by ArielT
17 replies
  • |
Hello, what is the easiest and effective way to protect a wordpress site?

I'm using the Twenty eleven theme and Hostgator
#security #wordpress
  • Profile picture of the author threezerozero
    currently, im using Better WP Security (link provided)

    WordPress › Better WP Security « WordPress Plugins

    very thorough in my opinion and its free. havent had any problems with it yet. its easy to use and the dashboard is pretty straightforward.
    {{ DiscussionBoard.errors[6707208].message }}
  • Profile picture of the author Leveragist
    Limit Login Attempts is a MUST-HAVE:
    WordPress › Limit Login Attempts « WordPress Plugins

    Before installing this plugin, my sites were hacked. After installation? Not once!
    {{ DiscussionBoard.errors[6707240].message }}
  • Profile picture of the author ArielT
    Well, I've been searching in Google and I found many options...reading the answers I think I could clarify this better about a simple and effective way as possible
    {{ DiscussionBoard.errors[6707256].message }}
  • Profile picture of the author rising_sun
    Use BulletProof Security,It can protect your site against XSS, Code Injection and SQL Injection hacking attempts,RFI, CRLF, CSRF, Base64.

    You can get manual from
    {{ DiscussionBoard.errors[6707397].message }}
  • Profile picture of the author AnilK
    Check out this presentation is a good starting point:
    {{ DiscussionBoard.errors[6707682].message }}
  • Profile picture of the author freelanceronline
    Check these Free Plugins for complete security of your WP website.

    WordPress › Secure WordPress « WordPress Plugins
    Secure WordPress is extremely essential for every website, and you can obtain this plugin free of cost, without the need of any initial configuration. Some of the essential features of Secure WordPress include the following benefits:

    WordPress › Exploit Scanner « WordPress Plugins
    This plugin looks for any suspicious information by scanning through your website, and in the posts and comment tables of your database. However, this plugin can raise several false positives.
    WordPress › WordPress Firewall 2 « WordPress Plugins
    The use of the WordPress Firewall 2 is to automatically block the most common hacker attempts.

    AskApache Password Protection, For WordPress
    AskApache Password Protect is designed to fend off brute force attempts to access your admin page. Bots are programmed to make repeated attempts in rapid succession to guess the password. AskApache Password Protect plug-in adds a second layer to the password process so these attempts never actually get rolling. It also provides protection to all of your database folders, not just the wp-admin folder.

    WordPress › WordPress File Monitor « WordPress Plugins
    The main use of this plugin is to notify you through email about any changes that have been made in the files on your WordPress site. It will also help you to identify and erase the infected code on your website.
    {{ DiscussionBoard.errors[6707711].message }}
  • Profile picture of the author ArielT
    I've just read an article out there and found a recommended plugin that seems to cover many security issues, the name is Better WP Security, I'd think just with this would be enough...but I'm not sure...I'll continue researching
    {{ DiscussionBoard.errors[6707762].message }}
  • Profile picture of the author JeffreyBenson
    Protect? Hmmmm. Well, the most basic and even simplest way to protect your site is not to tell anybody what is your username and password.
    Learn How To Save Up To 90% Off Your Facebook
    Advertising Costs While Getting More Targeted
    Traffic And Converting More Leads And Sales Fast!

    Click Here To Watch The Video Now
    {{ DiscussionBoard.errors[6707922].message }}
  • Profile picture of the author seanocoso
    I receive an enormous amount of spam on my wordpress site, thats my main issue. I just have to delete and avoid following any comments.
    {{ DiscussionBoard.errors[6708024].message }}
  • Profile picture of the author KillerJVs
    There is a powerful plugin on the forum for sale at the moment called WP Optimix and its being called the best plugin for security around by some very well respected warriors...

    I use it on all my sites at the moment for so much more then just security...

    {{ DiscussionBoard.errors[6708094].message }}
  • Profile picture of the author ArielT
    KillerJVs, thanks for the comment, although I don't know how good would be the plugin you mention, I'll take a look at it to evaluate it
    {{ DiscussionBoard.errors[6708124].message }}
  • Profile picture of the author MichaelNech
    Don't forget to also look into backing up your site. It's nice to know that your site is protected, but it's even better to take a step further and use a back up plugin in case you need to restore it.

    There are quite a few solutions out there, I personally use BackupBuddy and am quite pleased with it.

    {{ DiscussionBoard.errors[6709412].message }}
  • Profile picture of the author threezerozero
    ^^^ Better WP Security backs up your site automatically (on a schedule). its a good all around security plug in...that takes care of most security issues.
    {{ DiscussionBoard.errors[6709464].message }}
  • Profile picture of the author Chris Thompson
    The easiest way to protect yourself is two-fold:

    1) Keep regular backups of your database and your files (uploads folder)
    2) Understand how to do open heart surgery on Wordpress so you are comfortable dealing with a hack.

    These are both very easy to do, and especially #2 is important so you feel that you know what you're doing.

    My I recommend this podcast:

    (See the notes pertaining to the podcast also. Some very important stuff there)
    {{ DiscussionBoard.errors[6710280].message }}
  • Profile picture of the author andersvinther
    Originally Posted by ArielT View Post

    Hello, what is the easiest and effective way to protect a wordpress site?

    I'm using the Twenty eleven theme and Hostgator
    You can also have a look at the WordPress Security Checklist I have written... you can get it for free at The WordPress Security Checklist

    Visit WordPress Security Checklist for a FREE comprehensive guide on improving your security.

    Visit Easy-Email for the solution to all your email problems.

    {{ DiscussionBoard.errors[6723400].message }}
  • Profile picture of the author Kingfish85
    I'd like to add that even installing all of these plugins is not going to "secure Wordpress" completely.

    Blindly installing a bunch of junk is not going to help. There are plenty of ways around EACH of these plugins listed. If you want real security, consult with a security professional.

    Here's my best advice, from a web host who deals with WP security issues on a daily basis:

    Use only what you "need". Don't install plugins for simple tasks like adding Google Analytics code.

    Use long, non-dictionary passwords with uppercase, lowercase, numbers & special chars.

    Use an additional password method for your wp-admin directory

    Move the config file

    Some will tell you to change the prefix in the database....which is a waste of time.

    Make sure your web hosts actually secures their servers "correctly".

    Stop blasting your website to shady directories,blogs forums etc.

    The list goes on...
    {{ DiscussionBoard.errors[6723497].message }}
  • Profile picture of the author ArielT
    Kingfish85, I was thinking in using only Better WP Security, but now I'm thinking maybe I use only a plugin that block more than 3 login attemps or so, and make some other things manually like buck ups and some others tricks, que do you think?

    I really don't like the idea of installing lots of plugins, and I've read out there that turn slower the site

    And of course that tips of the passwords you mentioned

    Why do you think changing the prefix is a waste of time? I'm curious
    {{ DiscussionBoard.errors[6723814].message }}

Trending Topics