Welcome to part 2 of this WordPress Wednesday series on WordPress Security. If you haven’t checked part 1 yet, make sure you give it a read. In part 2, I’ll be covering backups and some great security plugins as well.
The Importance Of Backups!
I cannot stress the importance of properly backing up your blog enough. Like I said, a lot of us tend to only think about WP security after our blog has been hacked. But by then, it’s too late. If your blog ever happens to get hacked, you’re going to need a backup of all your files. There are 3 main ways that bloggers use to backup their site:
- Web Host: Your web host should produce regular backups of your blog for you automatically. You should be able to just contact them to get a backup. I use Hostgator (affiliate link), and they make it extremely easy to access backups through cPanel.
- Plugins: There are plenty of great plugins for backing up WordPress. Plugins allow you to automatically create backups of your blog on a regular schedule so that you don’t have to remember to do it yourself. The WordPress Backup to Dropbox plugin is a good one because it sends your backups to Dropbox so that they’re not hosted on your servers.
- Manual: Lastly, you can always create manual backups of your site via FTP. Just transfer over all of your files through whatever FTP client you like. I use FireFTP, but there are plenty of other ones to choose from. The problem with manual backups is that you have to remember to do it, which makes it prone to human error.
WordPress Plugins for Security
To wrap up this guide, I want to mention some plugins that are great for WP security. Aside from actual WP Security plugins, I’m also going to mention some that are just beneficial for security purposes such as a couple more backup plugins. You don’t have to get all of these. I’m an avid believer in not downloading too many plugins as made evident in my 5 WordPress Plugins Your Blog Can Do Without post.
This is by far the most popular WordPress security plugin there is. It allows you to perform a ton of security tests on your site to make sure you’re safe. It will check to see if your plugins and themes are up to date, check your database, login attempts and more. Not only that, but it will also give you tips on what to do if any of the results come back as “Bad”.
I’ve mentioned accessibility a few times already in this post, and this plugin is designed to help prevent accessibility issues. You can ban IP’s, restrict login attempts, get a log of login activity, and more. A lot of sites use it to fight spam, but it’s great for security too.
This is a great free WordPress security plugin that helps protect your blog from common vulnerabilities. It does this by hiding certain files such as the path to your WP-Content folder and login error messages. It will also run scans of your site and fix any issues it finds. Like Login Ninja, it will also prevent brute force logins. The list of features for this plugin goes on and on. Quite frankly, I’m surprised it’s free.
The BulletProof Security plugin protects your site from a ton of different hacks. The plugin description notes:
- XSS
- RFI
- CRLF
- CSRF
- Base64
- Code Injection
The plugin prevents malicious scripts from accessing your .php files by using .htaccess security files. All technical jargon aside, this plugin essentially protects the important files on your site that hackers want to access.
This isn’t a plugin, but it’s very useful for bloggers who have multiple sites that use WordPress. It allows you to manage all of your blogs from one dashboard. The main feature I like about ManageWP for security is the ability to update all of your plugins, themes, and WordPress from one place. So instead of logging into all of your blogs individually, you can update them all from one place. As I mentioned, out of date plugins and themes are one of the most common ways blogs get hacked, so ManageWP is great to help prevent that. You can also use it to create backups of all your blogs as well.
I mentioned WP Backup to Dropbox earlier, but here is another plugin for creating WordPress backups. It pretty much does everything you need, and it’s simple to use. You can schedule your backups, pick what specific files/folders you want to backup, and have the backups emailed to you.
Don’t make the mistake of waiting until after your blog gets hacked to think about security. Use some of the tips and info here and start securing your WP blogs. Do you have any plugins, tips, or tricks that you use to help your blog be more secure?
About Dominique Jackson
Pingback: Part 2 Of My WP Security Post On BBTO - Blog About Blogs