Group Admins

  • Profile picture of Steve

WordPress Troubleshooting and Support

Public Group active 3 months, 2 weeks ago ago

WordPress support from our community

Better WP Security

This topic contains 0 replies, has 4 voices, and was last updated by  Steve 6 years, 8 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
    Posts
  • #1490

    Tim Beckett
    Participant

    I’ve been using a plugin called Better WP Security lately (http://wordpress.org/extend/plugins/better-wp-security/) with no issues until recently for a client when it clashed so badly with her theme (installed before she hired me), it locked me out and I called the hosting company and deactivated it.

    Her theme is from themeforest and uses timthumb.php. I’ve since installed the tim thumb vulnerability scanner to try and keep it secure but am wondering if anyone has had any issues with Better WP Security? I haven’t had any problems on it with my other sites (maybe a half-dozen) but kind of hesitate to re-install. Any other security plugins anyone would recommend?

    Thanks,

    Tim

    #2582

    Jonathan Goodman
    Participant

    Wow that plugin certainly does a lot. Although a lot of that can be done hands-on and might serve you better in the long run. WordPress is much safer than the public is lead to believe. There are four…no five things you can do that will keep your website safe:

    1) Upgrade, Upgrade, Upgrade: Upgrade your plugins, Upgrade your Core WordPress, and Upgrade your server (PHP, MYSQL, etc)

    2) Backup!! Backup everything frequently. If you have a site that changes or adds pages daily then backup nightly.

    3) Install WordPress in a sub-directory. Hackers look for easy targets so they are always trying to hit the root-directory. If you setup a fake WordPress install on the root but use the real WordPress in a sub-folder they will eventually tire and move on to an easier site.

    4) Login Lockdown (http://www.bad-neighborhood.com/login-lockdown.html) It records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

    5) Complicate Your Password: Everyone should know this. I shouldn’t even have to say this but if your website is awesome.com don’t make your password awesome. At the very least make it Aw3s0m3

    And of course the less plugins you have running means the less resources they are taking up and the less upgrading you need to do.

    Peace,
    Jonathan

    #2583

    Steve
    Keymaster

    @Tim– once the Timthumb scanner upgrades your version of Timthumb you can deactivate the plugin.

    #2584

    D.K. Smith
    Participant

    @Tim… Most of the security plugins are bloatware and Rube Goldberg-ish at best. You definitely shouldn’t pay for any of them.

    Our firewall plugin is coming soon… lean, mean, very effective, and free. Let me know if you’d like to beta-test.

    BTW, I send out plugin security alerts @securewp – http://twitter.com/@securewp

    @steve What happened to the Daily Digest for this group? I haven’t received an email from this board since 7/12.

    #2585

    Tim Beckett
    Participant

    HI guys,

    I just saw this thread – it wasn’t coming to my inbox – so sorry just getting back now.

    @Jonathon – good advice. How do I install in the sub-directory? I’ve never tried it. I usually go with the default install through the hosting company. I’ll have a look at login lockdown.

    @DK – I subscribed to your feed, I agree a lot of security plugins are pretty Rube Goldberg-ish. I’ve ended up using WordFence, keeping it on minimal settings. (http://wordpress.org/extend/plugins/wordfence/).

    See you guys next week!

    Tim

    #2586

    Steve
    Keymaster

    WP Engine announced this month that they are making two security plugins MANDATORY for all sites they host:
    Force Strong Passwords
    Limit Login Attempts

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.