In the last year I have had two web-sites hacked into, one personal site and one ministry site. Both of them were WordPress web-sites and since then I’ve made some changes with how I secure my WordPress sites.
When securing your site you want to look at a few different things including:
- Content Management System (CMS)
- Database
- Passwords
- Server
Security Plugins
Here are the security plugins that I use to secure my sites:
- Limit Login Attempts – Limits the number of login attempts to the administration area of the web-site and blocks by IP or cookies after a certain number of failed attempts.
- Secure WordPress – Performs basic security checks on your WordPress installation and makes suggestions for better securing your site.
- WordPress Firewall 2 – Monitors web requests and blocks obvious attacks.
- WP Security Scan – Performs security scan of your WordPress installation.
In addition to security of your site you also need to make sure that you have up to date backups.
WordPress Backups
In addition to the security plugins I also make sure that I have automated backups set-up of my site. When backing up you need to make sure that you back up all important files including:
- Database
- Uploaded Content
- Themes
- Plugins
I explain how to set this up in another article that I wrote, WordPress Backup in Only 8-Minutes.
WordPress Updates
Keeping your WordPress installation up to date is also very important. Although WordPress hasn’t had any major security holes since versions 2.7 you should still update it regularly.
One of the things that I really like about WordPress is how easy it is to apply the updates. It’s one of the reasons why it is my CMS of choice.
Deciding when to update WordPress can be challenging. I find that as you use more plugins or heavily customise your theme you increase the chances of something breaking when you do an update.
Usually the “smaller” updates (0.0.x) can be installed without problems. The larger updates though (0.x.0) have a higher chance of breaking things, so I usually wait a few weeks and take the time to check for plugin updates before moving ahead with those upgrades. Having a beta or test site is very beneficial and I do that with the main ministry sites that I am responsible for.
Secure Servers
A lot of your security also depends on your web host server. There are many quality web hosts out there but my personal choice is HostGator. All of my dealings with them have been good and I have not had any server related security problems since I started hosting with them.
One challenge with the shared hosting that I use through HostGator is that there are other people using the shared server. To really boost security you can go with a Virtual Private Server (VPS) or a Dedicated Server. Both of those involve higher cost than a standard shared hosting account but come with a more secure set-up. You can get both of these services also through HostGator.
Lock image by kchbrown
Thanks for this post!
I am experimenting with those plugins now. I haven’t been a target yet, but I run a bunch of wordpress sites and have been thinking about security lately.
Blessings,
Jon
Just curious, do you know anything about Bluehost.com and security? Have you used any besides hostgator?
I have heard good things about Bluehost.com.
The other host that I had bad experience with is 1 & 1 Internet. I would not recommend them to anyone…
Great post Bill!
Thanks @mattnnat photographers I’m glad you found it useful. I was actually surprised at how many attacks the plugins picked up that I was completely unaware of…
I’ve been using these plugins for a while now. It turns out that WebsiteDefender has replaced two of the plugins that you mentioned here (Secure WordPress and WP Security Scan) with one plugin that does both of those things and more. It is called Website Defender WordPress Security. You can read my questions to them about this here: http://www.websitedefender.com/forums/websitedefender-general/websitedefender-wordpress-security-secure-wordpress
The other two plugins are still available, probably because they are supporting their former users, but the new one covers it all.
🙂
Here is the new plugin link: http://wordpress.org/extend/plugins/websitedefender-wordpress-security/
Blessings!
Jon
My Uncle Jayden recently got an almost new silver Nissan ..see it here=====5newtime.ℭomllllllll
My Uncle Hayden got an awesome metallic Volvo S60 T6 R by working part-time online. see it here=====5newtime.ℭomllllllll
jfjiodjfj
My Uncle Hayden got an awesome metallic Volvo S60 T6 R by working part-time online. see it here=====5newtime.ℭomllllllll
like Curtis said I can’t believe that any body can make $8668 in one month on the internet .see it here=====5newtime.ℭomllllllll
Ella . even though Rita `s storry is really great, last thursday I bought a gorgeous Dodge after making $5825 this past 5 weeks and-just over, ten-grand last-munth . it’s actualy my favourite-job I’ve ever had . I started this six months/ago and immediately was bringin home at least $76 per-hr .
see it here=====social36.ℭomllllllll
Ella . even though Rita `s storry is really great, last thursday I bought a gorgeous Dodge after making $5825 this past 5 weeks and-just over, ten-grand last-munth . it’s actualy my favourite-job I’ve ever had . I started this six months/ago and immediately was bringin home at least $76 per-hr .
see it here=====woltcash.ℭomllllllll
up to I looked at the paycheck 4 $4498 , I have faith that…my… sister was actually earning money in their spare time on their laptop. . there brothers friend haz done this 4 only about seventeen months and at present cleared the depts on there cottage and bourt a great audi .
see it here=====woltcash.ℭomllllllll
I am making a good salary from home $1200-$2500/week , which is amazing, under a year ago I was jobless in a horrible economy. I thank God every day I was blessed with these instructions and now it’s my duty to pay it forward and share it with Everyone, Here is I started,,,,,, http://www.woltcash.com/
?pt? I ?aw the ba?? draft which ?aid $4076, I have faith …that…my ?eighb??r? m?ther wa? tr?ley bri?gi?g i? m??ey i? their ?pare time at their lapt?p.. there be?t frie?d ha? bee? d?i?g thi? f?r ??ly ?i?etee? m??th? a?d re?e?tly paid the l?a?? ?? there mi?i ma??i?? a?d p?rcha?ed a ?ew Alfa R?me? http://www.woltcash.com/