WordPress support from our community
Better WP Security
July 26, 2012 at 3:12 pm #1490
I’ve been using a plugin called Better WP Security lately (http://wordpress.org/extend/plugins/better-wp-security/) with no issues until recently for a client when it clashed so badly with her theme (installed before she hired me), it locked me out and I called the hosting company and deactivated it.
Her theme is from themeforest and uses timthumb.php. I’ve since installed the tim thumb vulnerability scanner to try and keep it secure but am wondering if anyone has had any issues with Better WP Security? I haven’t had any problems on it with my other sites (maybe a half-dozen) but kind of hesitate to re-install. Any other security plugins anyone would recommend?
TimJuly 26, 2012 at 8:39 pm #2582
Wow that plugin certainly does a lot. Although a lot of that can be done hands-on and might serve you better in the long run. WordPress is much safer than the public is lead to believe. There are four…no five things you can do that will keep your website safe:
1) Upgrade, Upgrade, Upgrade: Upgrade your plugins, Upgrade your Core WordPress, and Upgrade your server (PHP, MYSQL, etc)
2) Backup!! Backup everything frequently. If you have a site that changes or adds pages daily then backup nightly.
3) Install WordPress in a sub-directory. Hackers look for easy targets so they are always trying to hit the root-directory. If you setup a fake WordPress install on the root but use the real WordPress in a sub-folder they will eventually tire and move on to an easier site.
4) Login Lockdown (http://www.bad-neighborhood.com/login-lockdown.html) It records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
5) Complicate Your Password: Everyone should know this. I shouldn’t even have to say this but if your website is awesome.com don’t make your password awesome. At the very least make it Aw3s0m3
And of course the less plugins you have running means the less resources they are taking up and the less upgrading you need to do.
JonathanJuly 26, 2012 at 11:13 pm #2583
@Tim– once the Timthumb scanner upgrades your version of Timthumb you can deactivate the plugin.July 30, 2012 at 5:07 pm #2584
@Tim… Most of the security plugins are bloatware and Rube Goldberg-ish at best. You definitely shouldn’t pay for any of them.
Our firewall plugin is coming soon… lean, mean, very effective, and free. Let me know if you’d like to beta-test.
BTW, I send out plugin security alerts @securewp – http://twitter.com/@securewp
@steve What happened to the Daily Digest for this group? I haven’t received an email from this board since 7/12.August 14, 2012 at 5:43 pm #2585
I just saw this thread – it wasn’t coming to my inbox – so sorry just getting back now.
@Jonathon – good advice. How do I install in the sub-directory? I’ve never tried it. I usually go with the default install through the hosting company. I’ll have a look at login lockdown.
@DK – I subscribed to your feed, I agree a lot of security plugins are pretty Rube Goldberg-ish. I’ve ended up using WordFence, keeping it on minimal settings. (http://wordpress.org/extend/plugins/wordfence/).
See you guys next week!
TimSeptember 19, 2012 at 8:50 pm #2586
You must be logged in to reply to this topic.