Group Admins

WordPress Troubleshooting and Support

Public Group active 2 years, 3 months ago ago

WordPress support from our community

Better WP Security

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #1490
    Tim Beckett
    Participant

    I’ve been using a plugin called Better WP Security lately (http://wordpress.org/extend/plugins/better-wp-security/) with no issues until recently for a client when it clashed so badly with her theme (installed before she hired me), it locked me out and I called the hosting company and deactivated it.

    Her theme is from themeforest and uses timthumb.php. I’ve since installed the tim thumb vulnerability scanner to try and keep it secure but am wondering if anyone has had any issues with Better WP Security? I haven’t had any problems on it with my other sites (maybe a half-dozen) but kind of hesitate to re-install. Any other security plugins anyone would recommend?

    Thanks,

    Tim

    #2582
    Jonathan Goodman
    Participant

    Wow that plugin certainly does a lot. Although a lot of that can be done hands-on and might serve you better in the long run. WordPress is much safer than the public is lead to believe. There are four…no five things you can do that will keep your website safe:

    1) Upgrade, Upgrade, Upgrade: Upgrade your plugins, Upgrade your Core WordPress, and Upgrade your server (PHP, MYSQL, etc)

    2) Backup!! Backup everything frequently. If you have a site that changes or adds pages daily then backup nightly.

    3) Install WordPress in a sub-directory. Hackers look for easy targets so they are always trying to hit the root-directory. If you setup a fake WordPress install on the root but use the real WordPress in a sub-folder they will eventually tire and move on to an easier site.

    4) Login Lockdown (http://www.bad-neighborhood.com/login-lockdown.html) It records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

    5) Complicate Your Password: Everyone should know this. I shouldn’t even have to say this but if your website is awesome.com don’t make your password awesome. At the very least make it Aw3s0m3

    And of course the less plugins you have running means the less resources they are taking up and the less upgrading you need to do.

    Peace,
    Jonathan

    #2583
    Steve
    Keymaster

    @Tim– once the Timthumb scanner upgrades your version of Timthumb you can deactivate the plugin.

    #2584
    D.K. Smith
    Participant

    @Tim… Most of the security plugins are bloatware and Rube Goldberg-ish at best. You definitely shouldn’t pay for any of them.

    Our firewall plugin is coming soon… lean, mean, very effective, and free. Let me know if you’d like to beta-test.

    BTW, I send out plugin security alerts @securewp – http://twitter.com/@securewp


    @Steve
    What happened to the Daily Digest for this group? I haven’t received an email from this board since 7/12.

    #2585
    Tim Beckett
    Participant

    HI guys,

    I just saw this thread – it wasn’t coming to my inbox – so sorry just getting back now.

    @Jonathon – good advice. How do I install in the sub-directory? I’ve never tried it. I usually go with the default install through the hosting company. I’ll have a look at login lockdown.

    @DK – I subscribed to your feed, I agree a lot of security plugins are pretty Rube Goldberg-ish. I’ve ended up using WordFence, keeping it on minimal settings. (http://wordpress.org/extend/plugins/wordfence/).

    See you guys next week!

    Tim

    #2586
    Steve
    Keymaster

    WP Engine announced this month that they are making two security plugins MANDATORY for all sites they host:
    Force Strong Passwords
    Limit Login Attempts

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.