Hi all, Below are some of my favorite tips for your favorite content management systems (CMS’s), like WordPress, Joomla, etc.
+ HackRepair.com’s must install WordPress plugins
- BulletProof Security -> Youtube.com how to install BulletProof Security video
- Better WP Security. Best lock down tool for a “new” blog installation.
May even be an alternative to BPS above (try both). - File Monitor Plus (free inside-out monitoring). Also see Free Website Monitoring Services
Honorable mention:
- WP Time Machine
Nice free backup option, though also see Free Website Monitoring Services as well. - AskApache Password Protect (can cause errors with some plugins, so your mileage may vary)
+ Has your email account or address been compromised? We have an App for that…
+ Check your WordPress installation for vulnerabilities
- https://secunia.com/advisories/search/?search=wordpress (above)
- http://wordpress.org/tags/vulnerability/
- Timthumb Vulnerability Scanner plugin (is a good one time checking plugin)
- AntiVirus plugin (limitation: only checks your “active” theme, not your entire site)
Nice for manual malware review though I would not leave it on 24/7 since false alarms may drive you nuts. - Beware of for profit WordPress security plugins (free to start, with aggressive or overly slick “pro” upgrade offers).
+ Wi-Fi security do’s and don’ts
- This article by Eric Geier nicely describes how easy it is to hack a WIFI network, as well as how relatively easy it is to lock your own WIFI network down, Wi-Fi security do’s and don’ts. The original slideshow may be found here.
+ How to choose a secure web hosting company checklist
Looking for a secure web hosting company?
Like to have a better idea on how secure your web hosting company really is, then send this email questionnaire off to your web hosting company to find out:
~~~~~~~~~~~~~~~~~~~~~~~~
Hi Mr. Web Host,
Can you reply back with answers to my security questions below please?
Does [my | the] service plan [enter your service plan] include the following options:
- Secure POP/IMAP available?
- SSH available?
- SFTP available?
- Is an SSL certificate available, and what is the cost?
- Will you scan my site daily for malware and notify me same day if malware exists on my site?
- If there is malware on my website can you assist me in clearing the malware, and what is the cost?
- Will you help me ensure my web hosting account is PCI compliant?
- Are my daily and weekly backups easy to access, and do you charge for backup recovery?
Slight off subject:
- If I have any questions about WordPress, or if I encounter any problems with my website scripts will you assist me?
- If I have an emergency or support question is there someone there I can speak to by phone or real-time chat?
Many thanks,
[your name]
~~~~~~~~~~~~~~~~~~~~~~~~ +
Worth reading articles on WordPress security (in the “could not have written it better myself” category)
My website has been hacked. Now what do I do? 
We’re here to help you get your business back online ASAP! With over 10 years of experience in managing secure servers, we will ensure your web site is unblocked at Google or your money back!
Best Wishes, 
Jim Walker, The Hack Repair Guy
619-479-6637
Helping People— It’s What we do.
