With the rise or WordPress as the platform of choice for 100s of new sites each day, is crucial that you take steps to hard your WordPress installations from the seedy-underbelly of the internet trying to access your data.
Thankfully, there are a huge number of plugin out there which can help keep you secure and this post aims to round up only the best options so you dont have to spend an age researching each plugin.
Creating and handling backups.
First and foremost, you need to ensure your site has some kind of backup and restore system in place! Whilst the plugins below will help keep things nice and tight, if something does happen to worm its way into your install, being able to roll-back to a safe state is essential. In short, if you only do one thing from this post – this should be it,
As with most things in the WP universe, there is a plugin out there which can take the pain of backing up your data away – this is where BackUpWordPress shines. BackUpWordPress makes it very easy to take little snapshots of your site so you always have a safety net should things go wrong, however its also a good idea to contact your hosts who can guide you through the process of creating backups from your hosting cpanel for even more peace-of-mind.
Locking down your WordPress install.
There are a number of ways you can add a level of security to your WP installs, but the one I recommend to our users most is the marvellous iThemes Security. The plugin provides you with a simple checklist of features which allow you to harden common security issues in just one click. If your feeling really adventurous you can also use it to move your wp-admin urls and content folders – very much worth checking out.
Next up, we have BulletProof Security which was for many years my personal go-to plugin for all things WP, however it must be said that its not for the feint of heart/novice user due to the remarkably complex UI the plugin has when navigating it sea of features.
If your able to take the time to set it all up however, the result is a site so secure you may even have trouble updating it! Its worthy of a place on this list for the power it offers alone, but for most users iThemes Security is a less-baffling choice.
Sometimes, evasion can be better than prevention, and as a common tactic for hackers is to use bots to sniff out footprints of regular WP sites to locate a vulnerability it can be a good idea to essentially hide the fact your site is based on WP entirely – this is where the aptly named Hide My WP comes in. Using the most advanced rewriting techniques the plugin will essentially remove all signs that its running on WordPress by changing key URLs (such as content/theme files etc) and it well worth the price as its quite simple to setup but incredible effective.