Over the past few months we’ve had a few customer’s WordPress Websites get hacked. This isn’t to say that WordPress is insecure, or that Drupal or Joomla are any better. The most common way for a hacker to enter a WordPress installation is through a Third Party WP Plugin, or theme.
With thousands of plugins out there it’s impossible to control what users install on their WordPress websites. In all likelihood it is a very fine plugin, but it hasn’t been updated in some time, or it was poorly programmed from the get go, riddled with holes for hackers to enter through. Once a hacker identifies a plugin’s weakness it’s easy to then find other WordPress installation that have that same plugin. Rule of thumb is to use only plugins that come from reputable programmers that have shown solid update sequence. Another good practice is to make sure that any unused plugins on your website have been deactivated and deleted.
I’d like to introduce to you three WordPress Plugins that enhance your installation’s security:
WordFence Security – A free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more. We’ve used this on several sites and had great results. It will email whenever it sees any malicious activity on your website. You can set how tolerant you want to be, and have WordFence block IPs based on your tolerance settings, countries, number of login attempts etc…
BulletProof Security – This great plugin will protect your website efficiently against many different combinations of letters I’m not sure I even understand…! XSS, RFI, CRLF, CSRF, Base64, Code Injection, SQL Injection hacking. Once nice thing about BulletProof that I like is that you can add your own list of injection codes to look for.
Better WP Security – This name says it all: it really is one of the better WP security plugins. In just a matter of seconds, any WordPress website’s security can be dramatically improved.
Theme Security with WordPress Security Plugins: While protecting your WordPress Installation is important you should also be concerned about your theme. Many third party themes are pre injected with malicious code. While WordFence will check your theme for malicious code, you should also make sure that your theme is using the latest WordPress Code. That’s where Theme-Check comes in, a plugin that will check all the code in your theme and recommend fixes for you. It’s simple to use and it’s very effective in keeping your theme current.
While we lean more towards WordFence, the others are just as good at protecting your WordPress installation. In the end, remember this: Passwords are NOT security, they are a deterrent. If you were going to have a dog be a deterrent to burglars you would get a Big Ferocious Dog. Make your password Big and Ferocious like: 1%kKErt#27lMt&@q – who’s going to guess that!!!
Now have a great day, and be safe online!