I wanted to take a moment to discuss WordPress Security Plugins today. Yesterday during the Internet Marketing Night Cap Josh Alexander brought up some important points about protecting your WordPress blog from harm. It definitely got the attention of our listeners and I thought that you would want to know a few plugins that could help you with security. For a replay of the session go to the right hand side of this Blog under Blog Talk Radio and click on the most recent episode for the podcast.
Before we get started, I want to just point out that while these security features will definitely help your blog, but there is no way to make a site 100% safe from attack. These plugins just make it less likely for any attacks on your site to be successful. It is vitally important that you back up your site as well, so we will go into a few options for that as well with the plugins listed below.
5 WordPress Security Plugins
1. Secure WordPress- This plugin protects you from users who might not be authorized for full access from viewing or accessing your
different plugins, themes, and WordPress versions. It cleans up the look of your site to outside viewers, so they can not access sensitive information for your blog. Finally, this plugin removes different error messages when logging into the system. The reason why this is so important is that hackers can use that information to determine how to gain access to the back end of your blog.
2. BulletProof Security-Need a plugin that protects you against different hacking attempts. In the words of this plugin, ” BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.” In layman’s speak, your different files, programs, and databases that you use on WordPress are protected from hackers. Additionally, they also protect the .htacess file, which provides the decentralized directory for your WordPress blog.
3. WP Security Scan-Want to see if someone is trying something “hacking hinky” on your blog? Then WP Security Scan can help. As the name suggests, this plugin scans for WordPress vulnerabilities. A word of caution here: The ratings on this plugin were a 3 out of 5, which is the lowest of all the plugins on this list. Make sure to back up your blog before installing this plugin.
4. One-Time Password and Password Protect WordPress- While there are 674 variations of password protects for your WordPress blog, the right password protection is crucial for a lot of blog owners. Whether it is a page or the entire blog, creating a password gateway makes it harder for undesirables to enter your blog. The two listed here help you with creating one-time passwords for those who need one-time developer help (One-Time Password) or want to password protect their entire site (Password Protect WordPress). Please note that WordPress automatically comes with the ability to password protect each page as well.
5. Wp-Complete BackUp and WordPress Database Backup-We keep talking about backing up your blog. How do you do that? Well, there is not really a complete all-in-one solution, unless you download your blog through FTP. These backup plugins, however, provide a great start. Josh swears by WP-Complete and I have been using WordPress Database Backup in conjunction with WordPress Backup By BTE for years. Yoast is said to have a good option as well.
In the end, make sure that you use one of these programs along with their daily email back ups. I get my sent to me via email everyday. It is great. Additionally, I download my entire database once a month along with exporting all blog posts and pages under the Tools Export tab. Finally, I use my hosting services backup service as well. Godaddy and HostGator both have their own backup system on the back end of your hosting.
I know that WordPress security plugins can get a little dry, but having everything backed up can be a lifesaver. It means that you do not have to worry about what happens if all of your blog posts suddenly disappear or your site goes down, due to a malicious attack. I can also personally vouch that having the right security on your blog will prevent many sleepless nights. Find a few WordPress security plugins that work for you and let me know what you decide to do.
I use Better WP Security on several WP sites, sofar it’s doing a good job. I also us WP Antivirus, that checks for suspicious code. it’s a bit too trigger-happy, so it reports plenty of false positives, but it’s a good thing to have, in case somebody does end up messing up with code injection.
Igor,
I have never used WP Antivirus. Sounds like an interesting one to add to the mix.
Andy
Great info Andy, Security is very important with WordPress… I’ve had several of my sites hacked into in the past and had to really tighten up security.
Usually it’s higher traffic websites which get hit, but not always!