Group Admins

WordPress Troubleshooting and Support

Public Group active 1 year, 1 month ago ago

WordPress support from our community

Better WP Security

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #1490
    Tim Beckett

    I’ve been using a plugin called Better WP Security lately ( with no issues until recently for a client when it clashed so badly with her theme (installed before she hired me), it locked me out and I called the hosting company and deactivated it.

    Her theme is from themeforest and uses timthumb.php. I’ve since installed the tim thumb vulnerability scanner to try and keep it secure but am wondering if anyone has had any issues with Better WP Security? I haven’t had any problems on it with my other sites (maybe a half-dozen) but kind of hesitate to re-install. Any other security plugins anyone would recommend?



    Jonathan Goodman

    Wow that plugin certainly does a lot. Although a lot of that can be done hands-on and might serve you better in the long run. WordPress is much safer than the public is lead to believe. There are four…no five things you can do that will keep your website safe:

    1) Upgrade, Upgrade, Upgrade: Upgrade your plugins, Upgrade your Core WordPress, and Upgrade your server (PHP, MYSQL, etc)

    2) Backup!! Backup everything frequently. If you have a site that changes or adds pages daily then backup nightly.

    3) Install WordPress in a sub-directory. Hackers look for easy targets so they are always trying to hit the root-directory. If you setup a fake WordPress install on the root but use the real WordPress in a sub-folder they will eventually tire and move on to an easier site.

    4) Login Lockdown ( It records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

    5) Complicate Your Password: Everyone should know this. I shouldn’t even have to say this but if your website is don’t make your password awesome. At the very least make it Aw3s0m3

    And of course the less plugins you have running means the less resources they are taking up and the less upgrading you need to do.



    @Tim– once the Timthumb scanner upgrades your version of Timthumb you can deactivate the plugin.

    D.K. Smith

    @Tim… Most of the security plugins are bloatware and Rube Goldberg-ish at best. You definitely shouldn’t pay for any of them.

    Our firewall plugin is coming soon… lean, mean, very effective, and free. Let me know if you’d like to beta-test.

    BTW, I send out plugin security alerts @securewp –

    What happened to the Daily Digest for this group? I haven’t received an email from this board since 7/12.

    Tim Beckett

    HI guys,

    I just saw this thread – it wasn’t coming to my inbox – so sorry just getting back now.

    @Jonathon – good advice. How do I install in the sub-directory? I’ve never tried it. I usually go with the default install through the hosting company. I’ll have a look at login lockdown.

    @DK – I subscribed to your feed, I agree a lot of security plugins are pretty Rube Goldberg-ish. I’ve ended up using WordFence, keeping it on minimal settings. (

    See you guys next week!



    WP Engine announced this month that they are making two security plugins MANDATORY for all sites they host:
    Force Strong Passwords
    Limit Login Attempts

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.