Thursday, March 8, 2012

Best WordPress Security Plugins 2012, Protect Your Online Business

wordpress security plugins 2012

Some of you may already know the importance of keeping your WordPress site as secured as possible. Sadly there are many reasons why your site can get attacked and it could come from a simple ?hacker? that just do it for the sheer fun or, those deliberate attacks that are aimed to do your site some harm.

Obviously, there is simply no way that you can ?bulletproof? your WordPress sites security to 100%, nonetheless, the more ?counter-measures? you have in place, the less likely you will have to deal with potential problems in the future. Just think about it. All your hard work down the drain and your online business shut down instantly. Won?t happen to you? Hopefully not, but if it does, be prepared. Its not pretty. I know, it already happened to some of my sites and yes, more than once.

What I want to share with you today are some of those ?counter-measures? and WordPress security plugins that can help you ?make the job? of an attacker a bit more difficult. Hopefully, if they try to attack your site and find it too difficult to break-in, they will leave and find another that is more vulnerable.

Here we go.. simple steps that you can do now to increase your WordPress site?s security, in case you still don?t have anything in place.

Backup Your WordPress Site Regularly

For so many reasons, backing up your WordPress files should be done on a regular basis, and even more so, before making any changes, such as upgrading WordPress software, your theme, a plugin, etc..

? btw, you should always keep your software and plugins updated.

This is the best ?security? that you can have, period. There are many ways you can do this and for the sake of keeping this short, just do a research and see what suits you best. In my case, I do a manual backup every 15 days. Yes, it is tedious, but it gives me a peace of mind. Just use an FTP program and copy the ?entire? folder. If it is too big, perhaps, backup only the most important sections of your WordPress site (e.g. database, etc).

On a side note, find out if your hosting provider has some sort of ?backup? facility. Most of them do and as an example, my web hosting company, among other things, provides me with a ?full? backup and restore service for a mere $12 a year. They work well and I have used the service already to restore some sites that were hacked. Very valuable service if you ask me.

Create Strong Passwords

Oh yes, passwords. Make them as strong as possible. Combine letters (upper and lower cases), numbers, symbols and try to go over at least 12 characters. WordPress allows you to create a password up to 64 characters long (did you know that?). Anyway, here is an article I wrote sometime ago, but it is totally applicable up to today ? How To Create Strong Passwords?

Are You Using Free WordPress Themes and Plugins?

Yep, free WordPress Themes and plugins are great, but some may contain possible malicious codes and provide backdoors for potential exploits. WordPress plugins even if they are on the WP repository, may contain problems. This is particularly true for those that are not updated for a long time, so among other things, it is a good indication for you to avoid them. Look at the ratings, users feedback for possible problems.

In addition, many Themes and plugins (including premium) rely on the TimThumb script and this has been known to seriously hamper your WordPress security. Please read this article from JustAskKim to find out about the TimThumb vulnerability and how to fix it (very important).

For free WordPress themes, make sure you run TAC (theme authenticity checker ? old but good) to scan for possible malicious codes and read ? Free WordPress Themes, Facts You Need To Know.

You can also install the Ultimate Security Checker Plugin that will help you identify security problems with your WordPress installation. This plugin scans your WordPress site and gives a security grade based on passed tests.

OK, then. Now that you have some security stuff already in place, here are just two plugins that I strongly recommend you to install. If you have one, good, if not, install it now.

Note: You may want to install only one or the other. Choose which one works better for you. Login Lock is lightweight and does not hamper performance, while Better WP Security may be a bit advanced for some users. Powerful though, if you are really security conscious.

WordPress Security Plugins

Login Lock ? Enforces strong password policies; provides emergency lockdown features; monitors login attempts; blocks hacker IP addresses; and logs out idle users. This plugin is very good and more so if you have multiple registered users on your site.

WordPress Security Login Lock

Main features include:

  • Enforces strong password selection policies.
  • Monitors login attempts.
  • Blocks IP addresses for too many failed login attempts.
  • Lets you manually unblock IP addresses at any time.
  • Lets you forcibly log out all users immediately and require that they all change their passwords before logging back in.
  • Lets you forcibly log out idle users after a configurable number of minutes.
  • and more?

One of the things I like best about this plugin is the ?emergency lock down? feature. Login Lock provides an emergency ?panic button? that, when used, immediately logs out all users, resets all user passwords to a random value, and sends each user an email message informing them that they must change their password before logging back in to your site. Cool and its 100% free via the WP repository (must have).

Better WP Security ? Almost an ?all-in-one? security plugin for WordPress. This plugin takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.

Better WordPress Security

Some Features (so many).

  • Scan your site to instantly tell where vulnerabilities are and fix them in seconds
  • Remove the meta ?Generator? tag
  • Removes login error messages
  • Change the urls for backend functions including login, admin, and more
  • Create and email database backups on a schedule using wp-cron
  • Ban troublesome bots and other hosts
  • Completely turn off the ability to login for a given time period (away mode)
  • Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  • Display a random version number to non administrative users anywhere version is used (often attached to plugin resources such as scripts and style sheets)
  • Remove theme, plugin, and core update notifications from users who do not have permission to update them (useful on multisite installations)
  • Remove Windows Live Write header information
  • Enforce strong passwords for all accounts of a configurable minimum role
  • Detect attempts to attack your site
  • and, as I said, many more

That?s it! How well do you have your site secured? Do you even have something in place? Anything you feel that I missed? Please let me know.

Image credit: mashable.com

Related Content - Check them out:

  1. Protect Your Online Business, Free WordPress BackUp Solutions
  2. Speedlink V25/2011, SEO, WordPress Plugins, Online Business, Social Web
  3. 62 WordPress Plugins, For Beginners, Intermediate And Advanced Users
  4. How To Find WordPress Plugins That Affect Your Sites Performance?
  5. Best WordPress and SEO Plugins 2011, Take Two
  6. Secure And Improve Performance Of Your Online Business With Incapsula

Source: http://www.iblogzone.com/2012/03/best-wordpress-security-plugins.html

andy kaufman october 21 2011 ohio ohio john beck john beck mariska hargitay

Posted by at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)