In the first blog of our series, we advised you on the 4 Most Common WordPress Exploits that Business Owners Neglect. Now that you’re informed of the exploits, we want to arm you with some software and services that we use that can help keep your site safe. Using these tools properly will help to dramatically minimize the potential for hacks, malware and spam.

Wordfence

Wordfence is a plugin that “provides free enterprise-class WordPress security, protecting your website from hacks and malware.” You can install it as you would any other plugin in WordPress. The features that we value most are:

Notifications and Alert System

  • Email alerts and notifications will be sent to warn you of critical issues that require your attention.
  • Users can customize their options to limit the frequency of email notices depending on the severity of the issue.

Security Scanning

  • Scans can be performed manually with the free version, or scheduled to run automatically at a variety of different intervals with the premium version.
  • A scan of all the core files against a known proper version is performed. If a file has been changed it’s likely your WordPress has been infected by malware, which has modified your core files.
  • Scans also monitor the database and additional files that look suspicious.
  • Includes posted content and comments, and anything that may trip-up users to go somewhere else.

Login Security

  • Defines a specific number of times users attempt login. For example, a fixed number such as five to ten times before a user is blocked. The same format is followed for password attempts.
  • Defines a specific number of times a user is locked out.
  • Protects web owners who may not be the most savvy or conscientious with security.
  • Prevents certain usernames so you don’t use “admin” as your administrator username. Enforces a good strong password and warns you if a password is weak.
  • Obligates the user to choose strong passwords and will prevent the use of submitting all lowercase letters.

Additional Options & Features

  • Hides the WordPress version number from displaying in the html code. Hackers can take advantage of exploits present in past versions of WordPress. Hence, it is very important to always update WordPress to the latest version.
  • Filters comments while in progress and can determine if anything is corrupt and labeled as spam. Will determine what’s on Google’s safe browsing list and will flag any with bad URLs and hold them for moderation.
  • Sends a summary of everything at weekly intervals so users can view a digest of all of the above items.

Cloudflare

CloudFlare is a CDN (content delivery network) renowned for improving the speed (load time) of websites. They have servers all over the world. Once setup, CloudFlare will store a cached version of your website on each of their global servers. CloudFlare then delivers your website and its content to the world from the server that is closest to a given visitor. On average, this makes your website much faster. Beyond speed, CloudFlare’s global infrastructure and platform provide some additional security benefits.

Firewall

  • Can block any traffic that is identified as illegitimate before it reaches your origin web server.
  • The CloudFlare firewall inspects website addresses or URLs to detect anything out of the ordinary.
  • Blacklists and blocks specific addresses, ranges of IP, and if warranted, can block entire countries.

Security Related

  • By enabling the email address obfuscation, CloudFlare encrypts email addresses that are displayed to prevent them from being harvested by bots, while keeping them visible to humans. Visitors will not see any visible changes to your site.

Hotlink Protection

  • Ensures that another website cannot link directly to your images, which puts an additional load on your server and reduces your bandwidth.
  • This option prevents other sites from building pages that use images hosted on your site and prevents others from using your images without your knowledge. Naturally, people can still download and view images from your page. They just can’t link to the source of the image (your server).

Analytics

  • Provides insight to your website traffic, for instance, the kinds of visitors viewing your site, people who are perceived threats and search engine crawlers.
  • Provides an opportunity to make educated decisions to prevent intrusions from occurring.

ManageWP

ManageWP enables you to manage multiple WordPress sites from one location including updates, backups, deployment, plugins and security tools. As an agency that manages multiple websites, we really like this tool but still do recommend it to individual website owners.

Backups

  • It’s considered to be one of the top backup systems.
  • ManageWP enables you to backup a WordPress installation to a third-party storage provider (such as Amazon servers) four times a day.
  • Enables you to download any of your restore points you have created, as well as, access the files and the database from any of the restore points.
  • One-click access allows you to restore an entire backup.
  • A lot of other backup plugins run from inside the site which can hog CPU and RAM on your server. ManageWP takes the burden off the website itself leaving your resources free to serve your visitors.

Plugins

  • Proficient at monitoring all plugins and allows you to update them with one click.
  • This saves you the hassle of logging into your site from the plugin section to ensure it’s updated.

Managing Users

  • You can manage all of your website users from WP dashboard.
  • You can add or delete users, change passwords, or change user roles. If you own multiple websites, you may want to change your admin password on all of your blogs every month. Rather than logging into each individual blog, you can change the passwords for these sites within ManageWP.

Security Scans

  • Scan your website for malware or find out if its been blacklisted and if it resides on any of the domain black listing services.
  • Not as robust a scan as Wordfence, but it provides another measure to monitor what’s going on.

Uptime Monitor

  • This tool will ensure your WordPress sites continue to run smoothly; however, if something does go wrong, you will be alerted. You’ll be able to set alerts at five minute increments up to 15 minute intervals. When you enable these notifications, you are apprised when your site is down and when it’s back up.
  • Most importantly, it keeps a log of your overall uptime indefinitely and a list of all of the uptime and downtime events. As a small business owner, you can monitor how often your site is going down and how proficient your host is performing.

If you are having WordPress security issues or require more information on how to monitor and secure your WordPress websites, please contact us for more security solutions.