Posted on Jun 22 2010 by Alistair Barnett in Tutorials WordPress
Below is a list of plugins that I have used to harden WordPress (and make my life easier). In no particular order, they are:
WP Security Scan – Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
2. file permissions
3. database security
4. version hiding
5. WordPress admin protection/security
6. removes WP Generator META tag from core code
Secure WordPress – Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
1. removes error-information on login-page
2. adds index.php plugin-directory (virtual)
3. removes the wp-version, except in admin-area
4. removes Really Simple Discovery
5. removes Windows Live Writer
6. remove core update information for non-admins
7. remove plugin-update information for non-admins
8. remove theme-update informationfor non-admins (only WP 2.8 and higher)
9. hide wp-version in backend-dashboard for non-admins
10. Add string for use WP Scanner
11. Block bad queries
12. Validate your site with a free malware and vulnerabilities scan with SiteSecurityMonitor.com
Ultimate Security Check – The Ultimate Security Check plugin helps you identify security problems with your wordpress installation. It scans your blog for hundreds of known threats, then give you a security “grade” based on how well you have protected yourself.
Finally, to make your life easier when backing up the database, install the below plugin that allows you to do it from WP Admin. IMPORTANT: Don’t have an automatic backup that gets sent to your email (this is NOT secure). Instead, set a reminder to do it every day. If you don’t post daily, every week is probably enough.
WP-DB-Backup – WP-DB-Backup allows you easily to backup your core WordPress database tables. You may also backup other tables in the same database.
If your site still doesn’t look right, I recommend that you contact your host for assistance as they will be able to help you out from here. If not, you can always get someone to help you by hiring their services (visit http://automattic.com/services/wordpress-consultants/ and do a search for “security” on that page).
Thanks for reading. I hope that this three-part article was both educational and beneficial for your WordPress site. I wish everyone the best of luck in strengthening the security of WordPress and thwarting any hackers that come your way.
And, of course, feel free to comment!