A plugin to protect your wp site

by cbnet
14 replies
I have heard that a plugin for WordPress is available which limits repeated Dashboard login attempts and other abusive behavior.

I have two questions on this:

(i) Do you advise to install such a plugin & how for is this effective.

(ii) Which one is the best reliable plugin to do this job.

Thanks & Regards......................
#plugin #protect #site
  • Profile picture of the author vtotheyouknow
    Yep, there are two goods ones I use:

    1. Login Lockdown (limits # of login attempts)

    2. Bulletproof security (does a LOT of stuff!)

    Both are free and excellent. :-)
    {{ DiscussionBoard.errors[8092014].message }}
  • Profile picture of the author buzilla
    They are worth installing as a lot of Wordpress installations are hacked using brute force attacks (repeated attempt logins). Login Lockdown can limit the number of failed attempts and I would recommend using it. Also be sure to use a strong password as this makes your site harder to hack, check out Password Strength Checker to ensure you are using a strong password.
    {{ DiscussionBoard.errors[8092091].message }}
  • Profile picture of the author cbnet
    Which are such good plugins.
    {{ DiscussionBoard.errors[8092724].message }}
  • Profile picture of the author cbnet
    What about wordfence security in comparison to Login Lockdown & Bulletproof security. As I can not install all the three, please recommend which one I should go for.
    {{ DiscussionBoard.errors[8093086].message }}
    • Profile picture of the author BeechHill
      You have to be careful in using security plugins that alter the .htaccess files as they also stand a good chance of conflicting with your other plugins.

      You can also add a substantial level of security by using something like this, Hide My WP - No one can know you use WordPress!

      The magic starts now... But before it stick in your mind we don't change any file or folder and everything is in its default location! we just control access to it and this guarantees maximum compatibility for the plugin.
      {{ DiscussionBoard.errors[8093585].message }}
      • Profile picture of the author halbertech
        There is one plugin (currently 6/4/2013) that everyone running a wordpress blog should have called Better WP Security. This is a free plugin from wordpress.org that covers every best security feature you should consider implementing for wordpress protection.

        It is granular, meaning that it actually explains the implication of hardening a feature giving you the freedom to implement it or not based upon some unintended result. It's lightweight and I have used 6 different popular themes and 25 different intensive plugins on both shared and vps hosting and I haven't had one single issue with performance or conflict. This to me is a table pounder plugin and it's so good that for the last 2 quarters I felt compelled to send a $20 donation.

        I can't even begin to tell you how bit51 has completely changed my thinking and approach to WP security. This plugin is a stroke of genius and priceless!

        In fact, I just left a webinar where this clown who has been in the IM space and on WF for some time now tried to sell a similar product that was slower, less elegant, and had less features for an exclusive special price of $197.00 that was not yet marketed to the public with a plan to raise that price to $497.00...UNBELIEVABLE!

        Anyway the other responses in this thread are valuable as well, but I really think you should checkout Better WP Security for a free plugin, it has got to be the best value for a security plugin available...but please don't take my word for it check this plugin out for yourself.

        Best of luck!!!!!!
        {{ DiscussionBoard.errors[8143427].message }}
      • Profile picture of the author DelSyllables
        Originally Posted by BeechHill View Post

        You have to be careful in using security plugins that alter the .htaccess files as they also stand a good chance of conflicting with your other plugins.

        You can also add a substantial level of security by using something like this, Hide My WP - No one can know you use WordPress!

        Hide My WP

        This seems like a great plugin for security and to hide information related to your themes and other WordPress details found on the page source.

        But regarding this plugin, I think it changes some of the permalinks.. does it then affect SEO for a certain site? also, what is the difference between keying in the purchase code and leaving it blank.. It seems to work even without the purchase code. Thanks so much!
        {{ DiscussionBoard.errors[8297585].message }}
  • Profile picture of the author Bobby Asburn
    I use Better WP Security which is considered as good one.
    {{ DiscussionBoard.errors[8143879].message }}
  • Profile picture of the author MonitorScout
    I'd recommend you to handle this kind of issues manually and that would be the best approach to deal with this. Instead of downloading too much plugins you can take the following measures:

    1. maintain Strong password. If you aren't using a password that's at least ten characters, with numbers and letters, capitals and lowercase ... you're doing it wrong.

    2. Always keep up with updates. WordPress updates are not just released for the Google News search results. They are released to fix bugs, introduce new features, or, most importantly, to patch security holes. And try to use paid plugins becuase they updated their plugins nstantaneously when a WordPress update is released. So, you never have to worry about your theme breaking.

    3. Protect your WordPress admin access. You should change the name of the default "admin" to pecific admin username is to make sure that every username of your site with administrator access is protected by a strong password.

    4. Guard against brute force attacks. your web host should be helping to protect you from brute force attacks. We do. We regularly monitor where failed login attempts are coming from and then lock out the offending IP addresses.

    5. Monitor for malware ...
    Monitor Scout - Website & Server Monitoring
    50 different checks, SNMP monitoring and much more.
    {{ DiscussionBoard.errors[8144231].message }}
  • Profile picture of the author Sarevok
    MonitorScout is spot on.

    Also, I recommend your password 32+ characters, with special characters, numbers, and lower/uppercase letters.

    More importantly - remove (DELETE) redundant plugins & themes.

    {{ DiscussionBoard.errors[8144317].message }}
  • Profile picture of the author themaab
    Security plugins are great, but they still run code to protect your wp-admin and with brute force attacks that can really slow down your server/site.

    Ultimately the best way to protect you wp-admin and wp-login.php is with .htaccess password protected folders.

    If you google 'Prevent unauthorized WordPress wp-admin and wp-login.php attempts' there is a good article by InMotion Hosting (should be the 1st result) that will show you how to easily do this.

    This is best because it stops the attackers at the web server level (apache) verses relying on PHP or WordPress to protect you (that runs more code)

    Hope that helps!
    {{ DiscussionBoard.errors[8298243].message }}
  • Profile picture of the author muffty
    After hearing a few horror stories of 'hacked sites' I'm very pleased I found this thread and thanks to all above for the information - I'll certainly have to get one of those recommended Free Plugins installed soon!!!!
    {{ DiscussionBoard.errors[8298327].message }}
  • Profile picture of the author Jtraits
    nice tip... i will probably use it so i can have another protection against attacks
    {{ DiscussionBoard.errors[8298491].message }}

Trending Topics