google-site-verification: google5a04406e090cac5e.html

3 WordPress Security Plugins

The following are examples of security plugins with fairly high ratings. I am giving Wordfence a trial run right now after using WPSecure for some time, as I went over to wordpress.org to get some data on WPSecure and this message was posted on the plugin’s info page:

This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

I’m glad that I checked on it. It probably hasn’t been protecting my site for some time.  But this is why I use Bluehost for hosting my sites.

1.  Wordfence Security

As of this date, this is one of the top rated security plugins.

  • Version 5.3.3
  • Updated 2014-11-20
  • Downloads 3,962,003
  • Average Rating  ♥ ♥ ♥ ♥ ♥ 

Wordfence Security is either free for the basic security (which is enough for most people) or you can purchase a premium version. This security plugin includes a firewall, anti-virus scanning, and malicious URL scanning.

Wordfence starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster. Wordfence Security is 100% free.

To learn more about Wordfence, click this link:  http://docs.wordfence.com/en/Wordfence_Official_Documentation

2.  BulletProof Security

BulletProof Security is designed to be a fast, simple and one click security plugin to add .htaccess website security protection for your WordPress website

Compatible up to: 4.1
Last Updated: 2014-11-19
Downloads: 1,374,100
Average rating:  ♥ ♥ ♥ ♥ ♥

  • One-click security protection
  • Automatic .htaccess file updating on upgrade installation
  • htaccess file backup and restore
  • Built-in File Editing, File Downloading and File Uploading
  • Custom Code feature permanently saves and writes your personal custom .htaccess code
  • Backup and Restore customized / modified .htaccess files
    .

 3.  WordPress Antivirus

Compatible up to: 4.0.1
Last Updated: 2014-11-27
Downloads: 688,960
Average rating: ♥ ♥ ♥ ♥

Useful plugin that will scan your theme templates for malicious injections. Automatically. Every day. For more blog security.

WordPress Antivirus scans WordPress themes for WordPress permalink backdoor malware. Also, this plugin scans all theme files for malware injections and vulnerability. This plugin scans files daily and can notify your via email.

  • Virus alert in the admin bar
  • Cleaning up after plugin removal
  • Translations into many languages
  • Daily scan with email notifications
  • Database tables and theme templates checks
  • WordPress 3.x ready: both visually and technically
  • White list solution: Mark suspected cases as “no virus”
  • Manual check of template files with alerts on suspected cases

These are just a sample of what’s out there in terms of security plugins.

As always, do your due diligence when installing any plugin. Check the ratings, the feedback, the number of downloads, and the developers.

What are you using to protect your site?  Leave a comment and let us know.

 

;

How Secure is Your WordPress Site?

imagesI’m writing this post on the heels of the recent WordPress critical security update. If you missed the announcement, then I am speaking to you in particular.

This recent update was due to a WordPress security breech that could result in your site being compromised in serious ways.

You can read about the update here WordPress.org update announcement, but come back and finish reading this post. It contains vital information that you need to keep your site free from bots, hackers, and other entities that could seriously hurt your business.

Keeping Your Site Safe Requires Your Vigilance.

Here’s how:

WordPress Updates

Update your WordPress site as soon as you hear about the update. Once there’s a WordPress update/announcement, you’ll see it on the dashboard of your site.  You’ll also see an alert beside the dashboard link over to the left.  Go there and follow the very simple instructions.

Plugins and Themes

Your plugins and themes (templates) must be kept up to date. They actually add code to your site that hackers can exploit if your plugins and themes are not regularly maintained. Again, you’ll see the information your need on your dashboard and the very simple instructions.

Change Your Passwords

Changing the password on your site needs to be a regular part of your site maintenance.

  • To change the password, look to the top right area of your site where it says “Howdy,  your name”, and hover there.
  • In the drop down menu you’ll see the Profile link. Click that link and you’ll be taken to your profile page.
  • About half way down you’ll find a section where you can enter, and then confirm, your new password.

Backup Your Site Regularly

You can install a plugin that will back your site up, but if you’re hosted with a reputable company, there should be an option whereby your site is backed up automatically.  There are times when your site is too large for the automatic backup, but there should be an option where you can go into your hosting and back your account up. When you back your site up, your files and databases are stored so that if there is an attack you can restore your site.

Here’s a checklist of actions to take on your WordPress site to ensure that your site and/or business cannot be hacked.

  • Update to latest WordPress version

Here’s a vid to show you how:

 

  • Install security plugins on your WordPress site
  • Perform all plugin updates
    • Delete and uninstall old or unused plugins
  • Change your passwords regularly
    • Use a different password for each site you own
    • Use random passwords that would be very difficult to guess
    • Do not share your WordPress passwords, but if you do share it, change it immediately after use.
  • Set up separate permissions for each user on your site.
  • Back up your site files on an automated and regular schedule
    • Store your backups in more than one place
  • Use only secure internet connections
  • Never download anything you’re not sure about
    • Do not download plugins that you’ve not researched, and by that I mean research the developer/authors. If it is offered at WordPress.org, you are fairly safe. If it’s offered on a private site, do your due diligence in researching the background of the plugin/developers. There are perfectly legitimate developers out there who create awesome plugins and there are lots of sketchy developers too — you just need to know which they are.
  • Purchase reliable and recognized web hosting

[bha size=’160×40′ variation=’01’ align=’aligncenter’]

Overwhelmed and need assistance?  Click here to contact me

 .