I love WordPress! It’s such an awesome Content Management System — much easier to upgrade than Joomla or Zen Cart, excellent plugins, easy to develop child themes. But scumbags out there love WordPress as well. Every morning when I check email, there are security alerts from my WordPress websites about hacking attempts. I hate to call it “hacking” because I like to think of hackers as computer gurus like Abby on NCIS or Penelope on Criminal Minds. Instead, the people trying to break into my websites are probably pimply-faced little twits with too much time on their hands and absentee parents. Or slimeballs. Sewer scum.
Either way, it’s a full-time occupation to keep security locked down.
The first time I “banned” an entire country, I felt bad. What if someone from Ukraine had a legitimate interest in visiting any of my websites. I decided to count attempts: after seven security alerts from one country, that country is banned. Brazil is getting close.
I’ve developed a checklist for each WordPress website. When you get a website through Lodestar Graphics, this is part of the on-going maintenance.
- Backup the database!
- Backup files
- change the database prefix
- Update WP. Make sure you are using the latest version.
- put an empty index.html in the plugin directory
- check permissions
- .htaccess
- wp-config
Must-have Plugins:
- Block Bad Queries
- Exploit Scanner
- Login Lock
- SI Captcha
- WordPress Database Backup
- WordPress File Monitor
- WordPress FIREWALL 2
- WP Ban
- WP Security Scan
- Ultimate Security Checker