With all the recent attacks recently, security is on the top of most people’s mind. There are some very simple things that you can do to make your blog less of a target.
First, how do blogs get hacked in the first place? Because of it’s design, there are many vulnerable areas in a WP site.In brief:
- Outdated plugins and themes
- Using plugins from unknown sources
- using an older version of WordPress
- Weak passwords
- using admin as your username
- insecure or incomplete installations
- leaving certain files on your server, such as the readme.html
- not removing your WP version from various areas on your site.
- keeping the default database prefix.
- and several other ways that we’ll cover another time.
Fortunately, WP has several plugins that make doing many of these security measures a breeze.
Here’s a list of my favorite ones
Login Lockdown ~ records the IP address of every failed login attempt. If more than a set number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel and admisitrators can release locked out IP ranges manually from the panel.
WP Secure ~ does a multitude of functions that used to have be done manually, such as:
upgrade to the last version of wordpress
check plugins that are out of date
Remove error information on login-page
Hide your wordpress version(frontend & dashboard)
Remove really simple discovery
Remove Windows Live Writer
Remove core update information
Remove plugin & theme update information
Add index.php for plugin directory which hides your plugins folder
Change the default admin username & tests the strength of your password
Restrict access to wp-config.php file, wp-includes & wp-content folders
Restrict wp-admin for only your Ip
–> Restrict access to wp-admin Manual
–> Check files and folder permissions
WP-MalWatch ~ is a scanner designed to help alert you when hackers have been at work inside your blog. WP Malwatch does not protect your blog, it only logs suspicious events and alerts you possible security breaches.
AntiVirus ~ scans your blog for exploits and spam injections and provides anti-virus protection for your blog. Although it’s a very useful plugin, many themes will show a false positive, because it doesn’t recognize some of the code that is used.
WordPress File Monitor ~ monitors your WP site for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address. Be aware that whenever a plugin updates, or creates any change, you will be notified.
There are many others out there. As I test them out, I will tell you what I think.
Look them over and choose the ones that you like best. I have them all installed and have not had any compatibility problems so far.