In this day and age, hacking is prevalent, and at some stage it is likely you’ll get your website hacked, or at least have some suspicious looking activity.
There are some great plugins to help lock down your site, and in addition to this, some scripts and server configs you can do to minimise the possibility – and there’s always a possibility, if someone wants to get in to your site bad enough, they will probably find a way.
The tools I would reccomend for a WordPress website, are:
Better WP Security
This plugin allows you many options to secure your site:
- Remove the admin user
- Change your database tables prefix
- Secure your .htaccess file
- Secure your website from brute force attacks.
- Limit the availability of the administrative dashboard
- Hide the admin area
- Enfore secure passwords
- Block long URLs used for exploits
- Remove header info
- Hide updates and version info from non-administrators
- Secure the site from attacks by XSS.
- Require a secure connection for logins
- Remove editing rights for theme and plugin files from the backend.
- Rename the wp-content directory of your site.
You’d think with the above list the site would be pretty secure, but I then installed and ran the next plugin, Ultimate Security Checker which revealed a number of issues still and didnt give me a great score.
Ultimate Security Check
This plugin is probably my highest reccomendation as a security plugin. It scans your website and gives you a points rating, and lists the issues that are outstanding with your site. You can then click on the “How To Fix” tab for instructions on resolving the issues. Fix, scan, check, repeat. Get the highest point score you can.
WP File Monitor
This nifty little plugin keeps track of any changes/edits or deletions of your files and sends you an email to advise what’s changed. Very useful if there has been malicious activity on your site.
Additional Security Measures
In addition to these plugins, I reccommend adding the 5G Firewall to your .htaccess file, and then locking down your server (if you’re using Apache, which is likely) by following this guide from Pete Freitag.
Know of other good security plugins, or got some tips to lock things down further? Let me know!