Ash Blue Web Design

WordPress Security Plugins and Precautions

Lets say that on your way to work a very shady man with a brown paper bag over his head follows you. Before entering your workplace, he asks for your social security number and credit cards. Willingly you hand them over to him… why would you do that? In the same way why would you leave your WordPress installation open for hackers? A security failure can put your users private information at risk, hijack all transactions, and turn your email accounts into porn spam machines. Perhaps your website has already been hacked and you don’t even know it. Below I’ve listed some plugins and tips that will make WordPress’s simple security more like a mobile fortress.

Security Plugins

Secure WordPress

If you only install one security plugin this is it. Its even compatible with versions of WordPress that haven’t been released yet. To keep hackers out it starts by masking your version of WordPress. Knowing your version allows them to exploit security flaws and bugs, especially in older versions. One of its coolest features is that you can add a simple snippet and run a scan of your website through WPSCAN. It also prevents people from being able to peek into your file directories by inserting a blank index file.

Limit Login Attempts

Lets be honest, accessing anybodies WordPress admin area is much easier than stealing eggs from the easter bunny. So, why can’t a bot figure out your login credentials through inserting an infinite number of password and username combinations? If this doesn’t scare you it should, which means you definitely need to do something about it! Limit Login Attempts will shut down anybody who fails X number of logins from a specific IP address. It keeps a log of all failed IPs, emails you in the event of a lockout, and is the perfect solution for keeping nosy relatives out of your admin area.

WP Security Scan

From the creators of the All In One SEO Pack plugin comes WP Security Scan. Its an amazing plugin that examines your WordPress installation to make suggestions for increased security. This is a very powerful plugin that should be used with caution. Version support appears to be a little dodgy too, in addition to the fact that searching for security vulnerabilities means whenever WordPress upgrades its core security, the plugin may break. Pros and cons I guess, but it gets the job done and helpes you to sleep better at night if your paranoid enough about security.

WordPress 3.0 Security

For the new version of WordPress its more about eye candy and CMS usability than it is security. A little bit of a disappointment, but the new CMS features look pretty darn good. They did announce that soon WordPress will be converting over to PHP 5 completely. No more support for PHP 4 is a security upgrade all by itself. PHP 5 only is really going to suck for all the PHP 4 plugins out there though.

Extended reading

• WordPress Dumping PHP 4 Support
• Smashing Magazine: Web Security