Nov 072014

The blog publishing world is fraught with peril.

Write something that someone does not like and soon the wrath of an irate individuals or the mob descends upon you.

Your WordPress blog is now under relentless attack from around the world.

Suddenly you start to see ruthless attackers from Romania, Colombia, Mexico, NYC, Mumbai, Buffalo, Kolkata and Russia mount ferocious attacks on your blog, mail server, Apache server etc day in and day out.

And then there are those who attack web blogs for the mere thrill of destroying someone’s labor of love.

Staying live itself becomes a herculean task and all resistance seems futile, right?

From experience, I can tell you that it’s impossible to prevent determined attackers (be they hired hackers or government agents) from wreaking havoc on your blog.

The best you can hope for is to minimize the damage by following a few security measures.

Some must-dos are updating WordPress software to the latest version, keeping regular backups, changing the admin user name from “admin” to something more complex and hiding the “Powered by WordPress” phrase in the footer of the page.

Security Plugins

You can further secure your WordPress blog by installing security plugins.

Some security plugins are all-encompassing while others address specific parts like bad logins, captchas or passwords.

I have listed a bunch of WordPress security plugins that you might want to consider to secure your blog.

My suggestion is to install each one for a few days, test the performance and then stay with the one that best addresses your needs. Some of these security plugins require a fee for features like country blocks, real-time comment filtering or scan scheduling.

* BulletProof Security is one of those comprehensive security plugins that addresses database backup, .htaccess security filters, performance optimization, login security and monitoring, HTTP error logging and brute force attacks. The latest version is .51.2.

* All In One WP Security & Firewall is true to its name and offers login, database and file system protection, addresses comment spam, brute force logins and firewalls, and enables security scanning, htaccess and wp-config.php file backup and restore. The latest version is 4.0.

* iThemes Security (formerly Better WP security) says it provides over 30 ways to secure and protect your WordPress site. The latest version is 4.4.23 and the plugin requires WordPress 3.9 or higher.

* Login LockDown – Limits number of login attempts from a given IP range within a certain time period. The current version of Login LockDown (as of November 6, 2014) is 1.6.1. This plugin supports WordPress 3.6 and higher.

* Acunetix Secure WordPress is a comprehensive security tool that suggests corrective measures for securing file permissions and the database, version hiding, admin protection and passwords. The plugin (latest version is 3.0.3) works with WordPress 3.0 or higher.

* Chap Secure Login is an encrypted login plugin that uses a SHA-256 hash algorithm. This plugin’s latest version 1.6.3 supports WordPress 2.5 and higher.

* Wordfence Security is a popular plugin with over 3.6 million downloads. Its developers describe the plugin as an enterprise class security and performance tool that can make a WordPress site up to 50 times faster and more secure. Wordfence Security features a caching engine, realtime malware blocking, two-factor authentication, scanning for backdoors, malware and phishing URLs, login security and blocking entire malicious networks. The curent version 5.2.9 supports WordPress 3.3.1 and higher.

* BruteProtect is designed to protect against botnet and brute force attacks. The latest version (2.3.3) supports WordPress and higher.

* WP fail2ban is an example of a narrow security plugin that focuses on just one thing. The plugin writes all login attempts to syslog for integration with fail2ban, a powerful tool to block malicious IPs. The latest version of the plugin (2.3.0) supports WordPress 3.4 and higher and requires PHP 5.3 or later to be installed on the server.

* Security-Protection secures your blog from login, registration and reset-password brute-force attacks without the use of captcha. The latest version of the plugin (2.1) supports WordPress 3.0 and higher.

Note of Caution

In this post, I have highlighted just 10 security plugins but obviously far more are to be found on the WordPress site.

However, these 10 plugins are a good place to start if you want to make your WordPress blog more secure.

But bear in mind that whatever you do, there’s no thwarting determined attackers from making your life miserable. Simply put, the balance of power is against you.

Be they paid hackers from Ukraine, Turkey or Mumbai or government agents, your best hope is to adopt all the security measures you can understand and afford. And then pray for the best.

Never lose sight of the fact that you can only minimize security threats but never eliminate them completely.

Sorry, the comment form is closed at this time.