WordPress as awesome as it is, is also one of the most popular open source CMS scripts that is out there – and we all know being that kind of popular carries the increased risk for devious hackers to find new ways to break into your site. In many cases the hackers break in only to spam your blog with tons and tons of links to less than desirable sites. Other times they can install redirects to other sites or even install malware/spyware. Regardless of the severity of the hack, we as WP users always need to be diligent about doing everything we can to protect our sites, and our customers/readers from potential security risks.
Our friends over at MasterSiteManager.com (an awesome stats, rankings and SEO tracking service that we use and highly recommend) have tested and put together a great “must have” list of plugins to help protect your blogs from hackers. If you use some of these really great (and FREE) plugins, along with working with your hosting company or server admins to make sure your server is as secure as possible, you will see your vulnerability to these attacks drop significantly.
1. Restrict Login By IP – lets you specify IP addresses or hosts that users are allowed to login from. Only users that have the exact IP will be able to access the dashboard. Everyone else will get a “Forbidden” error when trying to log in or access an admin page directly. However, normal visitors won’t be affected – everyone will still be able to read your posts browse the site.
2. AskApache Password Protect – it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.
3. WP-Ban – It will display a custom ban message when the banned IP, IP range, host name or referer url trys to visit you blog. You can also exclude certain IPs from being banned.
4. WP System Health – This plugin provides a new Dashboard Widget (limit to administrators) that displays information provided by 4 different categories: system, php, wordpress, database.
5. WP-DB-Backup – WP-DB-Backup allows you easily to backup your core WordPress database tables.
6. Exploit Scanner – This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.
7. WP Security Scan – Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
Of course, you should always make sure you are running the most recent version of WordPress and that you take regular (nightly) backups of your site so that if you are hacked, you can quickly revert to a saved version, or do a file comparison to find the injected code.
Drop us a note below if you have any other tips or suggestions!