Is your WordPress Installation Secure?
The Internet as we know has its dark side, there are plenty of evil hackers and spammers out there who would love to get their hands on your blog or website and use it for their own dirty underhand tactics. Out of the box WordPress is a pretty secure installation but there are a good number of plugins you can install to make your WordPress website more secure and less at risk from attack.
There is a great article on WordPress.org about Hardening WordPress, I suggest you take a look at it.
I’ve also linked to the FAQ security on WordPress.org which gives you some insightful advice if your website is unfortunate enough to get hacked. If you are one of those clever developer type people, you might even want to report any security flaws or weakness you’ve spotted with a plugin or part of WordPress directly to the WordPress team.
Our Top Tip before you begin
If your pretty new to WordPress and not that technical I would strongly advise you to employ the services of a web developer who is experienced with WordPress to make sure your installation is properly secure and correctly setup.
Here are my Top 5 WordPress Plugins to add more steel to your security.
1. WP Security Scan
This great security plugin will perform a security scan of your WordPress installation and advise you on areas that are unsecured and could be improved further. After scanning your entire WordPress install it will suggest any potential security vulnerabilities like your passwords, database security, file permissions and admin security which may need addressing.
Another major benefit of this plugin is, it hides the version of your WordPress installation, meaning hackers will not know what version you are running making your site far more difficult to hack.
2. Invisible Defender
Simply this wicked plugin protects your registration, login and comment forms against nasty evil spambots by adding two extra fields hidden by CSS. This plugin combined with another spam protection plugin (see the bonus plugin at the end of the post) has given one of my sites 100% spam protection, which is a lovely feeling I can tell you!
For those stat hungry people, it has an option to show you stats in your WordPress Dashboard about how many spambots were blocked and blacklisted. If someone does try to force access to your comment, registration or login forms numerous times they will be eventually blacklisted through the plugin. Nice huh!
3. Secure WordPress
This plugin will help secure your WordPress installation by removing any erroneous items after the installation process left behind which may help those nasty hackers gain access.
It will also remove any error information from the login page. Also another additional benefit it adds a blank index.html file to the plug-in directory, should anyone try view it’s contents they will be viewing a blank page instead of the directories contents. Clever stuff!
4. WordPress Database Backup
There are a number of good backup plugins, but this one I’ve found to be the best. WordPress database backup, creates backups of your core WordPress tables as well as other tables of your choice in the same database.
I would strongly advise you backup regularly before updating WordPress or any plugins. Try do this process manually, I say this because I used a plugin before which automatically generated a backup file, unfortunately for me this plugin broke and ended up taking down my server by making too many duplicate backups which used up all my space on my server.
5. Stealth Login
This one has got to be my favourite out of the pick of the 5. This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login url on your homepage, you can create a url of your choice that can be easier to remember than wp-login.php, for example you could set your login url to http://www.myblog.com/login for an easy way to login to your website.
Extra Bonus Plugin
If you’ve read this post through you’d know I mentioned a bonus plugin that should work side by side with the Invisible Defender plugin for super spam protection.
The extra bonus plugin is WP Captcha Free.
WP Captcha-Free blocks automated comment spam without resorting to CAPTCHAs. It does so by validating a hash based on time (and some other parameters) using AJAX when the form is posted. Comments posted via automated means will not have a hash or will have an expired hash and will be rejected. Unlike using a captcha, this does not place any burden on the commenter.
About this Author
Illiya Vjestica is part of the blogging team at Frogsthemes.com, a regular WordPress user and serial blogger. He works as an online marketing consultant at Smartdog digital where he helps clients understand the benefits of using open source software such as WordPress.
