Home / Tag Archives: Improve WordPress Security

Tag Archives: Improve WordPress Security

Best Plugins To make your WordPress Blog Secure

Best WordPress Security Plugin

Thousands of WordPress sites got hacked daily as they are constantly attacked by hackers. Larger firms and corporate companies pay a large amount of money for their site security audit but what should the average blogger do to make his/her WordPress blog secure? Don’t worry; in our previous post, we have discussed 10 easy tips make your WordPress blog Secure, but some steps were difficult enough to perform by an average WordPress blogger or novice user. Here we’ve come up with some best WordPress security plugins to take care of your blog security with ease.

These handy WordPress plugins offers an array of features to make your blog secure against any malicious activity, malware and threats. If you’re serious about your WordPress blog security, you’re at right place.

Advertisements

01. WordFence Security Plugin

Best WordPress Security Plugin - WordFence Security

In the list of Top 5 security plugins for WordPress, WordFence is on the top of our list because of its ultimate features which not only make your WordPress blog secure but also make it fast up to 50 time (as claim by the developers of this plugin) by using Falcon Caching engine.

WordFence make your site secure by doing a deep scan of your blog’s source code of all the files, plugins & themes and match it with the WordPress Official code for themes, core and plugins to know if there is any malicious code there. In case if the plugin found any malicious code or malware in the source code or in the server, it will notify the webmaster immediately you via email notification.

The plugin also let you to set 2-factor authentication through SMS. This prevents your blog from Bruteforce attack. Both free and paid premium version of the plugin are available.

Advertisements

Some handy features of this plugin include:

  1. Improved Login security using 2-Factor Authentication
  2. Let you block traffic from specific IP, Region or Country
  3. Let you block fake traffic and bots with its firewall
  4. Scan the hosting server as well for any malware
  5. Instant Email Notification in case of any Threat.
  6. Make your Site faster using Falcon Caching System.
  7. Scan and repair any damaged file
  8. Multi-site support let you monitor and manage multiple sites from on Dashboard.
    Download WordFence Security Plugin

 

02. Sucuri Security Plugin

Developed by Sucuri Inc, a trusted name in web security, Sucuri Security is the plugin of choice for WordPress used by many bloggers not only to make their blog safe and secure but to track all the activities either safe or malicious by users or visitors. The plugin keep the record of logins and changes to your blog so you can easily identified that what happened in case if something go wrong.

When installed, this plugin is actively scans and protect websites from malicious attacks like bruteforce attacks, DOS attacks, Zero Day Disclosures attacks and many more. In addition to this, the plugin also keep a record of all the activities on your site in a log file stored in Sucuri cloud. The plugin scan your site against various blacklist incorporated from Sucuri Labs, Google Safe Browsing, McAfee Site Advisor and Norton.

Other useful features of Sucuri Security plugin include

  1. Track users / visitors activities and keep them in a log at Secure Cloud
  2. Scan Core WordPress files for integrity and abnormalities.
  3. Website firewall
  4. Malware scanning
  5. Blacklist monitoring
  6. Security activity auditing
  7. Instant Email notification

Note: Not all of the features listed above are free; some availed only on premium version. Download Sucuri Security Plugin

 

03. iThemes Security Plugin

Formerly known as Better WP Security, iTheme is the most robust WordPress security plugins that make your site safe by protecting it from 30+ different angles. The plugin has many small but unique features to keep your site secure such as hiding the username that the hackers can use in bruteforce attack, hiding login page, 2-step authentication, password expiration and Google reCAPTCHA, all to keep your blog safe and secure from hackers and spammers. Both free and premium versions of this plugin are available; here are some robust features of iTheme WordPress Security plugin:

  1. Easy user interface make it easy to use for Novice bloggers
  2. Two-Factor Authentication Using Authy or Google Authenticator
  3. Monitor and record the activity of users to track the changes in WordPress files
  4. Import / Exports Security Setting to save time if you’re using iTheme on multiple WordPress blog
  5. Helps you generate strong Password and to set expiration for existing password
  6. Uses Google reCAPTCHA to protect your site from spam comments
  7. Hide the login and admin pages
  8. Remove user or any other information that hackers can use in bruteforce attack
  9. Scan your site for any malware and vulnerabilities
  10. Helps you to take regular backups of your database
  11. Prevents Brutforce attacks and ban the IP which try brutforce attack on your blog
    Download iTheme Security Plugin

 

04. All In One WP Security & Firewall Plugin

As the Name suggests, All in One WP Security & Firewall is not only the plugin but a firewall to protect your site from malicious activities and malwares. All in One WP Security Plugin and Firewall has many unique features to check and inform you for any actual or potential vulnerability in your WordPress blog security.

Most of the features of All in One WP Security and Firewall are same as offered by iTheme WP Security but the feature which I most like about All in One WP Security & Firewall plugin is the its site security score meter that is added to the WordPress dashboard. The meter gives a score to your blog based on how secure your site is, so you can take some measurable action to further improve your blog security.

Some unique features of All In One WP Security & Firewall includes:

  1. Add Security score meter to your dashboard.
  2. Protect against bruteforce attacks
  3. Lockdown IPs which tries bruteforce attacks
  4. Instant email notification in case of brutforce attacks
  5. Forces Strong password generation
  6. Allows schedule automatic backup of your database.
  7. Adds a firewall to prevent various attacks and security threats like SQL injection, Malicious bots attacks, Bad query strings, prevent CSRF, XSS and many other security threats.
    Download All in One WP Security & Firewall Plugin

 

05. BulletProof Security Plugin

Last but not least, BulletProof WordPress Security plugin has many unique security features that many plugins lack. When installed, this plugins adds Login Security, Database security and a Firewall along with other security layers. With a simple user interface, your WordPress security is a matter of few clicks. The plugin will take care of your blog security and you just relax.

BulletProof Security Plugin limits the failed login attempts in case of Brutforce attacks and ban security scanners, fake traffic and bots, Block IPs and many more. Other then the pro security measures, the plugin also optimize the WordPress blog performance and speed by adding cache.

Some highlighted features of BulletProof WordPress Security plugin are following:

  1. .htaccess Protection
  2. Built-in file manager for .htaccess file
  3. Login Monitoring and Security
  4. Database backups: Full or partial, scheduled or manual
  5. Delete old backups to save your disk storage
  6. Database Table prefix changer to hide and secure it from hackers
  7. Optimizes site performance by adding caching
  8. Come with 3 Theme Skins to look better

Well these all are the features available with free version of BulletProof Security plugins, many pro features are available on paid premium version. Download BulletProof Security Plugin

Some other important security measures

To have better WordPress blog security, also follow and apply these security measures:

  1. Use a Secure Hosting
  2. Keep all the things updates including WordPress Version, Plugins and Themes
  3. Choose a Strong Password
  4. Never use admin as username and hide the user Names from public
  5. Enable 2-Step Authentication
  6. Limit login attempts to prevent brutforce attacks
  7. Don’t ever use any pirated themes or plugins
  8. Take frequents backups of your files and database.

Read here the full article on 10 Easy Tips To Boost WordPress Security

Read More »

10 Easy Tips To Boost WordPress Security 2015

10 Easy Tips To Boost WordPress Security 2015

WordPress.org is indeed the best CMS and the most popular blogging platform that every blogger loves but the thing which I really hate about WordPress is the security issue and its vulnerability to being hacked easily. WordPress is vulnerable because it is an open source CMS where the source code is open to all so the hackers can easily find security holes in it and use it to breach the security of WordPress blog.

On an average more than 60,000 WordPress sites hacked daily which is almost two third of all websites hacked in one day. Well this is a serious issue which most of WordPress bloggers don’t really care about, and if you too, don’t take the security of your WordPress blog security seriously, you may be the victim one day.

Advertisements

But don’t be panic, having little efforts will make your site and important data safe. Here are 10 practical tips to secure your WordPress site.

01. Secure Hosting

Almost 41% of all the WordPress blogs got hacked because of vulnerable hosting they have used. It’s a huge percentage so the hosting must considered first in order to make your WordPress site secure.

From the day first, opt for a secure web hosting service for your WordPress blog rather than going for cheap hosting. Remember, your WordPress blog is as secured as your hosting therefore look for the hosting services that keep security on priority. Do some background search and read the reviews regarding the hosting company you are about to host your site on. They may cost you bit more but make it sure that your WordPress blog is on secure place in safe hands. A secure hosting is one with following features

  • Web Application Firewall
  • Support for latest PHP & MySQL versions
  • Account isolation
  • Intrusion detecting feature

 

02. Updates WordPress Version, Plugins and Themes

Don’t ignore “Please Update Now” message showing on your dashboard or your WordPress site will be open to hacker’s attacks. Every updated version of WordPress comes with fixes and patches for the possible or potential vulnerabilities along with other features. If you are using the older WordPress version, hackers who knew the security issues of may target you blog.

The same is true regarding WordPress plugins and themes. So every time you got a message to update a plugin or theme, don’t ignore it.

10 Easy Tips To Boost WordPress Security 2015

03. Choose Strong Password

Weak password is another most common risk factor accountable for 8% of total WordPress hacks. Needless to say, a password like “america”, losangeles” “qwertyu”, “asdfg12345” is easy to guess and can be easily broken with online password breaking tools that apply thousands of password or word combination in a second.

Here are few tips to make strong password

  1. Use mixture of alphabetical and numeric characters.
  2. Use both upper- and lowercase alphabets as the password is case sensitive.
  3. Use different symbols in password like $%*&! (don’t sue spaces)

Read here Google suggestions regarding strong password Or alternatively use password manager application like LastPass or KeePass (free) which will generate and remember strong password for you.
See the strength of your existing password here at GRC

Advertisements

04. Never use admin as username

Along with a strong password a strong username is also crucial. By default WordPress site has “admin” as username for administrator which is easy to guess and hacker attempt repeated logins using “admin” as username with list of common passwords. If you too, use admin as username, your blog is at risk of malicious attacks. Change it to an uncommon user name.
Note: After the WordPress 3.0 update, users are now allow to choose own name instead of admin.

05. Hide user Names

Well you may change the username from “admin” to another name but hacker can still gain access to your username via author archive page on your blog. So you must hide it from the hackers by configuring the user’s table in Database.

To hide the username form hackers, you need to change it in wp_users table. For this you have to access your database using phpMyAdmin. Look for wp_users here you’ll see a column user_nicename with list of users. Click on the username and change it to something other then the real username. For example if the username is johnsnow, change it to something like jhowsn.
Read the article regarding hiding your username here

 

06. 2-Step Authentication

You may have had enable Two Factor authentication feature on your Gmail ID where after login, a code is sent to the given phone number which let you access your Gmail account from a different PC or device.

If you apply the same 2-Step Authentication to your WordPress blog, there will be significantly improvement in your blog security. However 2-step authentication is not an inbuilt feature of WordPress, you have to use third-party plugins to enable this feature on your WordPress blog. One of the best ways to enable 2-factor authentication is to use Clef Two-Factor Authentication while the other plugin is Authy. All you need is to install one of these plugins, register on their respected sites, proved the phone number and you’ve done.

 

07. Limit login attempts

Sometime hackers or bots try to crack WordPress blog password by brute-force attack via online or offline tools by applying combination of thousands of usernames and passwords. Although they might not always successful in cracking your password but still if they do it, you may lost your blog and data. To avoid such attacks, a good solution is to limit the number of login attempts from the same IP. Again, this feature is not available in WordPress by default but plugins will do it for you. A list of plugins available in WordPress plugins directory that allow you to specify the number of failed login attempts from an IP. Just try one of the following plugins

 

08. Don’t Use pirated themes and plugins

Pirated Premium WordPress themes and plugins are easily available at file sharing or torrents sites but don’t ever use such pirated WordPress themes or plugins. These themes may have malicious code or script hidden in them which upon installation to your WordPress theme or plugins directory may render severe harm to your WordPress blog.

Even be conscious to use free themes offered by an unknown source or developer. It is better to pay some $$ to buy premium WordPress theme rather then to lost your data forever. Or if you want to use free themes, use one from the trusted companies or those available on WordPress official theme repository. Similarly use only plugins that are listed in WordPress.org plugins directory as they are test and evaluated for any malicious code

 

09. Use A Security plugin

After all these tips, you can still make your WordPress blog security tight by adding an extra layer of protection using a security plugin. Just explore the WordPress plugins directory for some handy security plugins. These plugins will add an extra layer of security to your blog, protect your blog from malware and will regularly scan your blog for any malicious code or unusual activity. Both free and premium security plugins available there, choose the one which is most trusted and rate by other WordPress users and has the features that best suit your requirements.

Some of the handy Security plugins available at WordPress plugins directory are:

  1. All in One WP Security and Firewall
  2. BulletProof Security
  3. Better WP Security
  4. Exploit Scanner
  5. Wordfence

 

10. Take frequents backups

Take a backup of your WordPress blog before it’s too late. Even after all the safety measure you apply to improve your WordPress blog security, there is no assurance that your site is 100% safe, so you need to be prepared for the worst happen.

Being a WordPress blogger, it’s crucial to take regular backups of your blog so in case if something wrong happen with your blog or if your WordPress blog is being hacked, you can easily restore all the data and can re-establish your site to its previous glory.

If you are a novice blogger and don’t know much about the backup process of your site data, don’t worry, there are some handy plugins that might help you in this regards. Some of these plugins includes

Some hosting services provide backup feature to take backup of website or blog on routine basis. Checkout your site’s cPanel to see if this features is provided to you by your hosting provider.

Read More »

Scroll To Top