You have got your WordPress blog site up and running and now you hope everything to work forever without any hiccup. But this dream can break at any moment, as there are hackers out there who know how easily they can attack your ‘yoursite.com/wp-login.php’ page and crack your loved ‘admin’ account. So its time to get real and learn about security techniques which can protect your WordPress Website.
Lets check what steps you need to take and best WordPress security plugins which are available for this purpose –
1) Backup Your Website
Yes this is the MOST IMPORTANT point for the security of your website. When every security trick fails and when no other security plugin gets success in stopping the attack, backup is the only thing which can save you.
Based on how frequently you update your posts, you should choose the frequency of backups (such as hourly, daily or weekly). You can take backup of your Database, Content, theme and plugins.
Backups can be done simply using CPanel tools which allows you to backup database, Home Directory and Email Filters. Other alternative is taking backup by using some advance free WordPress plugins –
– BackWPUp Free :
This free WordPress plugin allows you to take scheduled backup of complete WordPress installation on external servers using Dropbox, S3, FTP etc. You can add backup jobs to BackWPUp and schedule them to automatically run periodically. You can choose any interval such as Hourly, Daily, Weekly etc. You can choose what database tables you want to backup, which files you want to exclude from the backup and whether you want it to be compressed or not.
BackWPUp free also allows you to save these backups to a Folder, on FTP, Sent by Mail, or directly to a Dropbox folder. Paid BackWPUp will give you more options for saving backups.
Overall its a great free WordPress backup plugin which can fulfill your all backup requirements.
– BackupWordPress :
This one does not allow data to be saved on third party servers such as Dropbox but its also a well know backup plugin. It gives you all the features which you would expect from a Backup plugin, but definitely not as good as BackWPUp.
This is a great security tools which provides you anti-virus scanning, malicious URL scanning and a firewall. It also shows live traffic and will send you email alerts whenever it detects something unusual.
This plugin will scan your complete website including all plugins and will alert you if any security issues are found.
Only after installing this plugin, I got to know that some hacker from Turkey was trying to hack my Admin account everyday and was being blocked after 20 failed attempts. A must have plugin for keeping an eye on WordPress security issues.
This is one of the best WordPress security plugin.
AllInOneWPSecurity comes with a nice and detailed Dashboard where you see status of all security settings.
Settings of AllInOneWpSecurity is divided into 12 segments –
– User Accounts : This deals with removal of default ‘Admin’ account, removal of identical accounts and password strength.
– User Login : This is very important segment which deals with settings such as Locking Down malicious login attempts, settings max login attempt before locking an IP Range from further login, keep an eye on all user account activities and detect and prevent any fake login attempts.
– User Registration : Show captcha for User Registration and also manually approve all new users before they can do anything on your website.
– Database Security : Change name of your database by removing wp_ from the start of its name. Also it helps you in scheduling Database backup.
– Filesystem security : This allows you to set file read/write privileges, set access permission for files and also keep error log for whole system.
– WHOIS Lookup: This is a small WHOIS lookup utility which can provide you details about any IP Address.
– Blacklist Manager : You can add IP Addresses here which you want to block from accessing your website.
– Firewall : A detailed firewall which deals with basic Firewall protection, preventing Cross Site Scripting attacks, Special Character based attacks, 5G Firewall rules etc.
– Brute Force : This segment specially deals with any Brute Force attack done by hacker or a malicious bot. It changes your default login page from wp-login.php to something else, it also makes multiple security related changes to your .htaccess file and prevents any cookie based brute force attack. It allows you to set Captcha for login window and Lost Password screen. This will prevent any automated login attempts.
As an extreme security measure this segment also gives you option to create Login Whitelist, which will allow only list IP Address to login on your website.
– Spam Prevention : It gives you settings which will help you in reducing spam commenting on your website.
– Scanner : Run a check of your whole website for any malicious change in files, you can also run Malware scan.
– Maintenance : This feature allows you to lock your website from any public access and put it in Maintenance mode. All users trying to access your website will be shown Site in Maintenance mode message.
Better WP Security is a great security plugin with almost same features as AllInOneWPSecurity. It also hides all unwanted information which can be a help to the hackers by making changes to WordPress settings. Scans for any known vulnerability and prevents any attack on your website.
Better WP Security helps in backup and recovery also. However few users have reported this plugin sometimes causes heavy server loads and may cause your website to slow down.
Therefore we would suggest to be with AllInOneWPSecurity for now till ‘Better WP Security’ team fixes these issues.
These are the best security plugins available to protect your WordPress site, but these plugins can not help you if its YOU who is compromising security of website by making mistakes.
The most common mistake is to download plugins and themes from unreliable sources such as some piracy related website or through torrent. These WordPress themes and plugins may have malicious code and will can total y compromise your websites security if you start using them.
So my advice would be do not download WordPress themes/plugins from unknown websites or torrent even if they claim to give you premium themes for free.