对于执行升级的用户（尤其是对那些2.2之前的博客系统）/div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
span style=display:width:87%;padding-right:5padding-left:1border-left:1px solid #bb0011;margin-left:1如果wp-config.php文件中不存在DB_CHARSET和DB_COLLATE的话，请勿向wp-config.php添加定义，除非你已阅读并理解数据库字符集转换。而你还可能需要升级WordPress。/span
从开始，存在3种安全密钥，AUTH_KEY，SECURE_AUTH_KEY和LOGGED_IN_KEY，它们能够保证用户cookies中的信息得到更好的加密。在中引入了第四种密钥，NONCE_KEY。
你无需记住这些密钥，只要保证它们越长越复杂越好，你可以使用。
define('AUTH_KEY', ':dr+%/5V4sAUG-gg%aS*v;&xGhd%{YKC^Z7KKGh j&k[.Nf$y7iGKdJ3c*[Kr5Bg');
define('SECURE_AUTH_KEY', 'TufWOuA _.t&#+hA?^|3RfGTm&@*+S=8\"\'+\"}]&m#+}V)p:Qi?jXLq,&h\\`39m_(');
define('LOGGED_IN_KEY', 'S~AACm4h1;T^\"qW3_8Zv!Ji=y|)~5i63JI |Al[(&YS&2V^$T])=8Xh2a:b:}U_E');
define('NONCE_KEY', 'k1+EOc-&w?hG8j84&6L9v\"6C89NH?ui{*3\\(t09mumL/fFP_!K$JCEkLuy ={x{0');
密钥是一种加入到密码中的干扰信息，用于提高您站点以及帐号的安全性。
简单来说，密钥就是一种用于增加密码强度、抗暴力破解的安全机制。例如 "password" 或 "test" 这类的密码很容易会被猜解出来。但像 "88a7da6cb3c76a09641fc" 这种没有规律的密码，则需要很多年的时间才能猜测出来。
更多关于密钥和密码安全的技术细节，可参见以下资源列表：
以下的部分可能包含高级的或者不成熟的信息，在正式使用前，请先确保你已经执行并且了解如何恢复系统。
$table_prefix是被放在你的数据库表格前面部分的设定值， 数据库前缀的设置对提高你的站点安全以及在同一数据库中***多个WordPress站点都非常有用，通过改变默认值“wp_” 为随机独一的值，可减轻站点受攻击的可能性，总体上提高你的网站安全性。
// 你可以将多个博客***到同一个数据库，如果你为它们设置不同的前缀。
$table_prefix
= 'r235_';
// Only numbers, letters, and underscores please!
在同一个数据库上***第二个博客的时候，可以通过指定不同的前缀来***。
$table_prefix
// Only numbers, letters, and underscores please!
WP_SITEURL, defined since WordPress , allows the WordPress address (URL) to be defined.
The valued defined is the address where your WordPress core files reside.
It should include the http:// part too.
Do not put a slash "/" at the end.
Setting this value in wp-config.php overrides the
value for siteurl and disables the WordPress address (URL) field in the
includeonlydiv style=clear: background-color:# border:1px solid #c6d9e9; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:NOTE: It won't change the Database value though, and the url will revert to the old database value if this line is removed from wp-config.
to change the siteurl value in the database./div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
If WordPress is installed into a directory called "wordpress" for the
, define WP_SITEURL like this:
define('WP_SITEURL', ');
Dynamically set WP_SITEURL based on $_SERVER['HTTP_HOST']
define('WP_SITEURL', ' . $_SERVER['HTTP_HOST'] . '/path/to/wordpressp');
includeonlydiv style=clear: background-color:# border:1px solid #c6d9e9; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:NOTE: A safer alternative for some installations would be to use the server-generated SERVER_NAME instead of the php/user-generated HTTP_HOST which is created dynamically by php based on the value of the HTTP HOST Header in the request, thus possibly allowing for file inclusion vulnerabilities.
SERVER_NAME is set by the server configuration and is static./div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
Dynamically set WP_SITEURL based on $_SERVER['SERVER_NAME']
define('WP_SITEURL', ' . $_SERVER['SERVER_NAME'] . '/path/to/wordpressp');
WP_HOME is another wp-config.php option added in WordPress . Similar to WP_SITEURL, WP_HOME overrides the
value for home but does not change it permanently. home is the address you want people to type in their browser to reach your WordPress blog. It should include the http:// part and should not have a slash "/" at the end.
define('WP_HOME', ');
If you are using the technique described in
then follow the example below.
Remember, you will also be placing an index.php in your web-root directory if you use a setting like this.
define('WP_HOME', ');
Dynamically set WP_HOME based on $_SERVER['HTTP_HOST']
define('WP_HOME',
' . $_SERVER['HTTP_HOST'] . '/path/to/wordpress');
Since , you can move the wp-content directory, which holds your themes, plugins, and uploads, outside of the WordPress application directory.
Set WP_CONTENT_DIR to the full local path of this directory (no trailing slash), e.g.
define( 'WP_CONTENT_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content' );
Set WP_CONTENT_URL to the full URI of this directory (no trailing slash), e.g.
define( 'WP_CONTENT_URL', ');
Set WP_PLUGIN_DIR to the full local path of this directory (no trailing slash), e.g.
define( 'WP_PLUGIN_DIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' );
Set WP_PLUGIN_URL to the full URI of this directory (no trailing slash), e.g.
define( 'WP_PLUGIN_URL', ');
If you have compability issues with plugins
Set PLUGINDIR to the full local path of this directory (no trailing slash), e.g.
define( 'PLUGINDIR', $_SERVER['DOCUMENT_ROOT'] . '/blog/wp-content/plugins' );
When editing a post, WordPress uses Ajax to auto-save revisions to the post as you edit.
You may want to increase this setting for longer delays in between auto-saves, or decrease the setting to make sure you never lose changes.
The default is 60 seconds.
define('AUTOS***E_INTERVAL', 160 );
// seconds
在默认情况下，WordPress将会自动为您保存编辑中的文章和页面，允许您恢复文章和页面的各个版本。此功能可以通过修改参数禁用，您也可以指定自动保存草稿数量的最大参数。
如果您 没有设置 这个参数, WordPress默认WP_POST_REVISIONS为 true (默认开启文章修订功能). 如果您想关闭自动保存功能,请参考使用以下代码:
define('WP_POST_REVISIONS', false );
If you want to specify a maximum number of revisions, change false to an integer/number (e.g., 3 or 5).
define('WP_POST_REVISIONS', 3);
The domain set in the cookies for WordPress can be specified for those with unusual domain setups.
One reason is if . To prevent WordPress cookies from being sent with each request to static content on your subdomain you can set the cookie domain to your non-static domain only.
define('COOKIE_DOMAIN', '');
The WP_DEBUG option, added in WordPress , controls the display of some errors and warnings. If this setting is absent from wp-config.php, then the value is assumed to be false.
includeonlydiv style=clear: background-color:# border:1px solid #c6d9e9; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:NOTE: The true and false values in the example are not set in apostrophes (') because they are boolean values./div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
define('WP_DEBUG', true);
define('WP_DEBUG', false);
Additionally, if you are planning on modifying some of WordPress' built-in JavaScript, you should enable the following option:
define('SCRIPT_DEBUG', true);
This will allow you to edit the scriptname.dev.js files in the wp-includes/js and wp-admin/js directories.
. In earlier versions, database errors were always printed. (Database errors are handled by the wpdb class and are not affected by .)
In WordPress version 2.5, setting WP_DEBUG to true also raises the
to E_ALL and activates warnings when deprecated functio otherwise, WordPress sets the error reporting level to E_ALL ^ E_NOTICE ^ E_USER_NOTICE.
To result in a faster administration area, all Javascript files are
into one URL. If Javascript is failing to work in your administration area, you can try disabling this feature:
define('CONCATENATE_SCRIPTS', false);
Because wp-config.php is loaded for every page view not loaded from a cache file, it is an excellent location to set php ini settings that control your php installation.
This is useful if you don't have access to a php.ini file, or if you just want to change some settings on the fly.
Here is an example that turns php error_logging on and logs them to a specific file.
If WP_DEBUG is defined to true, the errors will also be saved to this file.
Just place this above any require_once or include commands.
@ini_set('log_errors','On');
@ini_set('display_errors','Off');
@ini_set('error_log','//logs/php_error.log');
/* That's all, stop editing! Happy blogging. */
Also released with , the WP_MEMORY_LIMIT option allows you to specify the maximum amount of memory that can be consumed by PHP.
This setting may be necessary in the event you receive a message such as "Allowed memory size of xxxxxx bytes exhausted".
This setting increases PHP Memory only for WordPress, not other applications.
By default, WordPress will attempt to increase memory allocated to PHP to 32MB (code is at beginning of wp-settings.php), so the setting in wp-config.php should reflect something higher than 32MB.
Please note, this setting may not work if your host does not allow for increasing the PHP memory limit--in that event, contact your host to increase the PHP memory limit. Also, note that many hosts set the PHP limit at 8MB.
Increase PHP Memory to 64MB
define('WP_MEMORY_LIMIT', '64M');
Increase PHP Memory to 96MB
define('WP_MEMORY_LIMIT', '96M');
The WP_CACHE setting, if true, includes the wp-content/advanced-cache.php script, when executing wp-settings.php.
define('WP_CACHE', true);
CUSTOM_USER_TABLE and CUSTOM_USER_META_TABLE are used to designated that the user and usermeta tables normally utilized by WordPress are not used, instead these values/tables are used to store your user information.
define('CUSTOM_USER_TABLE', $table_prefix.'my_users');
define('CUSTOM_USER_META_TABLE', $table_prefix.'my_usermeta');
WPLANG defines the name of the language translation (.mo) file.
LANGDIR defines what directory the WPLANG .mo file resides.
If LANGDIR is not defined WordPress looks first to wp-content/languages and then wp-includes/languages for the .mo defined by WPLANG file.
define('WPLANG', 'de_DE');
define('LANGDIR', 'mylanguagedirectory');
The S***EQUERIES definition saves the database queries to a array and that array can be displayed to help analyze those queries.
The information saves each query, what function called it, and how long that query took to execute.
includeonlydiv style=clear: background-color:# border:1px solid #c6d9e9; color:#000000; padding:7 margin:0.5em auto 0.5 vertical-align:NOTE: This will have a performance impact on your site, so make sure to turn this off when you aren't debugging./div/includeonlynoinclude
This Template is used by .
检查到模板循环：
检查到模板循环：
/noinclude
First, put this in wp-config.php:
define('S***EQUERIES', true);
Then in the footer of your theme put this:
if (current_user_can('administrator')){
echo &&pre&&;
print_r($wpdb-&queries);
echo &&/pre&&;
The FS_CHMOD_DIR and FS_CHMOD_FILE define statements allow override of default file permissions.
These two variables were developed in response to the problem of the core update function failing with hosts (e.g.
some Italian hosts) running under suexec.
If a host uses restrictive file permissions (e.g. 400) for all user files, and refuses to access files which have group or world permissions set, these definitions could solve the problem.
Note that the '0755' is an octal value and is not delineated with single quotes (').
define('FS_CHMOD_DIR', (0755 & ~ umask()));
define('FS_CHMOD_FILE', (0644 & ~ umask()));
To enable SSH2 as an upgrade option you will need to install the pecl SSH2 extension.
To install this library you will need to issue a command similar to the following or talk to your web hosting provider to get this installed:
pecl install ssh2
After installing the pecl ssh2 extension you will need to modify your php configuration to automatically load this extension.
pecl is provided by the pear package in most linux distributions.
To install pecl in Redhat/Fedora/CentOS:
yum -y install php-pear
To install pecl in Debian/Ubuntu:
apt-get install php-pear
These methods for the WordPress core, plugin, and theme upgrades try to determine the WordPress path, as reported by PHP, but symlink trickery can sometimes 'muck this up' so if you know the paths to the various folders on the server, as seen via your FTP user, you can manually define them in the wp-config.php file.
The following are valid constants for FTP/SSH updates:
FS_METHOD forces the filesystem method. It should only be "direct", "ssh", "ftpext", or "ftpsockets".
FTP_BASE is the full path to the "base" folder of the WordPress installation.
FTP_CONTENT_DIR is the full path to the wp-content folder of the WordPress installation.
FTP_PLUGIN_DIR is the full path to the plugins folder of the WordPress installation.
FTP_PUBKEY is the full path to your SSH public key.
FTP_PRIKEY is the full path to your SSH private key.
FTP_USER is either user FTP or SSH username.
Most likely these are the same, but use the appropriate one for the type of update you wish to do.
FTP_PASS is the password for the username entered for FTP_USER.
If you are using SSH public key authentication this can be omitted.
FTP_HOST is the hostname:port combination for your SSH/FTP server.
The standard FTP port is 21 and the standard SSH port is 22.
FTP_SSL TRUE for SLL-connection.
define('FS_METHOD', 'ftpext');
define('FTP_BASE', '/path/to/wordpress/');
define('FTP_CONTENT_DIR', '/path/to/wordpress/wp-content/');
define('FTP_PLUGIN_DIR ', '/path/to/wordpress/wp-content/plugins/');
define('FTP_PUBKEY', '/home/username/.ssh/id_rsa.pub');
define('FTP_PRIKEY', '/home/username/.ssh/id_rsa');
define('FTP_USER', 'username');
define('FTP_PASS', 'password');
define('FTP_HOST', 'ftp.example.org:21');
define('FTP_SSL', false);
It is recommended to use a private key that is not pass phrase protected.
There have been numerous reports that pass phrase protected private keys do not work properly.
If you decide to try a pass phrase protected private key you will need to enter the pass phrase for the private key as FTP_PASS.
If you're still not clear on how to use SSH for upgrading or installing WordPress/plugins, .
Use this, for example, if scheduled posts are not getting published.
According to , "this alternate method uses a redirection approach, which makes the users browser get a redirect when the cron needs to run, so that they come back to the site immediately while cron continues to run in the connection they just dropped. This method is a bit iffy sometimes, which is why it's not the default."
define('ALTERNATE_WP_CRON', true);
Here are additional constants that can be defined, but probably shouldn't be.
The Cookie definitions are particularly useful if you have an unusual domain setup.
define('COOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('home') . '/' ) );
define('SITECOOKIEPATH', preg_replace('|https?://[^/]+|i', '', get_option('siteurl') . '/' ) );
define('ADMIN_COOKIE_PATH', SITECOOKIEPATH . 'wp-admin' );
define('PLUGINS_COOKIE_PATH', preg_replace('|https?://[^/]+|i', '', WP_PLUGIN_URL)
define('TEMPLATEPATH', get_template_directory());
define('STYLESHEETPATH', get_stylesheet_directory());
define('DISABLE_WP_CRON', true);
Added with , this constant controls the number of days before WordPress permanently deletes posts, pages, attachments, and comments, from the trash bin.
The default is 30 days:
define('EMPTY_TRASH_DAYS', 30 );
// 30 days
To disable trash set the number of days to zero.
Note that WordPress will not ask for confirmation when someone clicks on "Delete Permanently".
define('EMPTY_TRASH_DAYS', 0 );
// zero days
Added with , there is automatic database optimization support, which you can enable by adding the following define to your wp-config.php file only when the feature is required
define('WP_ALLOW_REPAIR', true);
The script can be found at {$your_site}/wp-admin/maint/repair.php
Please Note: That this define enables the functionality, The user does not need to be logged in to access this functionality when this define is set. This is because its main intent is to repair a corrupted database, Users can often not login when the database is corrupt.
Php has a function that returns an array of all the currently defined constants with their values.
print_r(@get_defined_constants());
Be sure to check for leading and/or trailing spaces around any of the above values you entered, and DON'T delete the single quotes!
Before you save the file, be sure to double-check that you have not accidentally deleted any of the single quotes around the parameter values. Be sure there is nothing after the closing PHP tag in the file. The last thing in the file should be ?& and nothing else. No spaces.
To save the file, choose File & Save As & wp-config.php and save the file in the root of your WordPress install. Upload the file to your web server and you're ready to install WordPress!