You can never be too prepared when it comes to internet security, so I have posted a continuation of my previous post, 10 Simple Steps to Secure & Protect your WordPress Blog, with an additional 5 tips to make it 10 times more difficult for your WordPress site to be compromised by hackers.
Here are 5 additional tips and practices to ensure that your investment of time, energy and money in your blog never goes to waste.
1. WordPress File Monitor Plugin
This plugin monitors your WordPress installation and sends an e-mail alert to a specified address whenever a file is changed, added or deleted. Usually when a site or blog is hacked or compromised in some way, there is always a file that is altered in your directories. Under normal circumstances we would not know about such low-key changes taking places, so the plugin keeps a constant look-out and reports any changes.
The plugin also shows alerts in the WordPress dashboard, just in case you missed the e-mail alert.
This plugin can be downloaded here: WordPress File Monitor
2. Move Your Wp-config.php File
This tip actually came from Sachin, a fellow blogger and web developer, who commented on my previous security post.
You can further secure your WordPress blog by moving your wp-config.php file (which is found in your root directory) to a directory level that is higher than your www (root) folder. This move will prevent your blog from being hacked through your wp-config.php file.
3. WordPress Anti-Virus Protection Plugin
Hopefully, most of us have anti-virus software for our personal computers, so why not have it for your wordpress blog? This plugin is an extremely effective solution for detecting and protecting your blog against exploitations and spam injections and offers the ability to conduct daily automatic scanning and manual testing while providing e-mail notifications.
This awesome anti-virus plugin can be downloaded here: WordPress AntiVirus
4. WordPress Firewall Plugin
This one is pretty neat and recommended for more advanced users. This plugin has a vast amount features that complement your web host server by logging, detecting and intercepting suspicious parameters and requests. It is also useful for mitigating dreadful zero-day attacks (See definition for Zero-day Attacks Here) and setting different security protection levels.
The plugin can be downloaded here: WordPress Firewall Plugin
5. Encrypted Login Password Plugin
This plugin is very useful for users who do not have SSL (Secure Sockets Layer, see definition here) enabled or is not available. The plugin increases the security of the login process by using a combination of public and secret key encryption to encrypt the password on the client side when you log in. Your server will then decrypt the encrypted password with a private key and grant you access. Note: Javascript is required to enable password encryption.
The plugin can be downloaded here: Semisecure Login Reimagined
Use the plugins and tips above to seriously secure and lock-up your wordpress blog to the Max! Remember, its your investment, so do what it takes to protect it.
Discussion:
Please share with us other tips or plugins not listed above that you may have found useful. Also, please share any experiences or difficulties you may have had in the past and what you did to overcome.
Thanks for the mention Robyn. Thanks for the mention. Great new tips here but there’s one thing to keep in mind. Server side hacking management should be done by advanced users only. If you get something wrongly configured, you might have some strange surprises. E.g: I once tried the “bad behaviour” plugin. Though it did a great job, it also stopped me from approving comments.
.-= Sachin @ Web Design Mauritius´s last blog ..Failure of the web design community in Mauritius? =-.
Hey Sachin,
I totally agree. Server side configurations are definitely for experienced users.
I think you mean the “bad neighborhood login lockdown plugin.” Its strange that you have a problem using it since I haven’t had any trouble with it so far. I’ll try to find a solution for that and let you know.
No, I’m talking about the bad behaviour plugin which is a link spam & robot blocker (http://wordpress.org/extend/plugins/bad-behavior/) but works through the server configuration. This even blocks the admin out in some cases. Great plugin though.
.-= Sachin @ Web Design Mauritius´s last blog ..Failure of the web design community in Mauritius? =-.
Many have reported bad behavior plugin issues since it;s inception.
This is an awesome post. i think I like the monitor plugin best, so thanks for that.
As for the anti-virus and firewall plugins – these won’t mess at all with the regular ones, will they?
.-= Dennis Edell @ Direct Sales Marketing´s last blog ..New Updated Long Detailed Comment Policy Coming very SOON! Among Others… =-.
Hey Dennis,
I’m in the process of conducting some extensive testing. So far so good, no problems yet.
Thanks for reading
Man I didn’t even know they had a firewall for WP..lol
So focused on protecting against Spam that I forgot the rest of security.
.-= John Paul@Make Money With A Blog´s last blog ..My Crazy Simple 7 Step Plan To Promote A New Post =-.
Hey John,
Spam is a minor problem compared to what hackers can do to an unprotected site. Think about complete destruction. Hope you will give these a try and step up the protection.
Thanks for comment John
I am just confused should I focus on site speed or should I focus on Security because I think installing a lot of these plugins will increase website load time on the other hand I would not want my blog to be vulnerable . Truly confusing situation
.-= Shiva@Web Magazine´s last blog ..Mobile Phones Worldwide – The Stats =-.
Hey Shiva,
Honestly, its not completely necessary to use all of the security plugins I mention. I’ve realized that there are specific ones that provide the key tools for protection. I will be doing a follow-up post to show this soon.
Great info man thanks a lot…very useful.
.-= alonso´s last blog ..Barn Yard Night Discussion =-.
Glad you found it useful Alonso. Thanks for reading