Tips and Tricks HQ team has released a new WordPress Security plugin this year call WP Security. The plugin looks after the total security of your WordPress site and the best thing is that you don’t even need to know any technical stuff like what firewall is or how WordPress file system works etc.
After Installing the plugin if you go to the Dashboard menu it will show your current security level in a Security strength meter gauge.
Lucky this is my test site. I am scoring 40 out of 290, so you can clearly see that the security of my test site is really poor and can be easily breached.
Lets improve the security of my test site with WP Security Plugin.
USER ACCOUNTS
Under “User Accounts” I am scoring 15/15 for my account login name.
I cannot improve anything here. Common habit of most WordPress users is to keep their WordPress login name as “admin” which is easy for the hackers to guess. This section of the plugin allows you to change your login name to something else if you are already using “admin”.
USER LOGIN
Under this menu you can configure “Login Lockdown” and “Force Logout” settings to improve security.
Can you guess my score?
Pretty Embarrassing I know.
Login Lockdown feature keeps your site secure from unauthorized login. If someone is trying to guess your password and keep trying to login then this feature can shut down the login option for the unauthorized person and ban his IP for future login attempts.
Force Logout comes handy if you left your WordPress dashboard open for too long. It will shut down the session automatically after a configured period of time and will ask you to log back in again.
So after configuring the Login Lockdown and Force Logout my security score has gone up already.
DATABASE SECURITY
When you install wordpress for the first time the system creates some tables to store data which call database. Database tables consist of rows and columns to store data and they have names. By default the data tables have wp prefix in their names which makes the database vulnerable to the hackers. This feature allows you to change the prefix of your existing database and makes them harder to guess.
After configuring my Database Security my security score is now 75.
FILSYSTEM SECURITY
WordPress has file permission for who can Read, Write and execute the files. So file permission is very important. If your file permissions are incorrect this feature will point that out and recommend you what they should be so you can update the file permissions. This time I actually scored 20/20 in this section. Yaaaay for me.
BLACKLIST MANAGER
This feature gives you the option to ban certain host, IP addresses and user agents. It can also deny total site access for users which have IP addresses or user agents which you already entered in the block list.
For me I got no one to block so for this section I score 0/15.
FIREWALL
There are Basic Firewall Settings and WordPress Pingback Vulnerability Protection. By enabling them you score 30 points.
Basic Firewall Settings looks after the followings
Protect your htaccess file by denying access to it.
Disable the server signature.
Limit file upload size (10MB).
Protect your wp-config.php file by denying access to it.
WordPress Pingback Vulnerability Protection feature looks after the followings
Denial of Service (DoS) attacks
Hacking internal routers.
Scanning ports in internal networks to get info from various hosts.
After enabling the Firewall settings my score is now 105.
SPAM PREVENTION
A large portion of WordPress blog comment SPAM is produced by automated bots. This feature will greatly minimize the useless and unnecessary traffic and load on your server resulting from SPAM comments by blocking all comment requests which do not originate from your domain.
In other words, if the comment was not submitted by a human who physically submitted the comment on your site, the request will be blocked.
This setting adds another 10 points to my site security.
SCANNER
This feature offers automated file change detection. Sometimes hackers insert code into your file system to gain access to your site. Enabling this feature alerts you if there is a change in your file system or if a file has been affected. After enabling the scanner my security score is now 135.
At the moment the highest you can score is 150 out of 290 which is pretty decent. Tips and Tricks HQ team working on the plugin to bring the rest of the scores out in the future.
To add security to your WordPress blogs WP Security plugin is highly recommended.
Get this Free WordPress Security plugin at:
The post Best WordPress Security Plugin in 2013 FREE! appeared first on WordPress E-commerce Blog.
