Basic Wordpress.org Security

13 replies
Hi,

Does anyone have any advice or links for mastering the basics of Wordpress security that they could share please?

I am about to get some new hosting and throw a site up on a domain I already own but I want to make sure I don't wake up one morning and have a Vietnamese sixteen year old selling Viagra or access to hard core webcams on my site because I've left a gaping hole somewhere.

If the info is simple... as in plants eat sun and shit air simple than that would be great! :-)

Thanks in advance.
#basic #security #wordpressorg
  • Profile picture of the author Michael Shook
    [DELETED]
    {{ DiscussionBoard.errors[9904396].message }}
    • Profile picture of the author Russell Turner
      [DELETED]
      {{ DiscussionBoard.errors[9904426].message }}
  • Profile picture of the author slammer81
    I find that it's usually "from Russia with love"
    Signature
    {{ DiscussionBoard.errors[9904466].message }}
  • Profile picture of the author nizamkhan
    I use and recommend iThemes Security plugin. Install the plugin and configure it. I would highly suggest you to atleast Fix all the High Priority items to maximize your site's security.

    - Nizam
    {{ DiscussionBoard.errors[9904735].message }}
  • Profile picture of the author oghenk
    You can also use BulletProof Security plugin. The feature :
    - .htaccess Website Security Protection (Firewalls)
    - Login Security & Monitoring
    - DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron - --- Delete Old Backups
    - DB Backup Logging
    - DB Table Prefix Changer
    - Security Logging
    - HTTP Error Logging
    - FrontEnd|BackEnd Maintenance Mode
    - UI Theme Skin Changer (3 Theme Skins)
    {{ DiscussionBoard.errors[9906322].message }}
  • Profile picture of the author Brendan Mace
    Here are the Wordpress Security Plugins that I use:

    Plugin #1 = http://wordpress.org/plugins/captcha/changelog/
    Plugin #2 = http://wordpress.org/plugins/limit-login-attempts/
    Plugin #3 = http://wordpress.org/plugins/better-wp-security/

    That'll make your site pretty darn to break.
    {{ DiscussionBoard.errors[9907015].message }}
  • 1) There are a few great security plugins

    Like..

    SiteGuardian
    iThemes Security

    2) Make sure you backup all your data, very frequently..
    using FileZilla or another service
    Signature

    [CENTER][B]==> Do you want to make money online? [/B]
    Free video: How regular people are making 6-figures per month on the internet! [URL="http://www.clkmg.com/fc27/UDCL-IN2WF"][B]Watch this free video now![/B][/URL] <==[/CENTER]

    {{ DiscussionBoard.errors[9907941].message }}
  • Profile picture of the author Markets
    Besides just securing your wordpress installation, also make sure your server is secure as well, as if they get access to that it won't matter what you have installed onto wordpress. :p
    Signature
    "There comes a time when people get tired."
    {{ DiscussionBoard.errors[9907975].message }}
  • Profile picture of the author DubDubDubDot
    Most exploits are the result of poorly engineered plugins. None of these security plugins are going to do much (if anything) to prevent that. If they have some features that you like, install it. Just don't let it give you a false sense of security. Keeping everything updated is the best line of defense.
    {{ DiscussionBoard.errors[9908083].message }}
    • Profile picture of the author Chris19h
      Originally Posted by DubDubDubDot View Post

      Most exploits are the result of poorly engineered plugins. None of these security plugins are going to do much (if anything) to prevent that. If they have some features that you like, install it. Just don't let it give you a false sense of security. Keeping everything updated is the best line of defense.
      What DubDubDubDot said. I would just add that making sure you have a backup is the best sense of security you can have. I would suggest making one every night, or at least every week and then if any other big changes are made. Some hosts make this easy for you, some dont. There are a few plugins out there for backing up. This one is really easy to use: https://wordpress.org/plugins/backupwordpress/
      {{ DiscussionBoard.errors[9908213].message }}
  • Profile picture of the author spearce000
    Scan your new site for vulnerabilities, and check plug-ins against the US National Vulnerabilities database. That will close any "back doors".
    {{ DiscussionBoard.errors[9909843].message }}
    • Profile picture of the author a2hosting
      Some basics:

      -Keep your WordPress install up to date
      -Keep your plugins up to date and uninstall any that you're not using
      -Move your login page from the default option
      -Add captcha to your login and comment form
      Signature
      WordPress Hosting From A2 Hosting - Up To 20X Faster On Turbo Servers. WordPress Auto-Installed! Free Migrations. Guru Crew Support. Featuring High Speed VPS Hosting!
      {{ DiscussionBoard.errors[9910329].message }}
  • Profile picture of the author usmantech
    Install Wordpress Firewall 2, Keep your Wordpress core and plugins updated. Dont use pirated themes. That's the basics. And there are lot many advanced things too.
    {{ DiscussionBoard.errors[9910396].message }}
  • Profile picture of the author kimstuart
    Basic list - (some repetitive to other replies above)
    1. Keep WP version and plugins up to date. That is the single most important thing you can do.
    2. Be very careful when buying themes that have plugins integrated - many of these do not update the plugin portion when there is a security problem. Envato had to notify/take action with the Rev Slider breach a few months ago that included thousands of themes that were sold and had this plugin included.
    3. Get a good host that works with a lot of WP installs. They are likely to make sure you are notified when there's a problem since shared hosting means that a lot of installs can be compromised by one bad apple.
    4. You could try Sucuri, iThemes Security, those are two really popular companies that provide good support to their users.
    5. Set up a few Google Alerts for WP security issues if you do not visit the WP forums or FB groups very often - that way you'll get a notification when there's a problem and you can make sure you're covered.
    6. Log in and check for updates in your admin periodically. That means more than once every six months lol...
    7. Most of the stuff in the repo has been checked and is decent. That doesn't mean it's all well written so keep in mind when you install plugins that you're putting your site at risk. Don't stop installing plugins, just be choosy.
    8. If you're using cPanel, set up a backup at least once a week. Keep at least 3 copies of backups in case something got you and you need to revert. Depending on date of breach, you should have at least one good backup (maybe not if you backup every day, once a week is plenty). Keep a separate copy of your DB occasionally in case that's compromised. Once a month is probably enough unless you have a ton of new content.
    9. If it looks too good to be true, you know the deal...
    {{ DiscussionBoard.errors[9910540].message }}

Trending Topics