• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

HANDS ON WORDPRESS

Making a Living with WordPress

  • Home
  • Blog
  • About
    • About Hands On WordPress
  • The Austin WordPress Community
  • Contact
  • Show Search
Hide Search
You are here: Home / WordPress / WordPress Security for Non-Programers

WordPress Security for Non-Programers

sandibatik · August 11, 2014 · Leave a Comment

This Hands-On WordPress article has been extrapolated from the August 11, 2014 WordPress Deep Dive Discussion Meet-up lead by Nick Batik

Basic WordPress Site Security Practices

The most effective WordPress security practices don’t change appreciably from one year to the next.

These are ones that even non-programers can manage on their own, or make sure that the WordPress Developer takes care of as part of normal site maintenance.

As a site owner or manager who is concerned about ‘hardening’ your WordPress site you need to:

  1. Install each WordPress update as it becomes available

  2. Keep the number of Plugins on you site to a minimum and ALWAYS delete – not disable – those plugins no longer in use.

  3. Upgrade those plugins as soon as updates become available.

  4. Choose difficult passwords and change them regularly

  5. Back up your site data daily, weekly or monthly, depending on how often information changes on your site.

  6. Use .htaccess to protect your WordPress site. — If you are not comfortable with code – ask your WP Developer to show you how to do this.

These are a WordPress sites owner or managers ‘tier one’ defense strategies. Once these site ‘hardening’ practices are in place, it is time to look at Security plugins to monitor your WordPress core files and traffic.

WordPress Security Plugins

iThemes Security (formerly Better WP Security), #1 WordPress Security Plugin

WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software. iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. Themes Security works to fix common holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users, iThemes Security can help protect any WordPress site. There is a free and premium version available This plugin was developed and is maintained by Chris Wiegman member of the Austin WordPress Meet-up organizing team.

Wordfence

Wordfence is a leading cyber security solution for WordPress. They provide a complete anti-virus and firewall package for your WordPress website including two factor authentication, a Firewall incorporating machine learning and tools to help recover from a hack. Wordfence Security is available free. Simply sign into your WordPress website, Go to Plugins > Add New > And search for ‘wordfence’ without quotes. Our premium version includes enterprise WordPress Security features like Two Factor Authentication and Country Blocking.

This plugin that will block any IP address that tries to flood or spam your website. It will limit the number of login attempts and monitor all live traffic. It’s being updated and maintained regularly, so you can count on it being on top of all your security issues.

BackWPUp

This backup plugin can be used to save your complete installation including /wp-content/ and push them to an external Backup Service, like Dropbox, S3, FTP and many more, see list below. With a single backup .zip file you are able to easily restore an installation. Please note: this free version will not be supported as good as the BackWPup Pro version.

There are, a number other free and paid backup plugins out there and every one has a favorite –choose one that works for you — but please install and use it on your site.

WordPress Security Services

Sucuri

If you decide that you want to “Job-Out’ your sites Security the number one recommendation would be Sucuri. They provide website monitoring, malware removal and all the related website security services that you would need. Sucuri services include a sitecheck scanner automatically scans your website to ensure it is clean of malware, suspicious redirects, iframes, link injections etc. You can manually set the frequency with which the scanner runs its tests for malware and blacklisting, content changes in the core files, WHOIS changes and DNS changes. In addition to this, the security scanner also ensures that your website is not blacklisted by Google, Norton, PhishTank, Opera, SiteAdvisor, Yandex, and, of course their own Sucuri blacklist. For additional information about Sucuri services and package pricing go to https://sucuri.net.

Controlling Comment SPAM

Grownmap— Anti-SPAMBOT Plugin

This plugin will add a client side generated checkbox to your comment form asking users to confirm that they are not a spammer. It is a lot less trouble to click a box than it is to enter a captcha and because the box is genereated via client side javascript that bots cannot see, it should stop 99% of all automated spam bots.

A check is made that the checkbox has been checked before the comment is submitted so there’s no chance that a comment will be lost if it’s being submitted by legitimate human user.

To combat the new ‘learning’ bots, this plugin adds dynamically named fields to the comment form so each post has a differently named field and value.

You can set the maximum amount of comments a user can have in the moderation queue to protect you from comment floods (provided you haven’t approved any of the spammers comments before)

Please be aware of these current WordPress security issues

f you’re a WordPress user and you’re running any of these plugins, you’d better update them right away.

All vulnerabilities have been patched in new versions of each plugin. The various vulns can allow an attacker to use your website for phishing lures, to send SPAM, to make you an unwitting malware host, infect other sites (on a shared server), and more.

If you’re admin on a WordPress install, check to see that you have the following current versions of each affected plugin:

  • WPTouch (3.4.3)
  • Disqus (2.77)
  • All In One SEO Pack (2.2.1)
  • MailPoet Newsletters (2.6.9)

SOURCE: WordPress plugin vulnerabilities affect 20 million downloads

WordPress Security Resources For Non-Programmers:

  • WordPress Codex- Hardening WordPress
  • Locking Down WordPress by CodePoet
  • WordPress Security Cutting Through the BS
  • MVIS Security Center (Plugin): Identifies most of the topics described in this guide and provides information on how to lock down WordPress
  • wpsecure.net has a few guides on how to lock down WordPress.
  • Brad Williams: Lock it Up (Video)
  • Official docs on how to password protect directories with an .htaccess file
  • Simple tutorial on how to password protect the WordPress admin area and fix the 404 error

Filed Under: WordPress Tagged With: Austin WordPress Meetup, WordPress Plugins, WordPress Security

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

About Sandi Batik

About Sandi Batik

Introverted Freelancer, WordPress trainer, consultant, curricula developer, author, unapologetic geek, unrepentant capitalist, lucky enough to do what I love … more about me about About Sandi Batik

  • Twitter

Search

Introverted Freelancer

Traits of Successful Introverted Freelancers

Traits of Successful Introverted Freelancers

2017 Business Check-up Workshop

2017 Business Check-up Workshop

Expanding Your Business With Automated Marketing Funnels

Expanding Your Business With Automated Marketing Funnels

How to Use Permission Marketing to Build Your WordPress Business

How to Use Permission Marketing to Build Your WordPress Business

How Much Should I Charge for Building or Designing a WordPress Website?

How Much Should I Charge for Building or Designing a WordPress Website?

Project Management

Keeping Scope Creep From Killing Your Schedule and Profit Margin

Keeping Scope Creep From Killing Your Schedule and Profit Margin

Project Management for WordPress Freelancers

Project Management for WordPress Freelancers

WordPress

Securing and Maintaining Your WordPress Site

Securing and Maintaining Your WordPress Site

How The WordPress Media Library Works — 2018

How The WordPress Media Library Works — 2018

How To Build an Information Structure for Your WordPress Site

How To Build an Information Structure for Your WordPress Site

How WordPress Themes Really Work

How WordPress Themes Really Work

How to Create and Manage eMail Newsletters from Your WordPress Site

How to Create and Manage eMail Newsletters from Your WordPress Site

How to Secure and Maintain Your WordPress Site

How to Secure and Maintain Your WordPress Site

Copyright © 2010-2023 Hands On WordPress · All Rights Reserved