HackRepair.com Website Security Tips and Hack Notes

Below are some of my favorite tips for securing your favorite content management systems (CMS’s), like WordPress, Joomla, etc.

+ Security or Monitoring WordPress plugins
Because security type plugins may make changes to files within your website, you may find one works better than another in regard to compatibility with other plugins. So I’ve listed my top three WordPress security plugins recommendations below in order of preference.

Better WP SecurityBulletProof SecurityWordfence Security
Best lock down tool for a “new” blog installations and new features being added all the time. Developer constantly updates this plugin based on user reviews and comment.Heavily oriented toward .htaccess blocking of malicious drive-by bots and intrusion attempts. This is my go to when other plugins fail to work due to conflicts with themes or plugins.A more for-profit security plug than the others, Wordfence is top of the food chain as security plugins go. Develop keeps heaping on the features like I eat my cake, "more frosting please..."
Pros:
Presents a shotgun approach to WP security which may work better for some.
Pros:
Laser focused security plugin.
Pros:
This uber plugin has a plethora of features (though many require payment).
Link to how to install Better WP Security video videoHow to install BulletProof Security video

Honorable mention:

  • Secure Hidden Login
    Single purpose login URL editor. Allows you to login wih a key combination or button combination.
  • iQ Block Country
    Block visitors from specific countries.

+ Has your email account or address been compromised? We have an App for that…

+ Check your WordPress installation for vulnerabilities

Website Security Tips

 
  • https://secunia.com/advisories/search/?search=wordpress (above)
  • http://wordpress.org/tags/vulnerability/
  • Timthumb Vulnerability Scanner plugin (is a good one time checking plugin)
  • AntiVirus plugin (limitation: only checks your “active” theme, not your entire site)
    Nice for manual malware review though I would not leave it on 24/7 since false alarms may drive you nuts.
  • Beware of for-profit WordPress security plugins. Most are free to start, though aggressive sales tactics can be annoying and “pro” upgrade options can often be found free elsewhere and not worth paying for respectively.

 

Wi-Fi security Howto, do’s and don’ts

 

How to choose a secure web hosting company checklist

Looking for a secure web hosting company?
Like to have a better idea on how secure your web hosting company really is, then send this email questionnaire off to your web hosting company to find out:

~~~~~~~~~~~~~~~~~~~~~~~~ +
Hi Mr. Web Host,
Can you reply back with answers to my security questions below please?

Does [my | the] service plan [enter your service plan] include the following options:

- Secure POP/IMAP available?
– SSH available?
– SFTP available?
– Is an SSL certificate available, and what is the cost?
– Will you scan my site daily for malware and notify me same day if malware exists on my site?
– If there is malware on my website can you assist me in clearing the malware, and what is the cost?
– Will you help me ensure my web hosting account is PCI compliant?
– Are my daily and weekly backups easy to access, and do you charge for backup recovery?

Slight off subject:
– If I have any questions about WordPress, or if I encounter any problems with my website scripts will you assist me?
– If I have an emergency or support question is there someone there I can speak to by phone or real-time chat?

Many thanks,
[your name]
~~~~~~~~~~~~~~~~~~~~~~~~ +

 

Recommended WordPress Security Articles

+ Worth reading articles on WordPress security (in the “could not have written it better myself” category)

+ Must watch video regarding Joomla Security (in the “could not have said it better myself” category)

 Please check out Jim’s article about WordPress Security Plugins Revealed

My website has been hacked. Now what do I do?

We’re here to help you get your business back online ASAP!

With over 10 years of experience in managing secure servers, we will ensure your web site is unblocked at Google or your money back!

Summary
Article Name
Website Security Tips and Hack Notes
Author
Description
Website security expert Jim Walker of HackRepair.com shares his best tips for securing your favorite content management systems (CMS's), like WordPress, Joomla, etc.
The following two tabs change content below.
Jim Walker has been a website security expert and website hosting services provider for over 16 years. Living in San Diego, California, his current passion is everything WordPress. He manages HackRepair.com, a malware cleanup and website security services company, and HackGuard.com, a WordPress security and WordPress management service.

Latest posts by Jim Walker (see all)

Please feel free to comment via WordPress, Twitter, Facebook or Google+