WordPress Security
In the previous article we talked about blog security and how it affects your blogging experience. We concluded that there’s no real bulletproof protection, but you CAN do something to at least fight back which according to studies fends off the majority of the attackers. Consider it like a home security system. If you have just a small fragile door with no home security whatsoever, chances are that sooner than later someone is going to break into your home because it takes little to no effort and even after the break-in there’s little risk for the burglar to get caught. However, if you add a good secure door, some cameras and even the basic alarm system, you’re very unlikely to have yourself in that situation. Even though the burglar will know that you surely have valuable assets since you’re protecting it so viciously, he will think twice before breaking into your home. Not because it’s impossible (nothing is impossible), but because he’s expected to do a lot more work and he’s exposing himself to a greater risk.
Same goes for any site’s security. You simply CANNOT make it impossible to hack, but just by adding several layers of defense to make the hacker’s life harder will be sufficient. At some point the hacker will simply give up and move on to an easier target. With WordPress, you can do this just by installing and setting up several plugins.
WP Security Scan is a helpful plugin which will scan your WordPress for vulnerabilities. However, don’t mistake this for a pentest (penetration test). The plugin will only do a surface scan and find the most obvious flaws which are abused by inexperienced kids seeking for popularity by performing easy hack. You’ll need to fix the flaws afterwards, which is not all too difficult. It’s a good practice to have such a plugin. Even if you’re not able to fix the issues, at least you’ll know what you’re vulnerable to and when to expect potential attackers. You can use this simple information to your advantage and the least you can do is make regular backups so if trouble comes knocking on your door, you’ll be ready.
Another thing you should do is install several deeper layers of protection. For WordPress, there’s a plugin called AskApache password protect. It will detect inexperienced hackers and fend them off. It’s not designed to fight against experienced hackers but that’s not your target anyway. In conjunction with WP Security Scan it will give you a good edge against your attackers. It has some spam protection, but you shouldn’t rely on it to protect against spam. There’s a different plugin for that, called Akismet.
Speaking of spam, inexperienced hackers won’t have access to advanced botnets in order to perform a DDoS(Distributed denial of service) attack on your blog, so they’ll usually improvise by using spambots in order to slow down your blog by flooding it. As a final layer of defense you should install Akismet in conjunction with a good captcha plugin to thwart spambots before they can cause any damage.
At the end of the day, please remember – you should NEVER install all security plugins that you come across. If you do, you’ll cause more harm than good. Multiple security plugins will quickly create functional conflicts. In the best case your plugins will negate each other’s effect and become useless. However, more often they will actually break your WordPress installation beyond repair because they will get into an infinite loop detecting each other as threat and trying to fight off. It’s like installing two antiviruses on a computer. At first glance it might sound like a good idea, but as soon as a virus appears it will be detected by both antiviruses. The quicker antivirus will try to deal with the infected file, but the other antivirus will detect that action as malicious and try to prevent it. That’s when the antiviruses will start fighting each other and the actual infected file will be probably left alone.
So a good idea will be to consult a professional before installing multiple security plugins.
Do some research, read some reviews. A bad combination can really be fatal for a blog. It’s not something you should take lightly. At the end of the day, your blog is probably a serious investment. You should analyze every step you take if you want to be successful. Security is not an exempt rule of this.
If you enjoyed this post, I would be super grateful if you would share on Twitter, Facebook and Google Plus above…………
PS: About The Flood Protection Plugin, I decided not to include it as I could not find current information about it and all the comments on forums seem to be negative.
I offer WordPress Tutorials, Website Help and local marketing consulting.
Connect with me on
Google+
