Every blogger loves to put his fingers on the keyboard and crank out an amazing post. Backlinks, blog promotion, and interacting with the folks who come to the blog are all part of the allure of running a WordPress website. However, the dark side to WordPress is its security. If you plan on building your site out and becoming popular in your niche, be prepared for hacking attempts. These plugins will help ward off would-be troublemakers:
This plugin does a number of things, but its strength lies in its diversified approach to protecting your blog. First, the plugin tries to obscure important blog information from prying eyes. It does this by removing the meta “generator” tag, allows you to turn off the ability to log in for a given time period (they call it “away mode”), removing the Windows Life Write header information, removing RSD header information, changing the ID on the user with ID 1, changing the WordPress database table prefix as well as a few other neat tricks. Probably the best feature for obscuring lies in the plugin’s ability to move your login, dashboard, and admin page and give it a custom URL address. If hackers can’t find this, they can’t even attempt to log into your site.
The second layer of protection is “protect.” Hiding your site is great, but it won’t stop hackers from using more savvy methods of obtaining access to your site. After hiding sensitive areas, the plugin attempts to block users that shouldn’t be accessing your blog. It scans your site and informs you of vulnerabilities and then allows you to fix them quickly. You can ban bots and other hosts, ban user agents, and prevent brute force attacks by banning hosts and other users with too many invalid login attempts. It can even detect and block numerous attacks to your filesystem and database. You can also turn off file editing from within your WordPress admin area (good if hackers gain access to your FTP information). Finally, it allows you to force SSL level security for admin pages and any page or post on your site.
The “detect” level of security scans your WP site and alerts you of any attempts made by users to search for vulnerabilities on your site. It also monitors your filesystem for any changes.
The “recover” level of security for this plugin makes regular backups, and allows you to email them to yourself on a set schedule in the event that the unthinkable happens – your site gets taken over. This way, you can be back up and running in no time.
Antivirus for WordPress is pretty simple to use. That’s good, because it does a lot of work behind the scenes to protect your blog. First off, it scans your WordPress templates to look for malicious code. It’s amazing if you use any free themes (which you should consider customizing or dumping in favor of custom WordPress themes to eliminate malicious code injection).
It also gives you a virus alert in the admin bar when something suspicious is found, cleans up after plugin removal, does a daily scan with E-mail notifications, checks your database and theme templates periodically, and allows you to manually check template files in addition to the automatic scan.
EZPZ One-Click Backup
Most backup programs only back up the database. This is a good start, but what about your themes? If a hacker were to gain access to your site, your custom settings, settings for plugins, and all your tweaks to the site could be lost. Your data would still be backed up, but your CSS and everything else would be gone forever. Enter EZPZ one click backup. It’s one of the few plugins that backs up everything on your site – one click and everything is backed up and emailed to you. You can also set up scheduled backups and have them E-mailed to you on a set schedule.
This is one of the more complex security plugins for WordPress. However, as the name suggests, it makes your site bulletproof. The plugin cooks with gas by using the .htaccess website security files. While the programmers say that the plugin is simple to use, there are some customizable features that allow you to set things just the way you want. The complexity is, thankfully, hidden behind a virtual curtain while fully protecting you from code injection, XSS, RFI, CRLF, Base64, and SQL injection hacking attempts.
WP Security Scan adds another layer of protection to your WordPress blog. It scans your site, and checks WordPress for any security vulnerabilities and suggests corrective action if it finds anything. It may suggest changing your password, file permissions, or database security for example.
While security plugins are a must for any serious blogger, they do not guarantee that your site will not be hacked or attacked. Most amateur hackers will probably pass over a site that is too difficult to crack. That should protect you from most threats until or unless you become large enough to hire your own on-site security team.
Author Bio: David Kendall contributed this guest post on behalf of WhoIsHostingThis.com – click here to find out more about their hosting reviews. David is a freelance technology writer whose articles appear on various marketing blogs.