in Design

How to keep your wordpress blog secure

WordPress is an ideal platform for blogging, but without the help of some plugins and tweaks, it can be vulnerable to malicious people. Follow the tips below to avoid any problems that you may encounter.

TAC (Theme Authenticity Checker)

TAC stands for Theme Authenticity Checker. Currently, TAC searches the source files of every installed theme for signs of malicious code. If such code is found, TAC displays the path to the theme file, the line number, and a small snippet of the suspect code. As of v1.3 TAC also searches for and displays static links. The real value of this plugin is that you can quickly determine where code cleanup is needed in order to enjoy your theme.

Maximum Security for WordPress

The powerful Maximum Security plugin for WordPress is packed with strong protection that makes your site extremely secure. It guards against intrusion; tracks a plethora of events; blocks malicious content that could harm your readers and your search engine ranking; and includes a strong Web application firewall along with a full blown intrusion prevention system.

Akismet

Akismet is a wonderful plugin for spam protection, really! It checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.

Stealth Login

This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. Instead of advertising your login URL on your homepage, you can create a URL of your choice that can be easier to remember than wp-login.php, for example you could set your login URL to http://www.myblog.com/login for an easy way to login to your website.

Login LockDown

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.

Admin SSL

Admin SSL secures login page, admin area, posts, pages – whatever you want – using Private or Shared SSL. Once you have activated the plugin, you have to go to the Admin SSL config page to enable SSL.

WP-DB-Backup

WP-DB-Backup allows you easily to back up your core WordPress database tables. You may also backup other tables in the same database. This one is probably the most popular WordPress backup plugin. Installation is relatively easy if your ‘wp-content’ inside WordPress directory is writable. If it is not, you will have to temporary modify the permissions of this directory to make it writable so that the plugin can create a directory to store backups in.

WP Security Scan

The regularly updated WP Security Scan scans your WordPress installation for security vulnerabilities and suggests corrective actions. It checks for vulnerable passwords, file permissions, database security, it hides the WP version, WordPress admin protection/security and it removes the WP Generator META tag from the core code. Powerful plugin.

AntiVirus for WordPress

AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. Some of its features include: monitors possible platform vulnerabilities, virus injections, malicious links, etc. It can also send you email notifications and whitelisting.

reCAPTCHA

reCAPTCHA is an anti-spam method originating from Carnegie Mellon University which uses CAPTCHAs in a genius way. Instead of randomly generating useless characters which users grow tired of continuously typing in, risking the possibility that spammers will eventually write sophisticated spam bots which use OCR libraries to read the characters, reCAPTCHA uses a different approach.

Blackhole

Blackhole is a trap for bad bots. The concept is simple: include a hidden link to a robots.txt-forbidden directory somewhere on your pages. Bots that ignore or disobey your robots rules will crawl the link and fall into the trap, which then performs a WHOIS Lookup and records the event in the blackhole data file. Once added to the blacklist data file, bad bots immediately are denied access to your site.

More resources

 

Bogdan

Bogdan is the founder of Top Design Magazine. You can find him in Bucharest-Romania so next time you want to drink a beer there and talk about web and stuff, give him a message.