Home > Blogging, WordPress > Best Security Plugins For WordPress – Improve WordPress Security

Best Security Plugins For WordPress – Improve WordPress Security

by DiTesco on March 6, 2012

wordpress security plugins 2012
413 Flares 413 Flares ×

Some of you may already know the importance of keeping your WordPress business site as secured as possible. Sadly there are many reasons why your site can get attacked and it could come from a simple “hacker” that just do it for the sheer fun or, those deliberate attacks that are aimed to do your site some harm.

Obviously, there is simply no way that you can “bulletproof” your WordPress sites security to 100%, nonetheless, the more “counter-measures” you have in place, the less likely you will have to deal with potential problems in the future. Just think about it. All your hard work down the drain and your online business shut down instantly. Won’t happen to you? Hopefully not, but if it does, be prepared. Its not pretty. I know, it already happened to some of my sites and yes, more than once.

May 2013: The recent botnet attack on websites running WordPress hasn’t had much impact — yet, but its likely that these attacks will continue, as there are way too many vulnerable sites out there. If you have not yet taken steps to secure your site, now would be a good time as ever. Read below all of my recommendations and apply them. Better safe than sorry.

What I want to share with you today are some of those “counter-measures” and WordPress security plugins that can help you “make the job” of an attacker a bit more difficult. Hopefully, if they try to attack your site and find it too difficult to break-in, they will leave and find another that is more vulnerable.

Here we go.. simple steps that you can do now to increase your WordPress site’s security, in case you still don’t have anything in place.

Backup Your WordPress Site Regularly

For so many reasons, backing up your WordPress files should be done on a regular basis, and even more so, before making any changes, such as upgrading WordPress software, your theme, a plugin, etc..

– btw, you should always keep your software and plugins updated.

This is the best “security” that you can have, period. There are many ways you can do this and for the sake of keeping this short, just do a research and see what suits you best. In my case, I do a manual backup every 15 days. Yes, it is tedious, but it gives me a peace of mind. Just use an FTP program and copy the “entire” folder. If it is too big, perhaps, backup only the most important sections of your WordPress site (e.g. database, etc).

On a side note, find out if your hosting provider has some sort of “backup” facility. Most of them do and as an example, my web hosting company, among other things, provides me with a “full” backup and restore service for a mere $12 a year. They work well and I have used the service already to restore some sites that were hacked. Very valuable service if you ask me.

Create Strong Passwords

Oh yes, passwords. Make them as strong as possible. Combine letters (upper and lower cases), numbers, symbols and try to go over at least 12 characters. WordPress allows you to create a password up to 64 characters long (did you know that?). Anyway, here is an article I wrote sometime ago, but it is totally applicable up to today – How To Create Strong Passwords?

Scan Your Site For Malware, Out-Of-Date Software and More

Scanning for malware presence on your website among other things should be first on your list. Knowing upfront if your site has already bugs in them, would certainly make your job easier to fix the issues and protect yourself. One of the best web-based and free malware scan checks I know of is Sucuri SiteCheck. All you need to do is enter your URL and the Sucuri SiteCheck scanner will check your site for malware, blacklisting status, and out-of-date software.

Checked for iBlogZone and woohoo.. for now I am on the clear :)

Securi Malware Site Checker

As you can see, Sucuri SiteChecker verifies your site for a lot of possible problems and know that it is clean and not blacklisted gives your site a boost in trust for your visitors. Sucuri has premium services where you can sit back and relax, if your site is hacked. They will do all the “hard stuff” (the cleaning) for you, and it is a good way to go if you are not comfortable with “messing” with your codes, htaccess, and all that tech stuff.

UPDATE 09/2012: Added VirusTotal. This free tool, recently acquired by Google may be of interest to you.

VirusTotal – is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. Recently acquired by Google, this free tool can help you detect (if any), suspicious files may be affecting your site.

VirusTotal Security Scanner

Are You Using Free WordPress Themes and Plugins?

Yep, free WordPress Themes and plugins are great, but some may contain possible malicious codes and provide backdoors for potential exploits. WordPress plugins even if they are on the WP repository, may contain problems. This is particularly true for those that are not updated for a long time, so among other things, it is a good indication for you to avoid them. Look at the ratings, users feedback for possible problems.

In addition, many Themes and plugins (including premium) rely on the TimThumb script and this has been known to seriously hamper your WordPress security. Please read this article from JustAskKim to find out about the TimThumb vulnerability and how to fix it (very important).

For free WordPress themes, make sure you run TAC (theme authenticity checker – old but good) to scan for possible malicious codes and read – Free WordPress Themes, Facts You Need To Know.

You can also install the Ultimate Security Checker Plugin that will help you identify security problems with your WordPress installation. This plugin scans your WordPress site and gives a security grade based on passed tests.

OK, then. Now that you have some security stuff already in place, here are just three WordPress security plugins that I strongly recommend you to install. If you have one, good, if not, install it now.

Note: You may want to install only one of them. Choose which one works better for you. Login Lock is lightweight and does not hamper performance, while Better WP Security may be a bit advanced for some users. Powerful though, if you are really security conscious.

NOTE: Due to the increased attacks and the current state of vulnerable WordPress sites, a new premium plugin was launched by Jonathan Green (security expert). While his plugin is not free (as the other below), it covers and fixes all your vulnerabilities in virtually less than 5 minutes. OK, 10 mins depending on how fast your internet connection is. The single license is only $7 and if you feel that your site is not worth that money, then read on. If you are curious though, click here (aff) and decide. If you have a plugin that disables login attempts, please be aware that it is not enough as these recent attacks are being made via more than 90.000 rotating IPs.

WordPress Security Plugins

Better WP Security – Almost an “all-in-one” security plugin for WordPress. This plugin takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.

Better WordPress Security

Some Features (so many).

  • Scan your site to instantly tell where vulnerabilities are and fix them in seconds
  • Remove the meta “Generator” tag
  • Removes login error messages
  • Change the urls for backend functions including login, admin, and more
  • Create and email database backups on a schedule using wp-cron
  • Ban troublesome bots and other hosts
  • Completely turn off the ability to login for a given time period (away mode)
  • Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  • Display a random version number to non administrative users anywhere version is used (often attached to plugin resources such as scripts and style sheets)
  • Remove theme, plugin, and core update notifications from users who do not have permission to update them (useful on multisite installations)
  • Remove Windows Live Write header information
  • Enforce strong passwords for all accounts of a configurable minimum role
  • Detect attempts to attack your site
  • and, as I said, many more
6Scan Security (new kid on the block) – Provides automatic protection for your WordPress site against threats. The scanner goes beyond the rule-based protection of other WordPress security plugins, employing active penetration testing algorithms to find security vulnerabilities. These are then automatically fixed before hackers can exploit them.
6Scan Security WordPress Plugin
Main features:
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • CSRF
  • Directory traversal
  • Remote file inclusion
  • Several DoS conditions
  • And many more, including all of the OWASP Top Ten security vulnerabilities.
Update March 2013: Google has just released their “Help For Hacked Sites” section and it is really worth checking out, in case you need it (hopefully not).

Help for hacked sites: Overview

Login Lock (update 25/10/2012 – Plugin removed from WP repository) – Enforces strong password policies; provides emergency lockdown features; monitors login attempts; blocks hacker IP addresses; and logs out idle users. This plugin is very good and more so if you have multiple registered users on your site.

WordPress Security Login Lock

Main features include:

  • Enforces strong password selection policies.
  • Monitors login attempts.
  • Blocks IP addresses for too many failed login attempts.
  • Lets you manually unblock IP addresses at any time.
  • Lets you forcibly log out all users immediately and require that they all change their passwords before logging back in.
  • Lets you forcibly log out idle users after a configurable number of minutes.
  • and more…

One of the things I like best about this plugin is the “emergency lock down” feature. Login Lock provides an emergency “panic button” that, when used, immediately logs out all users, resets all user passwords to a random value, and sends each user an email message informing them that they must change their password before logging back in to your site. Cool and its 100% free via the WP repository (must have).

Update June 2012: Login Lock is a great plugin, but under certain conditions it may cause a redirection loop, so if you are experiencing this problem, delete the plugin and install either Better WP Security or 6Scansecurity

That’s it! How well do you have your site secured? Do you even have something in place? Anything you feel that I missed? Please let me know.

Sucuri Security

Image credit: mashable.com

413 Flares Google+ 49 Twitter 122 Facebook 46 StumbleUpon 196 413 Flares ×

Article by

+DiTesco is a Business and Inbound Marketing Consultant, and founder of iBlogzone.com. iBlogzone's main objective is to help startups and small business owners achieve success in their online ventures. | More About Me and my Consulting Services.

Francisco has written 685 articles at iBlogzone.com

1 Gera@Sweets Foods Blog March 7, 2012 at 4:03 am

Hi Francisco,

How important is to try to minimize the risks of faulty plugins, hacks and bad codes inserted under-covered.

Still finding new plugins to explore just in case I need other options like Login Lock and Better WP Security. I’ll have in mind both.

I use Limit Login Attempts, but I see is less complete than Login Lock. Anyway, is shocking to see how many attempts trying to enter through the front door.

Not long ago my site was broken for a security plugin and more recently, apparently tweet old post and W3TC corrupted my theme, then I needed to start my layout again.

I’d add to install a Wordpress Firewall and again, every now and then, you see outrageous attempts to enter to site too.

Great article, I’ll bookmark it for future reference on delicious and other bookmarking sites.

Cheers,

Gera

2 DiTesco March 7, 2012 at 11:14 am

Hi Gera. I know what you mean when you say “too many attempts” via the front door :) Actually most of the time, some “smaller” type offenders does that and Login Lock should do the trick.

As for the firewall, it was giving me too much problems with my own plugins and had serious compatibility issues so I had to take it down. CloudFlare does a pretty good job for boosting security and does serve as a “firewall” in itself. Thanks for leaving your thoughts.

3 Anders Vinther May 16, 2012 at 4:30 pm

This is a great list of things to do to secure your WordPress site…

I recently had some security problems with my WordPress sites, and ended up doing a lot of research into securing WordPress sites…

I have now written up my experiences in a WordPress Security Checklist which can be downloaded for free on http://www.wpsecuritychecklist.com.

My checklist has a few more items and detailed steps for how to get the job done.

Hopefully the checklist can help other people securing their WordPress sites…

4 DiTesco May 17, 2012 at 11:43 am

Thanks Anders for the checklist. Just downloaded it and later today, I will be going over it. I’m sure there’s a lot of hidden gems in there :) BTW, just a heads up, I am not sure if it was your intention to “build a list” by providing that checklist. If that is the case, perhaps you can “create a thank you page” with the link to download it. Right now, anyone can download it without having to “optin”. I think that it is just reasonable to ask users to subscribe to your newsletter ;-)

5 Anders Vinther May 28, 2012 at 10:38 pm

Hi DiTesco – thanks for the list building tip… I will surely experiment with that… for now I just want to get the checklist out to as many people as possible :-)

6 jessica @ Luke Roxas March 7, 2012 at 7:26 am

I totally agree with you that you should really create strong passwords.
WordPress is prone to hackers and website security breach.
Passwords and other security plug-ins really help.

Blessings!

7 DiTesco March 12, 2012 at 6:47 pm

Hi Jessica. Strong passwords really can make or break a hackers motivation when attempting to attack your site. This is why it is really important to not only have strong passwords (very strong actually) and whenever possible, changing it regularly. Thanks for stopping by and sorry for the late response

8 Eddie Gear @ SEO For blog March 7, 2012 at 7:55 am

DiTesco recently all my blogs and book-marking sites were hacked with a malware. Luckily I backed up my data, that I could get my sites back up again. Love the post on security for blogs.

9 DiTesco March 7, 2012 at 11:38 am

Hi Eddie. When something like that happens, it ain’t a good picture and I totally stressed out the first time t happened. Like you, fortunately I had a full backup and got the site up and running and no time. BTW, when that happened to you, what caused the trouble. Was it a plugin, the theme or was it just someone who managed to login your site or server?

10 Andrew @ Blogging Guide March 7, 2012 at 9:54 am

Hi Francisco,

Just spent the last 20 minutes installing Ultimate Security Checker and improving my security. Excellent plugin – thanks for sharing.

Now going to use on clients sites as well.

Andrew

11 DiTesco March 7, 2012 at 11:16 am

HI Andrew. Yep, win/win. You get your clients sites a bit more secured and you get to minimize your own problems when having to deal with possible hacks from their sites. Maybe, you can “charge” a bit extra, or increase your relationship with them ;-)

Anyway, glad you found UC helpful.

12 Farrel March 7, 2012 at 11:32 am

I find your post very useful Ditesco. Thanks for sharing this kind of security plugins. I also had a bad experience about hackers and I’m learning to it. Finding a good security plugins so that I may protect all my data. I do agree with the statement jessica about creating a strong password for our WordPress. We can’t deny it that this is prone to hackers. I will look forward to install this Ulitimate Securuty Checker.

13 DiTesco March 12, 2012 at 3:15 pm

Hi Farrel. Sorry for the late response. String passwords are among other things one of the best ways to protect your site. Sadly there are people who insists in using weak passwords and that can be a problem. UC is a great plugin and works well. Have you installed it yet? What do you think?

14 Jamie Northrup March 7, 2012 at 2:18 pm

Thanks for sharing these, I’ve been looking to improve on security lately because I have more and more customers that need it and I’m trying to read up on as many options so I can know what I’m talking about when speaking with them.

15 DiTesco March 12, 2012 at 3:16 pm

Hi Jamie. These security measures and plugins can really help to “boost” just about any site that runs on WP. Hope you and your clients will find some of them useful. Thanks for stopping by

16 Ricardus @WordPress Hosting March 7, 2012 at 2:50 pm

Couldn’t agree more that Better WP-Security is a really good plugin that has essential features.

17 DiTesco March 12, 2012 at 3:18 pm

Thanks Ricardus for your input. Better WP is actually one of my favorites :) Sorry for responding too late. All the best

18 Ricardus @WordPress Hosting March 14, 2012 at 8:17 am

No problem. Anyways do check out our domain promotion. I hope you won’t be too late to receive this news though.

19 Jim Jenks March 7, 2012 at 6:33 pm

These are great plugins and suggestions thank you. These things are always being updated and improved upon so it can be tough to keep up on the latest and greatest so thank you.

20 DiTesco March 12, 2012 at 3:18 pm

Thanks for stopping and you are welcome :)

21 Frank Jovine March 8, 2012 at 1:14 am

I prefer BulletProof Security as this plug-in is loaded with great features, but it is not for novices.

22 DiTesco March 12, 2012 at 3:23 pm

Hi Frank. I agree that BPS is a great plugin too and while it is free, you are right, I think that it is not for novices. Perhaps when a user is more familiar with htaccess, 64code, sql injections and all that tech holahbaloo, then this may be a good and more advanced alternative. Thanks and all the best

23 Pepito Torres March 8, 2012 at 2:03 am

One of the most secured hosting sites for a websites is wordpress, it is proven and tested already because im a wordpress user since i was in college.

24 DiTesco March 12, 2012 at 6:49 pm

Hi Pepito. Yep, WordPress does a good job in providing some security but sadly it it is not enough and improving your sites security can avoid or at the very least discourage an attackers attempt.

25 Troy Jaggard March 8, 2012 at 3:48 am

I have been very surprised at how many “failed login attempts” have occurred since I installed a plugin to stop it. I thought I would receive enough traffic to have this happen, but it does almost daily.

26 DiTesco March 12, 2012 at 6:52 pm

Some people think that only “big” sites are prone to attack. Actually that is not the case as normally large websites has higher level of protection. They will probably be on a VPS or a dedicated server, have constant monitoring, etc. The fact that you have not noticed anything in traffic does noe mean that those bots are constantly trying to attack your site.

27 Ryan Biddulph March 8, 2012 at 5:35 am

Hi DiTesco,

Key to have the security side of things down, and you always do ;)

I am due for a back-up myself. Scheduling it makes all the difference in the world.

Thanks for sharing with us!

Ryan

28 DiTesco March 12, 2012 at 6:54 pm

No doubt Ryan. Security is something that most of us fail sometimes to give more attention to, but it is extremely important. As for your backups, well, time to go and do it, don’t leave it for later, because that in itself can already be too late ;-)

29

Mychael

March 8, 2012 at 9:32 am

I have used the Login Lock plugin and I find it very handy. The best feature for me is the forced log out for idle users.

30

Sandra E. Nolte

March 8, 2012 at 10:04 am

Hi Di,

Thanks for posting this you remind me to back-up my stuff. lol because of laziness I stop back-upping my stuff.

31 Curaderm Cream March 9, 2012 at 5:20 am

These all are a great tips to protect our sites from hackers.we should make a strong password and regularly update our sites.

32

Andrew Grant

March 9, 2012 at 2:43 pm

Great blog, this is really what people should read, there is millions of unuseful blogs about Wordpress plug-ins shooting their advices and tips. Keep doing a awesome job.

33 Austin March 10, 2012 at 10:10 am

Excellent posting but I already had Better WP Security and I still got screwed as my server got hacked so it is recommended to have the backup always. Indeed you can lower down the risk by implementing on these tips.

Its better to have a plug-in who takes auto backup ? what do you guys think?

34 Sajith March 11, 2012 at 5:22 am

Since I am a newbie to wordpress, your security plugins and advice are very helpful to me. I installed Login lock to my wordpress blog.

Thanks for sharing.

35 DiTesco March 12, 2012 at 6:55 pm

You are welcome and good luck with your site :)

36 Sajith March 13, 2012 at 3:26 am

Thanks for Replying me. Now I am a regular reader of your blog.

37 Sanjeev March 12, 2012 at 6:07 pm

WordPress security is really important, I use BackupBuddy to take my backups but some hosting provider do provide good rates on backup plan. I would still like to take these things in my hand…

38 DiTesco March 12, 2012 at 6:56 pm

Hi Sanjeev. You are so right. Making backups on your own is very important and highly recommended. Never know what could happen to those “automated” services, which for all purpose, while less likely, can also have problems..

39 Ramnadh March 13, 2012 at 8:36 am

Theme authenticity checker is a great plugin. I always use TAC to find hidden URLs and some risky scripts that always find with free themes..

40 DiTesco March 13, 2012 at 10:52 am

That’s a wise thing to do Ramnadh. Free themes are great and they are all over the place. It is always good to check them first before using it. Always pays off

41 College of Content March 17, 2012 at 12:17 am

hello Mr. DiTesco,

Happen to see your blog comment on the we blog better blog, and wanted to drop you a line. you have an awesome post here about [WordPress security plug-ins]. just wanted to give you a shout out and say “keep doing your thing in blogging”, because your blog posts are awesome. Shouts out to Mr. DiTesco, for being a helpful servant fellow bloggers and online marketers, by way of sharing good solid information in your blog posts. Keep up the good work and please know you are welcome anytime to stop by the site :-)

42 DiTesco March 18, 2012 at 12:01 pm

Thanks. It is people like you who keep me going… ;-)

43 Amit Shaw March 17, 2012 at 2:00 pm

I totally agree with you that you should really create strong passwords.
And i would like to try Login Lock .
Thanks for the nice list DiTesco.
~ Amit Shaw

44 DiTesco March 18, 2012 at 12:03 pm

Hi Amit. Yep, I won’t speculate on statistics here, but I am betting that a large % of hacked sites are due to weak and poor passwords. That is the very first thing that attackers attack :)

So, have you installed login lock yet? How it is going?

45 Amit Shaw March 18, 2012 at 5:54 pm

Yes you are right and this week almost 9 Sites got hacked not only sites Even Gmail Accounts also.
I got the news from my Facebook Frnds. When i asked them that what about password.
Reply is as same only Character :).

46 Tony Rovere March 18, 2012 at 10:30 pm

I tried to install ‘Better-WP-Security’ and it crashed my site. I don’t know if I did something wrong or not but I had to re-fresh my database and delete plug-in.

Did anyone else have this problem?

47 DiTesco March 18, 2012 at 11:55 pm

Hi Tony. As far as I can tell, I have not yet heard from anyone that had similar problem. As a matter of fact I have a test site that uses all three plugins at the same time and it is working just fine. the only thing that I can think of is that there is some sort of incompatibility with your theme or some other plugin you have installed. I noticed that your login has a captcha code.. Did you disable that first? Maybe it is better to replace that with login lock?

48 Barry Wells March 21, 2012 at 9:37 am

Hi Francisco,

Thanks for the information you’ve included in the post. I’ve been over and scanned my blog and got the all clear, which is excellent news :)

We can never be 100% secure but we sure should try to be as best we can. I’m forever checking mine just to be sure.

I do have a few security plugins activated but haven’t tried the ones mentioned here yet.

You make some very good points in the post. I use a free theme and when I installed it i noticed a foreign link at the bottom. Thinking I had been hacked I spent the best part of 2 days trying to resolve it with my hosting company assisting me.

I emailed the theme creator but didn’t get a reply until i mentioned upgrading, at which point they made contact and confirmed the link was their link which they place on every free theme.

Thanks again for an excellent post Francisco.

Barry

49 DiTesco March 21, 2012 at 12:56 pm

Hi Barry. Got you got that “strange” link at your footer sorted out. Unfortunately, you got the developer attention only after you mentioned “upgrade”.. haha, magic word. It worked though and yes, most free themes do include those “credit” links. Often times they are OK, but you should be careful because there are links that sometimes point to “adult” related sites and you don’t want a link pointing to bad neighborhoods. Anyway, glad you found these plugins useful. Anyone in particular that you have already tried? How’s it going?

50 Barry Wells March 21, 2012 at 1:41 pm

I did indeed mention the magic word that worked Francisco, ha ha ;)

I have the following security pugins that work really well, Limit Login Attempts, WordPress File Monitor, Wordpress Firewall, WP Security Scan and to check my plugins are secure I use WP Plugin Security Check.

The Limit Login Attempts has blocked hundreds of attempts so far, it really is fantastic :D

51

Shawn

March 24, 2012 at 7:37 am

Are you finding any issues with Login Lock. I noticed it has several broken reports and people commenting on issues. The alternatives however like Limit Login Attempts and Login Lockdown are out of date so not sure which is best.

Also, have you used or heard anything about Website Defender’s security services (not their plugins)? I browsed through their website and it looks like they do a lot but it’s still in beta and it doesn’t look like they do clean up like Sucuri if you do get hacked.

Speaking of Sucuri, how are they for preventative measures? I see that their service monitors your site and they also provide a premium plugin that has some features I don’t know about. If their preventative measures are on par with the competition that might be the way to go since they also handle cleanup if something does go wrong.

Thanks, great post by the way…

Shawn

52 DiTesco March 24, 2012 at 11:11 am

Hi Shawn. I have Login Lock installed on all my sites and clients too, and so far I have not noticed any issues with the plugin. Since I installed it, I noticed that I have been receiving some notifications from “failed login” attempts. Guess it is doing what it says it does :)

As for Website Defender, I have not yet had the pleasure to test them out and as a preventive measure, I have been using Site Lock for some time now. It works well, specially when there is a “malicious” link left by a bot or spammer. Sucuri’s preventive measure is among other things the site scan. Scanning for your site regularly will ensure that you are clean…

53

Shawn

March 24, 2012 at 10:08 pm

Awesome, thanks for the tips. I noticed the same thing on my site with login lock. It seems almost everyday it blocks login attempts. I had no idea there were so many attacks going on, it’s kind of ridiculous really :(

Speaking of spam comments I also had the pleasure recently of encountering a comment on my site through disqus. I clicked on their username not knowing it was a live link to a website and my pc was infected with viruses. I then had $1,500 stolen from my bank account over the next 3 days…

A couple questions about Site Lock

1. Which package do your run?

2. Do you know if Sitelock provides repair services as well in case something does happen, like Sucuri?

Thanks!

54 DiTesco March 26, 2012 at 12:50 pm

Wow, I am so sorry to here that you have been a victim of a virus. Curious how it was setup, and via disqus… That’s really something I have not heard before. So to show you that SPAM comments could be “dangerous”.

Anyway, the service I have with sitelock is basic. It monitors my site 24/24 and sends me notifications in case they identify a bug somewhere. Most of the time, all problems are easily fixed (malware links, redirects, etc.), so I do it myself. I do know that they can do it for you, but I have no idea if it is good or bad and how much it cost. I am sure that you can find more info on their site. Anyway, the notification service is good and it works well.

55 @Mahaloian (@mahaloian) March 26, 2012 at 12:10 pm

Protect your website by implementing simple but effective #WordPress security tips http://t.co/HWHfdUKj via @ditesco

56

Riz

April 7, 2012 at 7:38 am

Hi Francisco,

Apart from the paid options, is there any free wp plugin that could do the job well (backup + restore) in an not so complicated way?

57 Blueliner Web (@bluelinerweb) April 12, 2012 at 2:34 pm

Best WordPress Security Plugins 2012, Protect Your Online Business: http://t.co/6UjRKg8n

58 Elizabeth Ricci April 18, 2012 at 8:31 pm

Great article about protecting your WordPress site, we have written something similar to this on our blog. http://www.lucidagency.com/wordpress/quick-guide-to-securing-wordpress-from-malware-and-hacking/

59 leeuniverse May 4, 2012 at 7:34 am

Hey there, thanks for the tips, I’ve used a couple of others of yours when trying to get through the wordpress plugin and other issues.

I’ve looked at some of these, especially the “Better WP Security”, and my concern is with the functioning of my website and all the plugins I have installed.

WP Sec for example changes file urls, etc., so wouldn’t that effect my plugins that also use those files? For example, I have captcha and human checks, and white labeling, etc. type plugins working on those files, won’t this plugin cause those things to not work???

Thoughts?

60 DiTesco May 4, 2012 at 12:07 pm

Hi. Better WP Sec does warn you that making changes may impact or cause some weird behavior on other plugins. This is why it is better to use it on new sites and/or make only changes that will not affect URLs. If you are concerned about it, which I think is wise, just use Login Lock or use only some specific features on Better WP Sec, like brute force attack.

61 leeuniverse May 4, 2012 at 12:11 pm

Ya, that’s what I thought…. Thanks. Might have to just try it and hope for the best. :)

62 Designs Blessing May 7, 2012 at 7:21 am

I am having problem with my Hosting Company. They have a firewall on there server. For some reason there server has blocked my IP and i can’t able to work on my WordPress blog. I have contact them and they have replied me that answer.
“You are using open source free application with free themes and plug-ins. Some of your plug-in or theme must be refreshed and triggered your website when you are using that’s why your IP has blocked again and again from server firewall. We can not make any changes in server firewall. You must need to investigate this issue from your end.”

After couple of discussion we find that there is problem with my theme. Because i have switching to the Twenty Eleven theme by renaming my current theme’s folder inside wp-content/themes and adding “-old” to the end of the folder name and also resetting the plugins folder by FTP .
But still the same problem. Finally I have to install the same theme again and its working fine.

Know what security plugin do i need to download so this will not happens again.
Oh yes i use PressPlay 2.1 theme for my blog.

63 DiTesco May 7, 2012 at 10:14 am

Hi. Login lock may cause some redirection problem in your case. Perhaps “better WP security” is a better choice. Just be careful not to authorize the plugin to change the core files and select changes individually, like brute force attack.

64 Charles May 12, 2012 at 11:12 pm

Hi
Sounds good and I will try the ones you recommend. Already using Better WP Security

What about Bulletproof Security? I have had no problems since using it.
Over 220,000 downloads with a 4.5 star rating based on 141 reviews sounds good to me. What do you think?
See Specs below

Version: .47.1
Author: Edward Alexander
Last Updated: 2 days ago
Requires WordPress Version: 3.0 or higher
Compatible up to: 3.4
Downloaded: 222,315 times
WordPress.org Plugin Page ยป

Average Rating
(based on 141 ratings)
Charles

65 akhil May 30, 2012 at 10:52 am

Anyway thanks buddy. The “better WP security “is too good, but it resulted in my wordpress admin area white screen error:-(

66

Kev

June 13, 2012 at 6:10 am

Nearly all of my sites are run by WP, hence, security is my topmost priority. These are not great sites, but took me months of hardwork and writing only to be defaced from the planet. Right now, I’m considering these pieces of advice on top of my xcloner plugin that regularly backups my site.

67 Max June 13, 2012 at 12:36 pm

Great stuff! I will surely take this advice and install login lock. Thanks..

68 DiTesco June 13, 2012 at 4:30 pm

Hi Max. Good to see you here. Its good to have some added security measures and login lock thus provide a good defense from brute force attack. Better WP may be better, but it does require a bit of technical knowledge. Thanks for stopping by. How are things doing, btw?

69 starfall June 24, 2012 at 4:23 am

do you have any idea what is this appearing on my posts? “www domainname com …T-aUdZHheqc”
( #.T-aUdZHheqc ) the last part of the url is keep on appearing on my sites. Yes sites… what do you think is this? some kind of injection, virus, wrong coding, plugins conflict, etc…any idea? please email email if you have any idea what is this? Homepage and pages are ok but all post seems getting different kind of alphanumeric something on the last part of my url. HOpe you can help.

70 DiTesco June 24, 2012 at 9:55 am

Hi. I don’t see this issue when I visit your site. Can you give another example of another site? This looks like a tracking code of some kind.. email me if you want and we can discuss it.

71 Santosh Mishra July 19, 2012 at 10:57 am

WordPress is the safest blogging platform and very much secure by itself but there is never too much ascertainable. Installing WordPress Security Plugins is a good idea to make your blog safe from hacking attacks.

72 Joy@Bankruptcy Lawyer Nyack July 28, 2012 at 10:41 am

Online security is of utmost importance. Thanks for coming up with this checklist.

73 Kristine@wordpress developers July 28, 2012 at 10:44 am

These are valid reminders that we should all look into to protect our sites. Thanks for sharing your tips.

74 Cretia August 14, 2012 at 11:23 am

I just wanna say thanks for the awesome Article…. I have been like totally paranoid about being hacked. And The best recommendation is on the one plugin that blocks IP Addresses. That you so very very much from The Oxygen Products Team in South Africa.

75 Pressa August 28, 2012 at 11:43 am

Thanks for the tip.
I use Better WP Security , but for unexperienced this and plugin very much like this one may also harm you. If the setting is wrong your whole site may collapse mostly because of writing rules issue.
If your site allows member to register, then be sure which setting to choose before doing anything with Better WP Security .

76 Deni Saputra September 17, 2012 at 9:59 am

These great source and felt loss because late to read!
However, many thanks!

Deny

77 Emilia@portable building September 17, 2012 at 10:47 pm

Valuable post you have there! I totally agree that you really have to backup your site regularly and make use of strong passwords to protect your Wordpress site from hackers. Thanks for this.

78 Thomas September 22, 2012 at 12:45 pm

Hi Francisco
I just installed “Limit Login Attempts” a little while ago and have noticed how many failed login my blog has. Maybe I should try the “Better WP Security” plugin to minimize the risk.

79 DiTesco September 24, 2012 at 12:30 pm

Hi Thomas. You can try using Better WP Security, but the emails are “in principle” real attempts to login your site. It is scary sometimes, but it happens, and more reason to ensure that additional protection are to keep you as safe as possible

80 Parigyan September 25, 2012 at 8:34 pm

This was an awesome post. I recently shifted to Wordpress from Blogger and was wandering around to find some good security plugins. Thanks man…Keep it up

81 Cretia October 8, 2012 at 9:51 am

Hi There,
Something has gone drastically wrong on my website.
I cant seem to login after some one tried to hack my website ….
I eventually logged in through my Jigoshop…. but I can’t get into my backend.
I used all the plugins you suggested and now I am some what in a tizz.
When I go into my websites backend through FTP everything shows….
Please tell me how to fix what went wrong.
I dont know a thing about programming and I am still learning as I go along.

82 Lon October 25, 2012 at 1:34 pm

I just followed the link for Login Lock to the Wordpress.org site and its not listed? Has the designer changed its name? Thanks for your research listed here!

83 DiTesco October 25, 2012 at 9:13 pm

Thanks for the heads up Lon. Indeed Login Lock has been removed from the repository. I’m guessing it was because it was generating some problems and the developer has not updated it. Updated this post to reflect that, thanks again

84

yetty

November 11, 2012 at 4:26 pm

Hi DiTesco,
Great and very informative post. What are your opinions concerning Wordpress BulletProof Security Plugin?

85 DiTesco November 11, 2012 at 5:35 pm

Hi. Can’t tell as I have no experience with it. I heard it is also good…

86 Riz February 1, 2013 at 8:50 pm

Hi,
I have been testing and learning BulletProof Security for almost a couple of weeks and it actually is a great security plugin, however we need to understand its various options by hit and trials as very basic FAQs have not been listed anywhere for this plugin for new users. I would actually prefer using this along with Better WP Security which is my favourite in terms of the protection and easy to understand data it produces, the best thing I liked about it is that it makes the default admin login page invisible so the basic level hacker will only keep thinking how to find the login page :-) To Conclude, BulletProof Security and Better Wp Security make a deadly combination.

Thanks

Riz

87 Sai Kumar December 29, 2012 at 10:57 am

Hi DiTesco, Great Tips to secure our blog. I am using some of the plugins which you have listed above. Thanks for Sharing!

88 Achin Jain February 25, 2013 at 9:23 am

Great post.. are they capable of handling malicous query also

Comments on this entry are closed.

Previous post:

Next post: