Security Lockdown for Your Website
It may become necessary to add more security layers to your website to keep more of the bad out.
Akismet is a great plugin, but it can only protect you from comment spam.
Sometimes you need more. Here’s a list of some of the plugins that I’ve used to limit and eventually stop people from accessing client websites. It may help you as well.
Limit Login Attempts
Description: Limit the rate of login attempts, including by way of cookies, for each IP. Author: Johan Eenfeldt
Even though it’s over four years old, this plugin still rocks. I would recommend that you change the default settings, so that it keeps the bad people guessing on how to connect to your website.
Description: Improved real time stats for your blog.
After being hacked, I use Daily Stats to monitor the recovery process. This plugin only maintains visitors information for the last two days — which is fine since I’m logging in a few times a day anyhow. It’s great for seeing if your security is decreasing the unwanted login attempts, brute force attacks, etc.
iThemes Security Dashboard
Description: Protect your WordPress site by hiding vital areas of your site, protecting access to important files, preventing brute-force login attempts, detecting attack attempts and more.
All the options look pretty intimidating at first, but just go through the first 3 tabs –> Dashboard (Global), Settings, and Advanced and you’ll be okay. I prefer to lockdown my sites using minimal attempts versus the 3 or 10 tries that the default settings allow.
I replaced this with Wordfence since there’s a built-in cache system, thus eliminates another plugin — which is always good.
Description: Real time stats for your WordPress blog.
Author: Stefano Tognon and cHab
When it’s not as critical to see the day’s attempts, I use this plugin to see the bigger picture.
Sucuri Security – Auditing, Malware Scanner and Hardening
Description: It’s easy to get lost in all the options, but the main take away is that this plugin provides scanning, hardening and post-hack features for your domain — completely free.
Author: Sucuri, Inc.
Request a free API code via the Settings tab and you’re good to go. I use it for the simple “Enable” buttons on the Hardening tab to do all the heavy lifting on writing the appropriate limitations for file access.
Wordfence Security – Anti-virus, Firewall and High Speed Cache
Description: The title says is all.
I use the Wordfence scan to ensure everything’s cool. The email notifications can be annoying, but then again, anything that motivates you to do something about it is worth using.