Below are some of my favorite tips for securing your favorite content management systems (CMS’s), like WordPress, Joomla, etc.
+ Security or Monitoring WordPress plugins
Because security type plugins may make changes to files within your website, you may find one works better than another in regard to compatibility with other plugins. So I’ve listed my top three WordPress security plugins recommendations below in order of preference.
|Better WP Security||BulletProof Security||Wordfence Security|
|Best lock down tool for a “new” blog installations and new features being added all the time. Developer constantly updates this plugin based on user reviews and comment.||Heavily oriented toward .htaccess blocking of malicious drive-by bots and intrusion attempts. This is my go to when other plugins fail to work due to conflicts with themes or plugins.||A more for-profit security plug than the others, Wordfence is top of the food chain as security plugins go. Develop keeps heaping on the features like I eat my cake, "more frosting please..."|
Presents a shotgun approach to WP security which may work better for some.
Laser focused security plugin.
This uber plugin has a plethora of features (though many require payment).
|Link to how to install Better WP Security video video||How to install BulletProof Security video|
- File Monitor Plus (free inside-out monitoring).
Better WP Security has nice monitoring options as well.
- WP Time Machine
Nice free backup option, though also see Free Website Monitoring Services as well.
+ Has your email account or address been compromised? We have an App for that…
+ Check your WordPress installation for vulnerabilities
- https://secunia.com/advisories/search/?search=wordpress (above)
- Timthumb Vulnerability Scanner plugin (is a good one time checking plugin)
- AntiVirus plugin (limitation: only checks your “active” theme, not your entire site)
Nice for manual malware review though I would not leave it on 24/7 since false alarms may drive you nuts.
- Beware of for-profit WordPress security plugins. Most are free to start, though aggressive sales tactics can be annoying and “pro” upgrade options can often be found free elsewhere and not worth paying for respectively.
Wi-Fi security Howto, do’s and don’ts
- This article by Eric Geier nicely describes how easy it is to hack a WIFI network, as well as how relatively easy it is to lock your own WIFI network down, Wi-Fi security do’s and don’ts. The original slide show may be found here.
How to choose a secure web hosting company checklist
Looking for a secure web hosting company?
Like to have a better idea on how secure your web hosting company really is, then send this email questionnaire off to your web hosting company to find out:
Hi Mr. Web Host,
Can you reply back with answers to my security questions below please?
Does [my | the] service plan [enter your service plan] include the following options:
- Secure POP/IMAP available?
– SSH available?
– SFTP available?
– Is an SSL certificate available, and what is the cost?
– Will you scan my site daily for malware and notify me same day if malware exists on my site?
– If there is malware on my website can you assist me in clearing the malware, and what is the cost?
– Will you help me ensure my web hosting account is PCI compliant?
– Are my daily and weekly backups easy to access, and do you charge for backup recovery?
Slight off subject:
– If I have any questions about WordPress, or if I encounter any problems with my website scripts will you assist me?
– If I have an emergency or support question is there someone there I can speak to by phone or real-time chat?
Recommended WordPress Security Articles
+ Worth reading articles on WordPress security (in the “could not have written it better myself” category)
+ Must watch video regarding Joomla Security (in the “could not have said it better myself” category)
- An Introduction to Joomla Site Security, by OSTraining.com
My website has been hacked. Now what do I do?
We’re here to help you get your business back online ASAP!
With over 10 years of experience in managing secure servers, we will ensure your web site is unblocked at Google or your money back!