I love WordPress! It’s such an awesome Content Management System — much easier to upgrade than Joomla or Zen Cart, excellent plugins, easy to develop child themes. But scumbags out there love WordPress as well. Every morning when I check email, there are security alerts from my WordPress websites about hacking attempts. I hate to call it “hacking” because I like to think of hackers as computer gurus like Abby on NCIS or Penelope on Criminal Minds. Instead, the people trying to break into my websites are probably pimply-faced little twits with too much time on their hands and absentee parents. Or slimeballs. Sewer scum.
Either way, it’s a full-time occupation to keep security locked down.
The first time I “banned” an entire country, I felt bad. What if someone from Ukraine had a legitimate interest in visiting any of my websites. I decided to count attempts: after seven security alerts from one country, that country is banned. Brazil is getting close.
I’ve developed a checklist for each WordPress website. When you get a website through Lodestar Graphics, this is part of the on-going maintenance.
- Backup the database!
- Backup files
- change the database prefix
- Update WP. Make sure you are using the latest version.
- put an empty index.html in the plugin directory
- check permissions
- .htaccess
- wp-config
Must-have Plugins:
- Block Bad Queries
- Exploit Scanner
- Login Lock
- SI Captcha
- WordPress Database Backup
- WordPress File Monitor
- WordPress FIREWALL 2
- WP Ban
- WP Security Scan
- Ultimate Security Checker
Project Honey Pot
I’d joined Project Honey Pot several years ago, and then promptly forgot about it. But this latest rash of lowlifes and losers that are constantly attacking my various websites has me up in arms. There has to be a way to fight back!
And there is! Project Honey Pot is an e-mail address harvester monitoring network. Using sweet and irresistible links on a website to lure in spammers and other scum, Project Honey Pot identifies spammers and the spambots they use to scrape addresses from your website.
It won’t help with the people who are trying to brute force the website by typing in the username “admin” and then trying to guess passwords, or the “Directory Traversal Attacks” or the “WordPress-Specific SQL Injection Attacks” that the Firewall warns me about. But any little thing I can do to fight back makes me feel better.