Blog security is a must. WordPress is wonderful. It’s only fault is that it’s too easy to lose. Millions of blogs and websites use WordPress one way or another, and a lot of users attract a lot of hackers to insert their adware, spyware and malware. Horror stories about people losing their whole blog because of this abound.
Don’t panic. Just harden your blog security. Here are the best security plugins and tips to keep your blog clean and safe from hackers.
Secure Your Login: Make it impossible for hackers to just traipse into your blog.
The login is the biggest door for the bad guys. It’s wide open. Close it, lock it, shield it. Always use strong passwords. These plugins create a steel door against attackers.
Always listed in Top and Best lists, this plugin adds multiple layers of security to your blog without messing with your database.
Also raved about by its thousands of users, this is a premium WordPress security plugin that protects your login system with a two-factor authentication.
Overall Protection: Your Options for “Set It and Forget It” Security Plugins
Monitor and remove vulnerabilities and protect your blog against malicious code, spam injections, malware and viruses, and other nightmares.
For a quick-compare of the most important security features, look at the table. For a comprehensive review of what each of these plug-ins has got to offer, look at the lists. Look some more and read reviews (like I did!). That’s how you find what’s best for you and your blog.
- anti-virus scanning for all files, WP core, themes and plugins
- malicious code scanner
- live traffic monitor
- crawlers and firewalls for blocking unknown threats
- monitors your DNS security for unofficial DNS changes
- comment spam filters (paid)
- country blocking (paid)
- remote scanning (paid)
- blocks bruteforce attack
- two-factor authentication
- blocks fake traffic, botnet and scanners
- scans your hosting for known backdoors including C99, R57, etc. and notifies you by email
- supports multi-site
- One-Click Setup Wizard
- jQuery UI Dialog Form Uninstall Options: BPS Pro upgrade uninstallation or complete BPS plugin uninstallation
- .htaccess Website Security Protection (Firewalls)
- Login Security & Monitoring
- Idle Session Logout (ISL)
- Auth Cookie Expiration (ACE)
- DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups
- DB Backup Logging
- DB Table Prefix Changer
- Security Logging
- HTTP Error Logging
- FrontEnd|BackEnd Maintenance Mode
- UI Theme Skin Changer (3 Theme Skins)
A new name (at least for me!), but quite good.
- a popular auto-fix protection for your WordPress site
- protects your website from hackers
- offers rule-based protection for your website
- keeps the security of your website up to date.
- security scanner against SQL injection, cross-site scripting, CSRF, directory traversal, remote file including DOS attack and other OWASP top ten security vulnerabilities
- applies auto-fix when it detects vulnerabilities (via auto-fix server-side agent solution)
- automatic malware fix for malware related issues on your website
- sends email notifications if there is anything serious in your website
- created by well-known website security and auditing company Sucuri
- security activity auditing
- file integrity monitoring
- malware scanning
- blacklist monitoring
- website firewall
- incorporates various blacklist engines including Google Safe Browsing, Sucuri Labs, Norton, McAfee Site Advisor
- protects your website from DOS attack, Zero Day Disclosure Patches, bruteforce attacks and other scanner attacks
- keeps log of all activities and keep these logs safe in the Sucuri cloud. Even if an attacker breaks through, your security logs are safe within Sucuri’s security center
- one-click installation
- fixes various common security holes in your website
- tracks registered users’ activity
- two-factor authentication
- import/export settings
- password expiration
- malware scanning
- prevents bruteforce attacks
- bans IP addresses which try to bruteforce
- forces users to use secure passwords and also forces SSL for admin area in server support (Note: GeoIP banning feature is not available as yet)
- integrates Google reCAPTCHA to prevent comment spam on your website
- well-known company like Sucuri
- security scanning tool for vulnerabilities in web applications
- suggests measures to improve the security
- file permission security
- version hiding
- admin protection
- removes WP generator tag from source
- database security
- removes all information from the source code that makes your blog vulnerable
- offers a database backup tool to take a backup of your website
- live traffic monitoring
- checks vulnerabilities in your WordPress website
- easy to use
- protects against bruteforce login attack and locks down if someone tries to bruteforce
- sends you an email notification if somebody gets locked out due to failed login attempts
- enforces a strong password
- monitors the account activity of all users and keeps track of username, IP and login date times
- automatic backup scheduling
- protects PHP code by disabling admin area editing
- adds a web application firewall in your website and enables 5G Blacklist to prevent various attacks
- denies bad query strings, prevent XSS, CSRF, SQL injection, malicious bots and other security threats
- file and WP system scanning
- detects malicious code
- blocks and protects against comment spam
Essential Techniques for Blog Security
Use this checklist to make sure you’re doing all the right things and avoiding all the bad things to keep your blog secure and safe from attack.
- Always keep your WordPress installation up to date.
- Do NOT publish what your WP version is.
- Install a plugin that has login security and overall blog security measures.
- Always keep plugins and themes up to date to take advantage of security fixes.
- Download themes and plugins ONLY from trusted sources. Downloading just anywhere is how you get malware and unwittingly install backdoors.
- Rename your administrator username. “Admin” makes a hacker’s job half done. They no longer have to enter your username and only need to bruteforce their way in!
- Always use a strong password for your WordPress account. It has to have numerals, symbols and letters in a mix of capitals and lowercase. Generate one using any of the following tools:
- Protect your “wp-admin” folder:
- Backup and maintain your backups!
- Hide your directories.
- Place this code inside your .htaccess file:
- # Prevent folder browsing
Options All -Indexes
Now don’t live in fear of worst-case scenarios. Just protect and backup and you’re good. Remember, everything is vulnerable to hackers. That’s just the small downside that doesn’t make a dent on the many benefits of the worldwide web! Don’t let it stop you from enjoying blogging!