Don’t Get Hacked! 6 WordPress Security Plugins
Written by Ross Tavendale | Posted in WordPress | Posted on 
03-02-2012 | 
40 Comments
Tags: wordpress security
So you have created a nice new WordPress blog. You have completed the famous 5 minute installation in 5 seconds. Picked out a sexy new template and haphazardly stripped out the creator’s attribution links from the footer (naughty, naughty)and started ferociously uploading every plugin you can find about twitter and Facebook. You publish you first couple of posts and feel on top of the world. That is, until one day, you are narcissistically Googling your own website only to find this:
Image Source: http://www.pearsonified.com/
That’s right. The pharma hackers have cracked into your WordPress blog and you are now left looking like a pill pusher.
Bye Bye New traffic.
Fairwell Credability.
Bon Voyage Google Rankings.
So what can you do to increase the security on your WordPress site? Here are the top 10 plugins for your website to protect against spammers and black hat pharma SEOs.
Yes, I know it comes as standard with a WordPress installation but how many of you are going to the trouble of activating the new API key and connecting it to the Akismet database?
The great thing about this plugin is that it actually accesses a database of black listed URLS and IP addresses and stops any bots or spammers from posting links on your blog. It also comes with an option to blacklist certain words and phrases to protect you from having any adult content posted.
This plugin does exactly what it says on the tin. It limits the amount of times a particular IP address can attempt to login to your WordPress site. Although a word of caution, if you are the forgetful type you can find yourself being locked out of your own blog because you have entered the wrong password 3 times. But don’t worry it will let you try again after a couple of hours.
WordPress Firewall
This nifty little plugin stops all sorts of attacks on you r site by determining any unusual requests or parameters within the WordPress code. The plugin claims to stop
· SQL Injections
· Exe file uploads
· Block known blacklist IPs
· A list of parameters and queries that will make your eyes water.
WP security Scan
WP security scan scans the files on your WordPress site to check for any potential vulnerability in the file permissions. For example, if you have a writeable, readable and executable htaccess file, WP security scan will alert you to this fact and suggest the appropriate action in order to fix the security hole.
The great thing about the WP security scan is that it removes any footprints about the WordPress system you are using and also enhances the database security.
This is another self-explanatory plugin but an essential one, nonetheless. The WordPress Database backup allows for copies of the database to be created away from the main database location. This means that even if you website is hacked. You can create a fresh install and repopulate the site with the information on the site previous to the hack.
According to the dark coding wizards that created this one:
“An encryption plugin that ciphers the password using RSA and DES, securing login without SSL”
For the non-programmers out there, this plugin basically scrambles the password when you are typing it into your site. It then sends the scrabbled version to the database which is the unscrambled at the other end. This means that sensitive information is not transmitted; this limits the possibility of hackers gaining access to your credentials.
Loading ...
Twitter: ChrisWiegman
says:
Another one I would like to mention is Better WP Security. It addresses many of the inherent shortcomings caused by both the popularity of WordPress as well as bad code in themes, plugins, etc.
Chris Wiegman recently posted..One Simple Way To Secure WordPress
I’ve been working with WordPress for a while now and to be honest, thankfully, everything is quite well. Although we experience some bugs, but we’ve managed along the way. But we definitely have to look into all this. Which one do you recommend? I think I’ll start with activating the API key since I have personally encountered an error that has something to do with the API a few days ago.
Hannah Hamilton recently posted..The Best Bag for Every Type of Traveler
Twitter: VirdiAmrik
says:
Great tips. It will make my wordpress more secure and safe. Thanks for sharing.
Amrik recently posted..4 Best Blogging Platform For Team Blog
Twitter: ForteProperties
says:
Great post… First i’ve seen like it. I’ve always wondered if there was a way to back up the database without going through mysql and the ftp and all those other areas that are foreign to me. Thanks for sharing!
Chris recently posted..Where To Find Owner Financed Homes Austin
Twitter: SrinivasYReddy
says:
Excellent collection of security tools, Ross. And a powerful reminder for us bloggers to beef up our blog security. I have used and love some of these plugins. The one that’s got my attention here is WordPress Firewall. I think I’d to explore this particular plugin. Thanks!
Srinivas Reddy | Ask Sage recently posted..The Power Of Habit
Another one you may want to add is WP Lockdown – http://wordpress.org/extend/plugins/login-lockdown/
I’m not sure if loading 6-7 security plugins would hamper my site’s speed, any ideas?
Also there are some services which help you remotely backup and restore your blog if its hacked or compromised, but yes it does have a monthly charge
Twitter: techsparx1
says:
hello
Ross Tavendale
very nice info thnx for sharing it security is one of the most important thing in wordpres it will help me to make my work more secure and safe thnx for sharing
vishvast recently posted..Android Apps You Need to Try
few days ago hackers trying ti hack my blog..but due to these plugins i save my blog from hacking..i know only few plugins from list..thanks for share plugins…
Gagan Arora recently posted..The Vampire Diaries S03E13 !StRiCkEr! HDRip Mediafire Links 350 MB.
Twitter: BabyRocasMama
says:
Do I need all six?
Shan recently posted..Stop SOPA, PIPA And Repeal SB 1867: Save Our Personal Freedoms And Constitutional Rights
For me, I do not. However there are quite a few users not familiar with hardening their WordPress install. I just imported the posts from WPAddict, and one of them includes hardening your WordPress install for security.
Twitter: steveborgman
says:
Nile, can you clarify what ‘hardening WordPress install’ means? I do have the WP Database plugin. Is that enough?
Steve-Personal Success Factors recently posted..Now You Can Have Optimism: The Key To Personal Success
Hardening your WordPress install is with applying code to .htaccess file to disallow access to certain parts of your WordPress install by snoopy people.
Twitter: Cocktails_mix
says:
I use some of them.
For my luck, to this day, I don’t have problem with security.
Regards!
Jordan recently posted..Cocktail "Sunny Pina Colada"
Fantastic post! Thank you for all of the advice about securing a wordpress account. It is amazing the steps we have to take these days to keep the hackers at bay.
Thanks for sharing.
Your list is prety log. I am using one one which is really owesome name : login lockdown. It prevent the unnecessory logins to the site.
Tushar recently posted..How to create friendly URL for your Facebook Fan Pages Easily
No one really understands importance of securing your blog unless your website is hacked at least once. I learned this lesson and now each time I create new website I am rally cautious about security.
Thanks Ross for tips!
Mike recently posted..Vocabulary Level E Answers
Thanks for the plug-in suggestions!
One thing that an help with securing your WordPress blog is taking advantage of the ability to customize the config.php file, especially the security keys. This will go a long way into securing your WordPress site.
Joe M recently posted..Some Privacy Required
Hi …The post is really good ….contains lot of useful information will definitely follow your safety tips ..thanks for sharing
Twitter: mahipal26singh
says:
thanks for sharing this post, i m new in blogging and this post will help me. Thanks again!!!
i was used that before!
Twitter: eenstrument
says:
this is some good info, i’ve been looking this plugin for a long time. i got hacked for a several time though -__-
thanks…!
I usually use Akismet to keep my blog away from spam.
Maria recently posted..White Hello Kitty Iphone 4 case – $7.99
Twitter: hoferchristian
says:
Good tip with Askimet but regarding the security settings I feel a bit lost – it’s quite a learning curve when you start out new.
Thanks for sharing and I will follow your recommendations
Christian Hofer recently posted..Passionate Purposefulness – 1
I was never thinking about webs security but is time now. I like plugins
Thanks for that.
Twitter: mark9dotnet
says:
Thanks for sharing an Informatic post.
Mark recently posted..Mirrorless camera: A New Edition in Gadgets Technology Era .
Twitter: canopymarket
says:
Thank you for this information. I am just getting started with our blog and I will be sure to look into these 6 plugins. This is an ever growing problem.
Twitter: raenalynntweet1
says:
Hi Ross and Niles,
Thanks for this practical, useful post on blog security. I use two of the plugins listed, and I will definitely check out a couple of the others. Installing the best security plugins are like not having insurance. You don’t pay attention until it’s breached and too late.
Another parallel is backing up your blog. People create their blogs and do not pay attention to installing a good back up plugin. When there is a glitch or hack and they lose all of their work, all of a sudden it is important. The same is true for security. Protection is a good thing!
Thanks!
Raena Lynn
Raena Lynn recently posted..17 Marketing Problems With Online Marketers
Twitter: webmarketingTOL
says:
I actually developed a WordPress site that got hacked. Nothing as serious as the example in the blog. Somehow miles of code was added to this site and it made a page entirely blank. I haven’t logged into the site for months and the client didn’t either. I guess I was lucky it was minor. I will be definitely be checking out the security plugins. I will play around with them to see which one I like the best. Thanks for posting this. It was quite timely for me.
Brennan Deitsch recently posted..How to Use QR Codes to Market your Business
I think Akismet is the best plugin.. Nice post It’s help me a lot.
thanks for sharing..
prashant recently posted..Galaxy Nexus – Best Samsung smartphone with Android 4.0
Twitter: incomestream
says:
Hello Nile
Hacker attacks across the web are getting more sophisticated every day. Your reminder that if care is not taken,we might be a victim of these hackers is very helpful. Thanks for this list it contains some plugins that I have not been using but am adding to beef up my security.
Thanks
Perry A Davis Jr
Music City
Outside of being hacked through your WordPress install, you also have server level like Denial of Service attacks. Some people are not really targeting you in particular, but may be having fun or exposing a flaw. I remember a couple different hacks that resulted in immediate patch updates for WordPress within hours of many different sites being infiltrated.
Twitter: matthewkinsella
says:
I had never considered this but you are right; a hack like the one you highlighted would kill credibility.
Matt Kinsella recently posted..Paid To Play
Your site’s search results could be hacked and show up to promote inappropriate things. Chris Pearson, who most people in the WordPress community know as the Thesis framework creator had this happen in the past. Since then, he has buckled down on his site’s security.
Very informative article Ross! Never used word press due to fear of security. But after reading this article, i just made up my mind to make a blog site. Can i get a tutorial on these plug-ins. New to word-press so obviously new to its plug-ins. Suggest me please.
Aman Kashyap recently posted..TimeToSpa Coupon & Review
Twitter: LindaCampb80
says:
Great plugins Ross,
The topic of blog security is so often overlooked by people its quite incredible. One plugin you might want to add to your links is “WordPress File Monitor” that allows you to see if any files been changed on server.
This is something I learned by reading this excellent post on WordPress security and it is very comprehensive: http://www.howtospoter.com/web-20/wordpress/triple-p-of-total-wordpress-security
Linda Campbell recently posted..Yeast Cures – Yeast Infection No More Review
Twitter: Lean_Definition
says:
I’m glad I came across this article, because protecting my blog is definitely something that’s been on my mind a lot lately. Too many people in my niche have been getting hacked, and I really don’t want to be the next one.
I was guilty of not getting the API key for Akismet, but for $5/month, why not? I also picked up a few more of the plugins listed, but I did go with a different backup plugin.
Robert recently posted..How Visual Impact Muscle Building Helped Me Lose 20 Pounds
It is very helpful to me this blog…Thank you for all of the advice about securing a wordpress account….Thank you…
http://www.findghar.com
Twitter: sahaali1
says:
Very useful information for every WordPress blogger. Security is really a big issue now. securing a WordPress site is an ever growing problem. but this info will help.
saha recently posted..The iPad3 will be available from 16th March
Interesting information but I suggest to use the manual techniques to protect a wordpress blog rather then an automatic.
Janyson- have you contacted the WordPress Foundation to make sure you have permission to use “WordPress” in your domain URL?