Security plug-ins for WordPress site?

Discussion in 'other software & services' started by acr1965, Nov 27, 2013.

Thread Status:
Not open for further replies.
  1. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    I have a wordpress website and use the wordfence plug-in. Does anyone recommend the premium version? Are there other recommended plug-ins for wordpress? I do not have an online store, just a site with info/ contact info about my business.

    thanks
     
  2. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    I also own one and use Wordfence free as well.

    Other very useful tools that I use:

    -WP2Syslog. Keeps logs of everything that happens. New users that register, users that cant authenticate, IP addresses, etc.

    -BackWPup. Backs up my WP install to a different folder under root and sends email notifications to my sites admin email to confirm the process completed. I then transfer the backups via FTP to my external HD. Makes for super easy restore if necessary. Also allows optimizing and compacting your database on a schedule so general maintenance is automated.

    -Stop Spammer Registration Plugin. I use this with StopForumSpam.com API, Project Honeypot API, BotScout API, and Wordpress API for Akismet. This allows you to block spammers and possible hassles before they even happen. Also allows you to ban ail domains, whitelist legitimate users if someone gets caught up in it, or black list emails/IP addresses. Since Ive installed this Stop Spammers has stopped 7343 in about 6 months.

    -DRP Wordpress User Management. Allows me to keep track of who logs in and when along with associated IP addresses every time for historical purposes. Makes tracking down spammers much easier.
     
  3. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    ok I'll check those out...thanks
     
  4. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Another few tips I have:

    1. Change the name of the default admin account to something other than admin
    2. Force SFTP instead of FTP. Disable FTP in your web hosting control panel. Any FTP information is transferred in plain text.
    3. Delete the readme.html file in the root Wordpress folder via SFTP. With that file its super easy for someone who is trying to gain entry figure out what version of Wordpress your running.
     
Loading...
Thread Status:
Not open for further replies.