Apr 12 2011
WordPress is widely recognized as the most powerful and most popular blogging platform available, and today there are millions of WordPress blogs inhabiting the massive Internet community. Unfortunately, WordPress’ ubiquity makes it a prime target for hackers. If you maintain a WordPress blog, here are three must-have security plugins that can help keep your blog safe, secure and online:
1 – Login Lockdown
If you install just one WordPress security plugin on your blog, it should be Login Lockdown. Once installed and configured, every time someone tries to log in to your blog’s control panel and fails, that person’s IP address and the exact time of day are logged. If multiple unsuccessful login attempts are made from the same IP address within a given time period, the ability for anyone to login at all is temporarily disabled. You can set the number of failed logins and the time period yourself when you install the plugin. I have Login Lockdown set to disable logins on my blogs for 15 minutes after the system receives three unsuccessful login attempts.
2 – WP Security Scan
There are a number of ways that hackers can gain entry to your WordPress blog’s admin area, and once inside they can wreak all kinds of havoc on your blog installation. WP Security Scan checks your entire WordPress installation for any and all security holes, then provides you with suggestions for closing them.
3 – Remove My Version
Every time a visitor loads a page from your WordPress blog, WordPress puts a line of text in the header showing which version of WordPress your blog is running. Hackers can use this version information to attack your blog using methods that were designed specifically for attacking that version of WordPress. Removing this information makes it much more difficult for hackers to break into your blog and do all kinds of nasty things to (and with) it.
To install any of the these plugins (I recommend that you install them all) simply click Plugins>Add New on the menu of your WordPress Dashboard, then search for the plugin by name. Installation is usually a one-click deal.
Here are a few other tactics you can use to “harden” your WordPress installation:
1 – Use strong passwords, and change them frequently.
2 – Create a new user with Admin privileges, then delete the default “admin” user.
3 – Always update your WordPress core files, themes and plugins as soon as possible after an updated version is released. In this case, delay can mean disaster.
About the author: Rick Rouse is the owner and editor of RLROUSE Infoblog where you’ll find hundreds of articles and information for powering your life.