Welcome to Doc-Computer users!
With over 60,000,000 websites already using WordPress and an estimated almost half of ALL SITES on the web being created using WordPress, and another 100,000 popping up each day, I guess we perhaps should pay attention?
I have used WordPress off and on for probably 10 or more years. Who’s counting? At the beginning it was very confusing. What do all the setting headings mean? Should I change them now blindly in the dark or wait until I see that I need to? However I have come back to WordPress over the last year, 2012 – 2013 because it is FREE with your hosting package. Or you can go to WordPress.com and set up a site like blogger with a subdomain that is the same as the title of the blog.
The great thing about WordPress is that by simply changing a theme, you have a whole new site! Or at least it LOOKS new! That is the sign of an active and attractive site which can draw people to it.
Plus, by using plugins or purchasing Premium Templates you can make WordPress do almost anything you want to do? Would you like a forum? How about a discussion of your article below the article? Do you want an eCommerce site to sell products? How about a beautiful photo gallery where you can make your thumbnail photos full-size and click arrows to keep moving on to the next photo? Like I say, almost anything can be done.
However after having some WordPress sites attacked last March-April when my wife and I were 3000 miles away from home made me look for security. At first I was so alarmed that I thought I would have to pay for some product to protect my sites. Then the idea of searching for plugins hit me! Yes! I found out what I needed and even tho there have been attempts, the hacking blogs or people get locked out after a given number of attempts to login. Make sure it is NOT too few so that your accidental incorrect typing causes YOU to be locked out!
So here you go! A list from my own experience and from other sites where WordPress is taught.
WordPress Security Tips & Plugins
WordPress Security Tips
1) The first step in securing your website is to make sure that you choose a reliable web hosting provider that has excellent built-in spam and bot protection already installed on the server. (However this can be very expensive if you are an under-rich person.) So at least search for reviews and see what people who have used it say. Also be aware of any sites which rate a whole list of hosts as they may be artificially picking favorites according to what the hosting site gives them like free hosting or whatever. Be suspicious. Don’t be paranoid. Somewhere in between lies the ‘rub’ according to Shakespeare or the truth according to me. 🙂
2) The next step is to choose your themes and plugins of all kinds from a reliable source that tests the themes and plugins for reliability and for any embedded malware or viruses.
3) Now that you are ready to roll, make sure that you have the latest version of WordPress and always keep it updated
4) After your WordPress blog is up and going, but before you actually go live, you have to choose your security plugins. Most of the best security plugins are free though some offer premium services for a fee.
Best WordPress Security Plugins
Tips to Choosing Plugins
First I have to say that I am generalizing below. There may be occasions to ignore these tips. But at least keep them in mind.
- It is probably easier to check for security or other plugins on the WordPress.org site as you can get a list AND a larger description of what it does PLUS read any comments that other users have posted.
- Look for the most popular, most downloaded plugins.
- Look for plugins with 4 to 5 stars. HOWEVER also check how many reviews there are. If only 1 or 2 people reviewed the plugin, it may be the friends of the plugin maker.
- Check to see how long ago it was updated. If it is a year or more unless it is a very simple plugin, it may cause problems rather than solve them.
- Has the author responded to any bad reviews with updates to solve the problems those users had? if not, he may not be actively updating and the plugin may cause other problems that you will not know about.
- Then you can go back into your WordPress site and search for the exact plugins.
WP SENTINEL – WARNING
Choose plugins that many people use to make sure that there is no malware or no problems which can lock you out of your site. I was using a product called WP Sentinel. It did some stupid things but I could always recover and then suddenly one day I could not. I may have inadvertently put the caps lock on or typed too fast. WP Sentinel interpreted that as an attack against the very site I was trying to get into to work on! The other problem was it pulled up a boxed-in errror message that gave information about the “attack” including where it came from AND WORST OF ALL, my username AND PASSWORD!!!
So in other words this stupid product could NOT recognize my two admin usernames, nor could it recognize the IP I came from which was always the same. Then it locks me out and I had no way to get in. Fortunately using my host’s File Manager, I knew enough to enter the wp-content/plugins folder and find WP Sentinel and delete it. That solved the problem. I went to WordPress and reviewed the product and warned people about it. However if I had not been so impatient, I would have already read the other comments there BEFORE I installed it, many of which were saying the same thing! But then there were some who thought it was ‘wonderful’. That kind of wonderful I can do without! So NEVER use WP SENTINEL unless you see where the author has fixed those bugs or you may have the same problems!
Akismet – Akismet filters comments by using data collected by WordPress bloggers. The comments are sent to the Akismet web service and literally undergo hundreds of tests before they are approved as comments and posted on your blog.You don’t need to worry about Akismet catching comments that are actually not spam — it rarely happens — and when it does, you can always approve the comment[s] manually after clicking the spam link on your dashboard. If a comment gets approved that is spam, you can mark it as spam and Akismet will learn and adopt from its mistakes … that’s the kind of technology that could lead to Akismet becoming the next SkyNet.
Bad Behavior – Bad Behavior is a PHP-based solution for blocking link spam and the robots which deliver it.
BulletProof Security – WordPress Website Security Protection: BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. Security Logging. HTTP Error Logging.
[Editor: This is the program I found after some nasty bots planted redirection scripts in various files. I used the trial and it was so good, that I bought the whole product for about $50 because you have unlimited sites and updates.]
Captcha – Adds CAPTCHA anti-spam methods to WordPress forms for comments, registration, lost password, login, or all. In order to post comments or register, users will have to type in the code shown on the image.
Contact Form Plugin – Contact Form 7 can manage multiple contact forms, plus you can customize the form and the mail contents flexibly with simple markup. The form supports Ajax-powered submitting, CAPTCHA, Akismet spam filtering and so on.
Contact Form DB – This “CFDB” plugin saves contact form submissions to your WordPress database and provides short codes to retrieve and display the data. By simply installing the plugin, it will automatically begin to capture submissions from:
- JetPack Contact Form plugin
- Contact Form 7 (CF7) plugin
- Fast Secure Contact Form (FSCF) plugin
Limit Login Attempts – Limit the number of login attempts possible both through normal login as well as using auth cookies. By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
Stop Spammer Registration – In all the plugin uses 15 different strategies to block spammers. Eliminates 99% of spam registrations and comments. Checks all attempts to leave spam against StopForumSpam.com, Project Honeypot, BotScout, DNSBL lists such as Spamhaus.org, known spammer hosts such as Ubiquity Servers, disposable email addresses, very long email address and names, and HTTP_ACCEPT header. Checks for robots that hit your site too fast, and puts a fake comment and login screen where only spammers will find them.
WordFence Security – Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
Categories: WordPress, WP plugins, WP tips, plugins, security plugins