Plugins
Public Group active 3 years, 10 months ago agoTalk about your favorite plugins and ask others for advice about finding or using Wordpress plugins
10 Essential WordPress Security Plugins For 2013
- This topic has 9 replies, 5 voices, and was last updated 9 years, 1 month ago by
D.K. Smith.
-
AuthorPosts
-
April 14, 2013 at 7:43 pm #1625
Joly MacFie
ParticipantApril 15, 2013 at 12:41 pm #2844Jonathan Goodman
ParticipantThe guy who wrote this article didn’t do his research. When I click through to the WordPress Firewall 2 there was a big notification at the top of the page that said “This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.”
He also missed the best security plugin for 2013, which is Authy (http://authy.com). It’s a two factor authentication login. I highly recommend it.
-Jonathan
April 15, 2013 at 1:25 pm #2845D.K. Smith
ParticipantDitto Jonathan’s comment. The author of that article knows little about securing WordPress.
WordPress Semisecure Login is just that, “semi” secure, HIGHLY recommend you not use it.
Protecting your site adequately up-front makes monitoring a sixth wheel. “OOOPS, my site has been hacked” is not the way to secure WordPress.
Most of all, there is no plugin or combination of plugins that adequately secures WordPress.
I give an excellent security presentation.
Read comments here, http://www.meetup.com/Wordpress-Westchester-Meetup-Group/events/59255372/
Steve invited me to present at NYC and then he cancelled the presentation.
Maybe it can be re-scheduled since NYC members should know how to really secure their sites.
April 15, 2013 at 2:59 pm #2846Jonathan Goodman
ParticipantAgreed D. K.
Especially with this news coming out on Friday:
A large distributed brute force attack against WordPress sites is understood to be occurring. A large botnet with more than 90,000 servers is attempting to log in by cycling through different usernames and passwords.
Read On: http://thehackernews.com/2013/04/massive-brute-force-attack-targets.html
-Jonathan
April 15, 2013 at 10:13 pm #2847D.K. Smith
ParticipantHi Jonathan,
These latest brute force attacks have been popping up for the last three months.
Out of almost 1,500 sites we’ve secured, none had been re-hacked until recently.
The two that were re-hacked did not install all the security meaures we recommended. One is a major southern university with a large IT department and the other is a small church website.
So it makes no difference what size budget you have.
Either fully protect your WP site across-the-board… or risk suffering the consequences.
April 16, 2013 at 3:13 pm #2848D.K. Smith
ParticipantSteve reached out to me yesterday about presenting.
Hopefully the meetup can have a complete WP security presentation in May.
For NYC I’ll expand the Westchester security presentation, which got rave reviews, http://www.meetup.com/Wordpress-Westchester-Meetup-Group/events/59255372/
April 16, 2013 at 3:14 pm #2849Steve
KeymasterMay is already booked… so is June. Possibly July.
April 16, 2013 at 3:16 pm #2850D.K. Smith
ParticipantHi Steve,
Okay… didn’t see any meetups posted for May and June.
I’m already booked for July.
How about August?
April 18, 2013 at 1:31 pm #2851Dana
ParticipantHere’s a great article to checkout:
April 19, 2013 at 1:22 am #2852D.K. Smith
Participant@Dana… nice find. That article is half good, which means it’s better than most security articles. Figuring out the good half is subjective and takes knowledge the typical user doesn’t have. The article comments illustrate this.
One comment is excellent,
“a false sense of security seems to deter people actually learning the why and the how”
My security team believes “the how and the why” is what’s most important. Lately (2013) every fourth or fifth hacked site is something we’ve not seen before. The “how and why” knowledge I share in my presentation is largely what guides us.
-
AuthorPosts
- You must be logged in to reply to this topic.