Group Admins

Plugins

Public Group active 4 years, 6 months ago ago

Talk about your favorite plugins and ask others for advice about finding or using Wordpress plugins

10 Essential WordPress Security Plugins For 2013

Tagged: , ,

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • April 14, 2013 at 7:43 pm #1625
    Joly MacFie
    Participant

    http://www.problogger.net/archives/2013/01/08/10-essential-wordpress-security-plugins-for-2013/

    April 15, 2013 at 12:41 pm #2844
    Jonathan Goodman
    Participant

    The guy who wrote this article didn’t do his research. When I click through to the WordPress Firewall 2 there was a big notification at the top of the page that said “This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.”

    He also missed the best security plugin for 2013, which is Authy (http://authy.com). It’s a two factor authentication login. I highly recommend it.

    -Jonathan

    April 15, 2013 at 1:25 pm #2845
    D.K. Smith
    Participant

    Ditto Jonathan’s comment. The author of that article knows little about securing WordPress.

    WordPress Semisecure Login is just that, “semi” secure, HIGHLY recommend you not use it.

    Protecting your site adequately up-front makes monitoring a sixth wheel. “OOOPS, my site has been hacked” is not the way to secure WordPress.

    Most of all, there is no plugin or combination of plugins that adequately secures WordPress.

    I give an excellent security presentation.

    Read comments here, http://www.meetup.com/Wordpress-Westchester-Meetup-Group/events/59255372/

    Steve invited me to present at NYC and then he cancelled the presentation.

    Maybe it can be re-scheduled since NYC members should know how to really secure their sites.

    April 15, 2013 at 2:59 pm #2846
    Jonathan Goodman
    Participant

    Agreed D. K.

    Especially with this news coming out on Friday:

    A large distributed brute force attack against WordPress sites is understood to be occurring. A large botnet with more than 90,000 servers is attempting to log in by cycling through different usernames and passwords.

    Read On: http://thehackernews.com/2013/04/massive-brute-force-attack-targets.html

    -Jonathan

    April 15, 2013 at 10:13 pm #2847
    D.K. Smith
    Participant

    Hi Jonathan,

    These latest brute force attacks have been popping up for the last three months.

    Out of almost 1,500 sites we’ve secured, none had been re-hacked until recently.

    The two that were re-hacked did not install all the security meaures we recommended.  One is a major southern university with a large IT department and the other is a small church website.

    So it makes no difference what size budget you have.

    Either fully protect your WP site across-the-board… or risk suffering the consequences.

    April 16, 2013 at 3:13 pm #2848
    D.K. Smith
    Participant

    Steve reached out to me yesterday about presenting.

    Hopefully the meetup can have a complete WP security presentation in May.

    For NYC I’ll expand the Westchester security presentation, which got rave reviews, http://www.meetup.com/Wordpress-Westchester-Meetup-Group/events/59255372/

    April 16, 2013 at 3:14 pm #2849
    Steve
    Keymaster

    May is already booked… so is June. Possibly July.

    April 16, 2013 at 3:16 pm #2850
    D.K. Smith
    Participant

    Hi Steve,

    Okay… didn’t see any meetups posted for May and June.

    I’m already booked for July.

    How about August?

    April 18, 2013 at 1:31 pm #2851
    Dana
    Participant

    Here’s a great article to checkout:

    http://halfelf.org/2013/false-security/

    April 19, 2013 at 1:22 am #2852
    D.K. Smith
    Participant

    @Dana… nice find. That article is half good, which means it’s better than most security articles. Figuring out the good half is subjective and takes knowledge the typical user doesn’t have. The article comments illustrate this.

    One comment is excellent,

    “a false sense of security seems to deter people actually learning the why and the how”

    My security team believes “the how and the why” is what’s most important. Lately (2013) every fourth or fifth hacked site is something we’ve not seen before. The “how and why” knowledge I share in my presentation is largely what guides us.

  • Author
    Posts
Viewing 10 posts - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.