How to Fix Your WordPress Site If It Gets Hacked (Part Three)

Last updated on

PART III: Plugins to Make Your Life Easier

Below is a list of plugins that I have used to harden WordPress (and make my life easier). In no particular order, they are:

WP Security Scan – Scans your WordPress installation for security vulnerabilities and suggests corrective actions.

1. passwords
2. file permissions
3. database security
4. version hiding
5. WordPress admin protection/security
6. removes WP Generator META tag from core code

Secure WordPress – Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.

1. removes error-information on login-page
2. adds index.php plugin-directory (virtual)
3. removes the wp-version, except in admin-area
4. removes Really Simple Discovery
5. removes Windows Live Writer
6. remove core update information for non-admins
7. remove plugin-update information for non-admins
8. remove theme-update informationfor non-admins (only WP 2.8 and higher)
9. hide wp-version in backend-dashboard for non-admins
10. Add string for use WP Scanner
11. Block bad queries
12. Validate your site with a free malware and vulnerabilities scan with SiteSecurityMonitor.com

Ultimate Security Check – The Ultimate Security Check plugin helps you identify security problems with your wordpress installation. It scans your blog for hundreds of known threats, then give you a security “grade” based on how well you have protected yourself.

Finally, to make your life easier when backing up the database, install the below plugin that allows you to do it from WP Admin. IMPORTANT: Don’t have an automatic backup that gets sent to your email (this is NOT secure). Instead, set a reminder to do it every day. If you don’t post daily, every week is probably enough.

WP-DB-Backup – WP-DB-Backup allows you easily to backup your core WordPress database tables. You may also backup other tables in the same database.

If your site still doesn’t look right, I recommend that you contact your host for assistance as they will be able to help you out from here. If not, you can always get someone to help you by hiring their services (visit http://automattic.com/services/wordpress-consultants/ and do a search for “security” on that page).

Thanks for reading. I hope that this three-part article was both educational and beneficial for your WordPress site. I wish everyone the best of luck in strengthening the security of WordPress and thwarting any hackers that come your way.

And, of course, feel free to comment!


PART I: Introduction and Housecleaning
PART II: Database Modification and WP Admin
PART III: Plugins to Make Your Life Easier

About the Author (Author Profile)

Alistair Barnett is a member of Solostream Support. He is a walking Internet how-to and can almost always tell you where to go on the Web to do x, y, and z. Over 15 years’ experience of being an avid Copyeditor, Web Designer, and Internet consultant allows him to assist in any way he can. His focus is on attention to detail, while also being a helpful, easygoing person.

Comments (14)

Trackback URL | Comments RSS Feed

  1. thank you sir.
    I love read this series.
    because i just started to learn about WP.

    Many Thanks.

  2. Secure WordPress is great, but a very basic plugin. Something like Better WP Security (free) that’s more all inclusive gives 90% more protection (and is updated and supported more often).

  3. Gary says:

    Any idea where I can get the Ultimate Security Check plugin as your link is now a redirect to the home page there.

    A pity!

    Maybe it’s released under a new name?

    Gary

  4. Stealth Login i think much more helpful

  5. james says:

    you helped me a lot.thanks

  6. Adam says:

    Got hacked the other week right after upgrading to WP 3.0. Your series was very timely and I learned some things I had not been familiar with before. I’ll be implementing them today to hopefully keep this frustrating experience from happening again. Thanks for sharing this information!

    • Sorry to hear that you got hacked, but I’m glad that my series was informative for you. As you said, hopefully you can use my tips to avoid being hacked in the future. Good luck!

  7. jason says:

    Alistair;

    Thanks for the reference!

  8. Brad Vincent says:

    Thanks for this awesome series of posts! It is great to know how to fix a hacked site (or even avoid altogether). I am sure this will save ALOT of people from some embarrassing situations :)

Leave a Reply

No Theme Support Questions Please

We will not respond to theme support questions submitted via this form.. If you've purchased one of our themes or a Premium Themes Membership, please visit the Solostream Support Forum for support questions. To do so, login to the Solostream Member's Area, and click the link for the Solostream Support Forum.