Occasionally I like to recommend WordPress plugins since it is the most widely used blogging platform. In this post I am going to recommend a few plugins to help you better secure your WordPress platform.
UpdraftPlus Backup/Restore – If you have read any of my previous blog posts, you will know I have used a lot of different WordPress backup plugins in search of the perfect backup plugin. Lately I have been using UpdraftPlus in conjunction with a free Dropbox account. I am not ready to call it perfect, but so far it has proven to be very easy to use. You can use it in combination with many different backup programs like Dropbox, Amazon S3, etc., or just simply backup to your FTP account. Here are some more details from the UpdraftPlus plugin description.
UpdraftPlus simplifies backups (and restoration). Backup into the cloud (Amazon S3 (or compatible), Dropbox, Google Drive, Rackspace Cloud, DreamObjects, FTP, SFTP, WebDAV and email) and restore with a single click. Backups of files and database can have separate schedules.
- Thousands of users: widely tested and reliable (over 215,000 downloads). Ranks in the top 0.5% on rankwp.com (70th out of 25,000 plugins).
- Top-quality: ranks 52nd out of 25,000 WordPress plugins for quality on rankwp.com (top 0.25% – last checked 20th August 2013).
- Supports WordPress backups to Amazon S3 (or compatible), Dropbox, Rackspace Cloud Files, Google Drive, Google Cloud Storage, DreamHost DreamObjects, FTP and email. Also (via an add-on) FTP over SSL, SFTP and WebDAV. (Note: Microsoft forbid SkyDrive to be used by backup software). Some examples of S3-compatible providers: Cloudian, Connectria, Constant, Eucalyptus, Nifty, Nimbula, Cloudn.
- Quick restore (both file and database backups)
- Backup automatically on a repeating schedule
- Site duplicator/migrator: can copy sites, and (with add-on) move them to new locations
- Files and databases can have separate schedules
- Failed uploads are automatically resumed/retried
- Large sites can be split into multiple archives
And there is much more.
All In One WP Security & Firewall – I like this plugin because it provides you with a firewall for your blog, a grading system for your security setup, and additional security features like brute force attack prevention. Here are some additional details from the plugin description.
All In One WP Security reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
All In One WP Security also uses an unprecedented security points grading system to measure how well you are protecting your site based on the security features you have activated.
Our security and firewall rules are categorized into “basic”, “intermediate” and “advanced”. This way you can apply the firewall rules progressively without breaking your site’s functionality.
Below is a list of the security and firewall features offered in this plugin:
User Accounts Security
- Detect if there is a user account which has the default “admin” username and easily change the username to a value of your choice.
- The plugin will also detect if you have any WordPress user accounts which have identical login and display names. Having account’s where display name is identical to login name is bad security practice because you are making it 50% easier for hackers because they already know the login name.
- Password strength tool to allow you to create very strong passwords.
User Login Security
- Protect against “Brute Force Login Attack” with the Login Lockdown feature. Users with a certain IP address or range will be locked out of the system for a predetermined amount of time based on the configuration settings and you can also choose to be notified via email whenever somebody gets locked out due to too many login attempts.
- As the administrator you can view a list of all locked out users which are displayed in an easily readable and navigable table which also allows you to unlock individual or bulk IP addresses at the click of a button.
- Force logout of all users after a configurable time period
- Monitor/View failed login attempts which show the user’s IP address, User ID/Username and Date/Time of the failed login attempt
- Monitor/View the account activity of all user accounts on your system by keeping track of the username, IP address, login date/time, and logout date/time.
- Ability to automatically lockout IP address ranges which attempt to login with an invalid username.
And there is much more…
MVIS Security Center – I like this plugin because it provides a very simple check for your WordPress install. Here are some additional details from the plugin description.
MVIS Security Center is a proactive WordPress security plugin that helps you lock down your installation in three simple and clear steps.
- Update Check: Find out what components of WordPress are vulnerable or need updating.
- User Check: Find out which of your user accounts have problems that pose risks to your website.
- Core Check: Find out which files and settings put your website at risk.
- You’ll receive an e-mail alert as soon as vulnerabilities are identified that affect any of your sites.
- The vulnerability alerts will tell you exactly how to address the vulnerability and become safe again.
- You’ll receive weekly status mails informing you about outdated versions and vulnerabilities in your sites.
I hope you find these WordPress plugins, and as always if you have any questions or comments, please feel free to use the comments section below.