Tag: Wordpress

  • WordPress security

    I love WordPress! It’s such an awesome Content Management System — much easier to upgrade than Joomla or Zen Cart, excellent plugins, easy to develop child themes. But scumbags out there love WordPress as well. Every morning when I check email, there are security alerts from my WordPress websites about hacking attempts. I hate to call it “hacking” because I like to think of hackers as computer gurus like Abby on NCIS or Penelope on Criminal Minds. Instead, the people trying to break into my websites are probably pimply-faced little twits with too much time on their hands and absentee parents. Or slimeballs. Sewer scum.

    Either way, it’s a full-time occupation to keep security locked down.

    The first time I “banned” an entire country, I felt bad. What if someone from Ukraine had a legitimate interest in visiting any of my websites. I decided to count attempts: after seven security alerts from one country, that country is banned. Brazil is getting close.

    I’ve developed a checklist for each WordPress website. When you get a website through Lodestar Graphics, this is part of the on-going maintenance.

    • Backup the database!
    • Backup files
    • change the database prefix
    • Update WP. Make sure you are using the latest version.
    • put an empty index.html in the plugin directory
    • check permissions
    • .htaccess
    • wp-config

    Must-have Plugins:

    • Block Bad Queries
    • Exploit Scanner
    • Login Lock
    • SI Captcha
    • WordPress Database Backup
    • WordPress File Monitor
    • WordPress FIREWALL 2
    • WP Ban
    • WP Security Scan
    • Ultimate Security Checker