The interwebs are a fun place to go online and play games and read articles and do all sorts of things. But the moment site owners get a site (if like 20% of the others out there) on WordPress there is something very important you need to do.
Lock you site down and keep an eye on it for possible attacks.
Hardening WordPress Security
WordPress.org provides simple easy steps to secure you WordPress install. But there are more steps you can take.
Hire a better hosting company
Or pay the higher cost for better protection. If protecting your valuables are important to you and money is considered not an option for that protection, then think about your site.
Self managed hosting like Element 502 can provide takes the time and worry off you about your sites security. Not merely after the fact, but actively.
Install Security Plugins
Better WordPress Security
This is free, but be extremely careful with some of the settings as you can end up locking your self out.
- Official Plugin Page: http://wordpress.org/plugins/better-wp-security/
- Instructions: Better WP Security
Block Bad Queries
This is free as well and blocks malicious incoming requests that are trying to inject bad things like base64 code.
- Official Plugin Page: http://wordpress.org/plugins/block-bad-queries/
- Instructions: BBQ: Block Bad Queries
Limit Login Attempts
A must for any WordPress site. It can block an attack on the
/wp-admin/ login in case of a brut force attack like the recent BotNet.
- Official Plugin Page: http://wordpress.org/plugins/limit-login-attempts/
- Instructions: Limit Login Attempts
Watch What’s Going On In Your House
Sucuri WordPress Plugin ($)
A not very well known plugin from Sucuri, but it’s out there. They fix compromised sites, but be prepared as it can be costly if you think it’s just a couple hundred bucks. The WordPress plugin adds a web application firewall and malware file scanning.
- Official Plugin Page: This is a premium plugin so it is not found in the WordPress repository.
- Instructions: Sucuri WordPress Security Plugin.
The new kid on the block that has grown up fast. It includes a firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers.
It takes a lot of time to do all this and find the right solutions on your own. In the end there is still no guarantee 100% that you will never have a problem. Solutions that are paid solutions are better because it’s your piece of mind and frees you up to focus on your business and hobbies without worry. It all comes down to what you value it. But when your site is your money maker, you can’t play it risky, or be a DIY all the time.
I speak from experience about these things. In all honesty I had a site that was compromised. I changed themes, deleted plugins, and cleaned up the database. Then did all the above, installing plugins and setting up what was necessary to secure the site. In the end, 3 months later, the attack returned.
I eventually stepped away from shared hosting and went the pro route. I’ve never had an issue since and share that server space and all the benefits with my customers. No one has had a site compromised since the BotNet. I could have continued to do the above, but it was too time consuming, and I moved on to better services.
If you have a WordPress site and want the same check out the plans and features and get in touch.
[UPDATE] For more on WordPress security visit our friends at WP Beginner here.