Now that we have left 2012 behind, we can start planning 2013. And there is no better time to review the security plugins you use on your WordPress site.
Last year important new security plugins were released, and some of the existing plugins were updated.
The great challenge when it comes to WordPress Security Plugins is to find the magic combination which gives you optimal cover without conflicts or overlapping functionality.
Here we bring you the winning combination for a prosperous (and safe) 2013.
Let the party begin!
Make sure only invited guests pop in
When you throw a big party, you’d best think about who you let in. Otherwise the party might get out of hand.
These clever little plugins are your broad-shouldered bouncers. And they mean business!
WP Login Security 2
This is a personal favorite of mine. It’s very clever.
If an unknown guest arrives at your party your bouncer will ask for ID, but you can walk straight in.
Similarly, the plugin will send a verification email to the registered email address of the user if he tries to log in from an unknown IP address. Only if he validates the IP address by clicking on a link in the email will he be allowed in.
This is a very effective way of stopping brute force attacks. Even if someone does guess your userid and password, they still can’t get in.
If, on the other hand, you log in from a known IP address, you are let in straight away.
- Official Plugin Page: http://wordpress.org/extend/plugins/wp-login-security-2/
- Instructions: WP Login Security 2.
Semisecure Login Reimagined
At your party, the bouncer will make sure no one eavesdrops when you whisper the secret password in his ear.
Ideally you would want to send your login information over SSL when you access your WordPress administration panel. However, there is a cost involved in obtaining a SSL certificate and if you are on a shared server you would also need a dedicated IP address.
This plugin is the next best thing for those of us who’d rather spend our money on party hats.
It will automatically encrypt your login information so it is much more difficult for an outsider to steal your credentials.
- Official Plugin Page: http://wordpress.org/extend/plugins/semisecure-login-reimagined/.
- Instructions: Semisecure Login Reimagined.
Login Security Solution
This is the mother of all bouncers. He will only accept photo ID, he can check the expiry date and you can tell him that library cards are no longer accepted. He can even throw out people who fall asleep on the premises.
Or, in technical terms: with this plugin, password strength is enforced, password aging is an option, and password resets for all users can be forced. And you can even log out idle sessions automatically.
Another clever feature of this plugin: instead of locking out IP addresses of brute force attackers it will slow down the response times gradually. This means that you can get your own password wrong without being locked out, and it will still make brute force attacks almost impossible.
- Official Plugin Page: http://wordpress.org/extend/plugins/login-security-solution/.
- Instructions: Login Security Solution.
WordPress Firewall 2
This is the wall around your house that makes sure no one sneaks in through your backdoor or a window, bypassing your bouncers. It’s very important.
Windows Firewall 2 inspects all incoming traffic to identify if anyone sends you malicious requests or tries to inject data into your database.
- Official Plugin Page: http://wordpress.org/extend/plugins/wordpress-firewall-2/.
- Instructions: WordPress Firewall 2.
Block Bad Queries
This plugin is like the barbed wire or the broken glass on top of the wall. Yes, the internet is really a bad neighborhood!
BBQ extends your firewall and helps filter incoming traffic to stop known bad guys.
- Official Plugin Page: http://wordpress.org/extend/plugins/block-bad-queries/.
- Instructions: Block Bad Queries.
Keeping tabs on what goes on in your house
Once your party is going you want to keep an eye on what is happening. If someone breaks your TV you’d like to know who’s responsible and how much damage was caused.
These plugins are your eyes and your ears. And they are awake!
WordPress File Monitor Plus
This is like having surveillance cameras in every room of your house and taping all the action. If anything goes down you can see exactly what happened.
WordPress File Monitor Plus tracks changes to your file system. If any files are added, removed, or changed you will be notified by email. Neat. Could be an invaluable help in cleaning up after you have had visitors!
- Official Plugin Page: http://wordpress.org/extend/plugins/wordpress-file-monitor-plus/.
- Instructions: WordPress File Monitor Plus.
WP Security Scan
Although you love opening up your house for the big party, there are still some rooms you do want to keep away from your guests. Locking a few doors will make sure the cats can only play where you want them to.
WP Security Scan checks your file and folder permissions and a few other things to make sure everything that should be locked down is locked down.
- Official Plugin Page: http://wordpress.org/extend/plugins/wp-security-scan/.
- Instructions: WP Security Scan.
Curing the hangover
Depending on the success of your party you might end up with a bit of a hangover the day after. But we’ve got the cure for you.
This good old trick could save you from getting a hangover in the first place: take a couple of headache tablets before you go to bed.
By using Update Notifications you’re stopping the headaches before they begin. Keep your WordPress site updated at all times and you won’t see the bulk part of the threats circulating the net. This plugin automatically sends you an email when there is an update for your plugins, themes, or core WordPress files.
- Official Plugin Page: http://wordpress.org/extend/plugins/update-notifications/.
- Instructions: Update Notifications.
If you are not feeling well, knowing why can make the difference between recovering quickly or suffering for a long time. If you know you are dehydrated you can drink some water. If you know you have got an infection, penicillin might be the remedy you need.
Wordfence is one of the newer security plugins. However it has matured very quickly. One of the great features of Wordfence is that it will compare the plugin, theme, and WordPress core files on your installation with the official version in the WordPress repository. If there are any discrepancies, the plugin will send you an email.
It will also scan your site for known malware, phishing, backdoors, and virus infections.
Sucuri WordPress Security Plugin
If you are really out of luck, you might pick up some kind of disease at your party. This is the risk of mingling with many people. In this case, you might have to go to the doctor.
Sucuri is more than just a security plugin. In fact, their WordPress plugin is probably one of their least-known products.
Sucuri is a company that specializes in cleaning up infected websites. If your luck is out and your site is infected, they will clean it for less than it would cost you in coffee if you wanted to figure it out on your own—provided you know what you are doing. And they will keep your site clean for a year after that.
The WordPress plugin adds a web application firewall and malware file scanning. The web application firewall will communicate with Sucuri servers, so if one site is under attack from certain IP addresses they can be blocked across the network immediately.
- Official Plugin Page: This is a premium plugin so it is not found in the WordPress repository.
- Instructions: Sucuri WordPress Security Plugin.
With a little bit of preparation, you will be able to throw fantastic parties in 2013, and you and your guests can amuse themselves without worrying about accidents or bad guys ruining everything.
Make sure your WordPress site is in good shape and ready to bring you a very prosperous 2013!