The purpose of this post is to help you secure your WordPress self-hosted site by installing and setting up plugins. As of the time of writing this post these plugins have been used with WordPress 3.2.1.
Keeping your site secure or safe from hackers is not always easy but is something you need to be aware of. One thing I encourage you to do just in case your site is compromised is to always have a back up of your files and database. As a start, one plugin that can help with this is named BackWPup ( www.backwpup.com ). You can set this plugin to backup your files and database daily, weekly, monthly, or if you feel even hourly. But you can have it email it to you, save it to another server via FTP, or even save it to your DropBox account.
There are a few steps that you can take from the beginning when you first setup your WordPress site. The first thing to do is do not use the default table alias. WordPress by default will suggest that it use “wp_”. If you are only going to use the database for your site and not add any other tables I would suggest you take it off all together, but to make it even more secure use a different alias.
If you already have a site up and running and just want to take what you have now and make it secure here are the list of plugins and what they do:
- Change the login URL
By default WordPress uses your URL / wp-login. To make it more secure you can change the URL to be used to login. Sometimes people want /manger, /login, or /admin. Whatever it is that you choose you can use one of these plugins to change it from the default
- Ozh’ Simpler Login URL – Link
- Peter’s Login Redirect – Link
- Custom Login and Admin URL’s – Link - Limit Login Attempts
By default WordPress does not limit that amount of tries to log into the Admin. It will instead inform the user instantly that it is not correct and allow them to try again. So using one or even both of these plugins will help you limit this and track what is going on
- Limit Login Attempts – Link
- Login LockDown – Link - Find Out What Security Holes Your Site Is Susceptible To
Run tests on your site to see what security holes may appear in your site. It is a full time job to stay on top of what the latest security risks are out there. So to help know what your problems are run one, or both plugins to evaluate your sites holes and close them up as you can
- Ultimate Security Checker – Link
- Secure WordPress – Link
These are just a few ways you can secure your WordPress site just using plugins. There are other ways that I may expound on at a later time but it requires editing code, editing configuration settings on the server, and even updating the .htaccess on the server.
Bonus Thought:
Another thing that I would encourage all to do that does not make your site a little more secure is in your robots.txt file that you have available to the search engines is to have them ignore your wp-content directory. There is no reason they need to go through these files. To do that you can add the following to your robots.txt file:
Disallow: /wp-admin
Disallow: /wp-includes
Disallow: /wp-content/plugins
Disallow: /wp-content/cache
Disallow: /wp-content/themes
Disallow: /wp-login.php
Disallow: /*wp-login.php*
Allow: /wp-content/uploads
What plugins are you using to secure your WordPress site?
Tags: Open Source, PHP, Web Development, WordPress
For backups, I use WordPress Database Backup. Obviously it only does the Database but you can choose what tables to backup and how often, etc. I’m going to look into the BackWPup plugin though since it claims to do file backups too.
I like this post, really sensible advice. Thank you.
I use the search engine at http://searchwordpressplugins.com to find plugins normally. It offers better searching than the default repository search but searches the same plugins. It is nice being able to filter by rating and how many ratings and whether a plugin has been updated, or excluding broken plugins.
If you have lots of WP powered sites using a single code base and the multisite functionality built into the core is a good idea. That way you only have to update a single copy of WP every 2 weeks or so when they release a new version.