If you own or manage a WordPress Blog or Website, then you probably already know that hackers have been targeting WordPress blogs worldwide via "Brute-Force Attacks" (although I wish to point out that this problem is by no means only affecting WordPress websites & blogs - it's a problem for ALL webmasters, no matter what CMS or platform their websites are built / running on. It isn't only large e-commerce websites that are being targeted either - small blogs and non-e-commerce sites are also being targeted, perhaps even more so because the security on those sites is usually quite poor to non-existent...). Approximately 30 MILLION WordPress blogs are estimated to have fallen victim in this latest attack.
How to Better Secure Your WordPress Website.
So, what can you do to better secure your WordPress website? Well, luckily the answer and the cure is not only quite simple to implement, but it's also 100% FREE!.
Basic Security Steps to secure your WordPress website:
Below are some standard security methods that you should already be using - such as:
- NEVER use "admin" (or some other often-used name) as your administrative account username.
- Always hide your actual username & instead display your "nickname" or name (...go into your account profile page & then simply select your nickname/name from the drop-down box where it asks you "Display name publicly as" - Press "save" and you're done).
- Use strong passwords (preferably that contain a combination of letters, numbers and symbols).
- Regularly change your passwords.
- Manually tighten some of the permissions on your website files and folders (Note: not needed if you install the excellent and free BPS Security plugin I've reviewed below....)
- Always keep a recent copy of your website files (containing the entire site: the WordPress CMS files, your Themes, Plugins etc) AND at least 3 copies of your database backup - This is so that if your site is ever hacked then you can quickly & easily replace it with a "clean" version of both. Remember - Nothing in this world is ever 100% secure, and you should always be prepared for the worst....
- And lastly, ALWAYS keep your website (WordPress CMS, plus your Template/Theme & all Plugins) constantly up-to-date.
But unless you are a "security wizz" and you can secure your site manually, then you should also consider using a WordPress security plugin to do it all for you. One such plugin is BPS Security.
There are many excellent WordPress security plugins available for free, so there's no excuse...
My Current Favourite WordPress Security Plugin...
Here I've reviewed my (current) favourite WordPress security plugin, BPS Security by AITPro. It's the first thing that I install on any WordPress websites that I build, and BPS is used on all of our own network of (WP) websites. I've been using it for some time now, and it just gets better and better (....it's so quick and easy to install / or update now that I can virtually do it in my sleep). The author of BPS is one of the most helpful and active plugin developers I've encountered EVER, including commercial plugin developers, so if you do get into trouble then you can probably find a solution already available on the WordPress forum, but if not then post your question on the WP forum (the developer is super-fast to respond, and super helpful) or on the new AITPro forum - http://forum.ait-pro.com/forums/topic/read-me-first-free/. There is also a BPS Security professional version available - see http://www.ait-pro.com/aitpro-blog/3395/bulletproof-security-pro/bps-free-vs-bps-pro-feature-comparison/ - , and which I recommend using if you can afford it (it's only $59.95 ~ which includes Unlimited Installations & Free Lifetime Upgrades -
and no, we are not an affiliate or getting any benefit whatsoever from promoting this plugin / link - we just simply want to promote a really great plugin & developer - er, scrap that last comment, as I really do like this plugin so much that I think we just might have to join up to their affiliate program LOL!!).
Anyway, here's some screenshots of the latest free version of BPS Security - version (.4.84) which is just released, and which now also includes a new "Login Security" feature to prevent Brute-Force attacks (see last image - screenshot 5).
(Click on images to view full-size Screenshots)
About Installing Multiple Security Plugins....
It's also worth mentioning that as well as using the BPS Security Plugin you could also consider adding additional security plugins to your WordPress as well, such as:
- "Limit Login Attempts" - excellent plugin, however not needed anymore if you install BPS Security plugin as BPS now has this function in-built as of the latest version .4.84 -
- "Wordfence" plugin - which includes a firewall, virus scanning, real-time traffic with geo-location and more.
- Better WP Security and
- Secure WordPress plugin - although I wouldn't recommend using the "Secure WordPress" plugin at this time, as it hasn't been updated in a very long time, and a number of users are posting on the WP Forum that they are having problems with it, and all help appears to have vanished.....
The author of BPS Security plugin says you should be able to use other security plugins with BPS without any issues - see: http://wordpress.org/support/topic/can-i-use-one-more-wp-security-plugin - but of course there are no guarantees that they won't conflict with each other or your theme etc, and so as always you'll need to proceed with care & then "test test test" if you do decide to install multiple security plugins.
I hope you found this post useful 🙂