Security Lockdown for Your Website

It may become necessary to add more security layers to your website to keep more of the bad out.

Akismet is a great plugin, but it can only protect you from comment spam.

Sometimes you need more.  Here’s a list of some of the plugins that I’ve used to limit and eventually stop people from accessing client websites.  It may help you as well.

Limit Login Attempts
Description:  Limit the rate of login attempts, including by way of cookies, for each IP. Author:  Johan Eenfeldt

Even though it’s over four years old, this plugin still rocks.  I would recommend that you change the default settings, so that it keeps the bad people guessing on how to connect to your website.

Daily Stat
Description:  Improved real time stats for your blog.
Author:  luciole135

After being hacked, I use Daily Stats to monitor the recovery process.  This plugin only maintains visitors information for the last two days — which is fine since I’m logging in a few times a day anyhow.  It’s great for seeing if your security is decreasing the unwanted login attempts, brute force attacks, etc.

iThemes Security Dashboard
Description:  Protect your WordPress site by hiding vital areas of your site, protecting access to important files, preventing brute-force login attempts, detecting attack attempts and more.
Author:  iThemes

All the options look pretty intimidating at first, but just go through the first 3 tabs –> Dashboard (Global), Settings, and Advanced and you’ll be okay.  I prefer to lockdown my sites using minimal attempts versus the 3 or 10 tries that the default settings allow.

I replaced this with Wordfence since there’s a built-in cache system, thus eliminates another plugin — which is always good.

NewStatPress
Description:  Real time stats for your WordPress blog.
Author:  Stefano Tognon and cHab

When it’s not as critical to see the day’s attempts, I use this plugin to see the bigger picture.

Sucuri Security – Auditing, Malware Scanner and Hardening
Description:  It’s easy to get lost in all the options, but the main take away is that this plugin provides scanning, hardening and post-hack features for your domain — completely free.
Author:  Sucuri, Inc.

Request a free API code via the Settings tab and you’re good to go.  I use it for the simple “Enable” buttons on the Hardening tab to do all the heavy lifting on writing the appropriate limitations for file access.

Wordfence Security – Anti-virus, Firewall and High Speed Cache
Description:  The title says is all.
Author:  Wordfence

I use the Wordfence scan to ensure everything’s cool.  The email notifications can be annoying, but then again, anything that motivates you to do something about it is worth using.