In the days that followed my publishing of 6 WordPress Security Tips to Help You Sleep at Night, I thought of a few extra tips that didn’t make it into the original post, so I decided to put together a quick follow up. Let’s get right to it:
Login LockDown — a super nifty and free plugin designed to thwart brute force attacks (i.e. when the malicious hacker attempts to gain access to your dashboard by trying thousands of common passwords in sequence, usually via automation software). The plugin monitors incorrect attempts to log into your website. If it records a pre-designated number of failed attempts from the same IP address, it disables all login privileges for that IP address/range for a specified time interval. By default, the lockout sequence initiates after 3 failed attempts from the same IP address within a 5 minute interval, and the lockout period lasts for an hour, but you can easily modify these settings.
BulletProof Security — yet another WordPress plugin that’s jam-packed with security features. The installation process could be a bit more intuitive, but once you get this baby up and running, your WP website will become a virtual fortress. The plugin restricts access to numerous files with sensitive information about your website (e.g. what version of WordPress you’re running, what plugins you have installed), disables directory browsing, cripples image hotlinking attempts, etc. It’s truly an all-in-one solution, and best of all, it’s free (there is a paid version, but the free alternative will more than suffice, unless you’re operating a commercial website that generates significant revenue).
BackupPress — My preferred WordPress backup plugin. It’s cheap ($5/month/website), functional (backs up all WP as well as non-WP files), and super convenient (all backups are stored on the company’s secure cloud servers). The backup runs automatically every night, and the plugin requires very little configuration. You can also restore to an earlier point in time right from within the WP interface. Although not strictly a security plugin, regular backups are a must, so I decided to include the plugin on this list.
If there are any WordPress security plugins that you use and which I didn’t cover, let me know the comments!
I am a senior at The University of Chicago, where I study political science. I am also a proud pug owner, and a technology, marketing, personal finance, and productivity junkie.
I started this blog to share my passions with others, and to document general lessons learned from living as a 20-something.