WordPress is one of the most popular website platforms available today. What once was only powering blogs, is now one of the most flexible website platforms period. In fact it is estimated that 22% of new websites are built with WordPress. If you work online, you almost assuredly have used
WordPress in some fashion.
One of the things about WordPress is that it is Open Source software, so anyone can get and view all of the code. The bad news - hackers can scour the code for vulnerabilities. The good news - 100s of really smart people are scouring the same code to find and fix those vulnerabilities first. More good
news is that people create plugins that help you secure your WordPress website more thoroughly.
This chapter will look at some of the plugins you can use, to give your WordPress website an extra layer of protection:
WP Security Scan - This plugin will scan your system and find potential vulnerabilities. It will then suggest fixes. It scans things like passwords, file permissions and database security.
AdminSSL - This plugin will force any of your pages that require an email, to be secure (https://) pages. Remember though, you need to have an private SSL certificate already installed on your website for this plugin to work.
TAC – Theme Authenticity Checker - This plugin will monitor any installed themes you have for malicious code. One thing that hackers and black-hat marketers do is offer free WordPress themes that include malicious code. This plugin will avoid that.
Login Lockdown - This plugin will monitor the IP addresses of anyone trying to login to your site, if it records a certain amount of failed attempts in a certain time frame, it will lock that IP address down. This helps avoid automated brute force attacks.
Hide Login - Hide Login will allow you to move your login page to an URL that is easier to remember and/or cryptic enough someone can’t guess it. This alone won’t secure your blog completely, but if someone does manage to hack your password, they may be stymied by not being able to find your login page.
BulletProof Security - From the WordPress Plugin Description: The BulletProof Security WordPress Security plugin is designed to be a fast, simple and one click security plugin to add .htaccess website security protection for your WordPress website. The BulletProof Security WordPress plugin is a one click security solution that creates, copies, renames, moves or writes to the provided BulletProof Security .htaccess master files. BulletProof Security protects both your Root website folder and wp-admin folder with .htaccess website security protection, as well as providing additional website security protection.
Akismet - The classic WordPress comment plugin. It comes with WordPress installations for a reason - it works and it is important. Activating this simple plugin will dramatically reduce the crappy SPAM comments you receive. Well it won’t reduce them, but it will handle them so you don’t have to.Antivirus - This plugin will monitor your WordPress site for malware, exploits and spam injection. Its runs daily.
BackupCreator (PAID) - This premium (paid) plugin is the perfect backup solution for your WordPress blog. It will allow you to easily backup and restore your entire WordPress installation.
These plugins won’t make your site impenetrable but it will make it much harder to successfully attack. WordPress is a powerful website platform, but it can be vulnerable to attack - use these plugins to eliminate those vulnerabilities.
No comments:
Post a Comment