So last week I talked about the enormous pain in the a*s you will be faced with if when your WordPress site gets hacked. Trust me when I tell you it’s not something you want to deal with. On Thursday I talked about the importance of starting out with an unguessable, unhackable username and password…something not enough of us take seriously.
You can catch up by reading that post about WordPress login security here. Today, though, I’m going to share a few of my favorite WP plugins with you that you can either snag yourself or ask your web developer to install for you.
Now, there are tons of plugins out there that claim to secure your site but I can only vouch for the ones I use on the blogs I manage for myself and my clients.
Best WordPress Security Plugins
WP Security Scan: Their site claims that this plugin, “Scans your WordPress installation for security vulnerabilities and suggests corrective actions. –passwords – file permissions – database security – version hiding – WordPress admin protection/security.”
WP Malwatch: According to their site, “WP Malwatch is a WordPress security plugin scanner designed to help alert you when hackers have been at work inside your blog.
Bad Neighborhood Login LockDown: From their website, “Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Administrators can release locked out IP ranges manually from the panel.
AntiVirus: This basically is a plugin which will provide antivirus protection for your blog.
As I mentioned, I’ve seen these plugins work and I recommend you install them…sooner rather than later.
Now another important thing to do whether or not you are worried about your blog being hacked is to do regular backups.
BACKUP BACKUP BACKUP. I can’t say it or stress it enough.
Even if your site, database or server gets hacked, if you have a good backup of your site files AND the database, at least you have a fighting chance of restoring everything with only some minor headaches.
My favorite backup plugin is WP EZ Backup. It allows you to backup archives of your site file as well as your database, all from your WordPress dashboard.
If you’re relying on your web hosting company to backup the files on your server, then you’re going to be very surprised when you actually have to contact them one day because:
- Unless your hosting company specifically tells you they do daily backups, which is highly unlikely with most hosts, then you are going to be limited with what they have. It might be weekly, monthly, or even longer intervals in which they perform backups on your server.
- You will probably have to pay a hefty amount for them to restore a backup.
- You just lost any custom changes you made to your site or blog since that backup point.
- There is no guarantee your site wasn’t infected at the time of that backup point.
You must make or schedule backups of your files regularly. Just as you should be doing with your computer, this is key to keeping your files safe, secure and up-to-date.
Database Backup
Backing up your database is even more important than backing up your files. Why? Because everything you enter into WordPress (i.e. pages, posts, comments, registered users, activated plugins, WordPress options, etc.) is stored in a database. If your database is lost, corrupted, or hacked into, you will lose all that information or spend the next few days or weeks cleaning it up.
Trust me. It’s not fun but you can avoid a major pain in the a*s by being backed up regularly. Errr…
Anyway. Tune in again on Thursday when I share some extra tips on securing your WordPress blog.
