When we were covering best blogging platforms for your business, one of the advantages of Wordpress we mentioned wass that it has a big developer community which results in a variety of tools and plugins designed for the platform.
There’s no doubt that WordPress’s content is its most valuable asset. However, there are some steps you can take and some additional plugins you can install that can help you protect and secure that content. In this article we will focus on these steps and plugins and investigate their purposes and benefits.
There are a few principal steps you should regularly perform in order to ensure your site’s security. First of all, make sure to update WordPress along with its plugins whenever a patch has been released. Usually, when a patch is released, the improvements and security holes that it fixes are publicly announced, meaning that attackers will most likely try exploits on these vulnerabilities first, because there are many people who do not update their WordPress regularly.
Since we already stressed the importance of your content in WordPress, make sure you’ve backed it up properly. And not only that, you should also practice recovering from your backups and prepare a recovery procedure, because when you need to recover for real, you will most likely be very stressed and not thinking clearly enough to do it correctly without help.
Common advice for all of your applications is to use strong passwords – including an uppercase letter, lowercase letter, symbol, and a number. You may also consider the ability of WordPress to provide administration over SSL. More information is available here. And don’t forget to erase the default “admin” account. It’s definitely the first account that potential hackers would try. Create another administrative account and use it instead.
After you’ve covered these main steps, you should get to know the following great plugins for WordPress, available for download:
- BackWPUp - provides full backup functionality allowing you to send your backups to Amazon, Microsoft Azure, Dropbox and the like. It also allows you to optimize and check/repair your database.
- Better WP Security – identifies security holes in the WordPress environment and gives you the ability to automatically fix them.
- Ultimate Security Checker - explains security issues and then gives you the steps to address them.
- BulletProof Security - protects your site from SQL injection attacks and other code injections.
- Limit Login Attempts – guards against brute force attacks.
- Role Scoper - for least privilege purposes, allows you to limit the functions available to users of your site to only those that they need.
- Firewall 2 – a defense in depth approach, provides another level of defense besides the network firewall, the operating system firewall and the like. It might send email alerts when an attack is detected.
- AntiVirus – another defense in depth approach, fights viruses on your website.
- Wordfence Security - firewall and antivirus scanning in one plugin, attempts to protect against DDoS attacks by keeping track of the available disk space. It also monitors DNS for unauthorized access.
- Theme Authenticity Checker – checks themes for backdoors and other malicious code loading with a theme.
- TimThumb Vulnerability Scanner - checks and allows you to easily fix TimThumb code vulnerabilities. You can find more information about it here.
- Antispam Bee – fights spammers and provides dashboard view.
- Audit Trail - my personal favorite, gives you the ability to investigate where an attack came from and even to look for suspicious activity before it leads to an attack. It can keep track of all your users’ activities.
Did I miss your favorite plugin or another securing step for WordPress? Feel free to leave it as a comment. I appreciate it.