Security Lockdown for Your Website

It may become necessary to add more security layers to your website to keep more of the bad out.

Akismet is a great plugin, but it can only protect you from comment spam.

Sometimes you need more.  Here’s a list of some of the plugins that I’ve used to limit and eventually stop people from accessing client websites.  It may help you as well.

Limit Login Attempts
Description:  Limit the rate of login attempts, including by way of cookies, for each IP. Author:  Johan Eenfeldt

Even though it’s over four years old, this plugin still rocks.  I would recommend that you change the default settings, so that it keeps the bad people guessing on how to connect to your website.

Daily Stat
Description:  Improved real time stats for your blog.
Author:  luciole135

After being hacked, I use Daily Stats to monitor the recovery process.  This plugin only maintains visitors information for the last two days — which is fine since I’m logging in a few times a day anyhow.  It’s great for seeing if your security is decreasing the unwanted login attempts, brute force attacks, etc.

iThemes Security Dashboard
Description:  Protect your WordPress site by hiding vital areas of your site, protecting access to important files, preventing brute-force login attempts, detecting attack attempts and more.
Author:  iThemes

All the options look pretty intimidating at first, but just go through the first 3 tabs –> Dashboard (Global), Settings, and Advanced and you’ll be okay.  I prefer to lockdown my sites using minimal attempts versus the 3 or 10 tries that the default settings allow.

I replaced this with Wordfence since there’s a built-in cache system, thus eliminates another plugin — which is always good.

Description:  Real time stats for your WordPress blog.
Author:  Stefano Tognon and cHab

When it’s not as critical to see the day’s attempts, I use this plugin to see the bigger picture.

Sucuri Security – Auditing, Malware Scanner and Hardening
Description:  It’s easy to get lost in all the options, but the main take away is that this plugin provides scanning, hardening and post-hack features for your domain — completely free.
Author:  Sucuri, Inc.

Request a free API code via the Settings tab and you’re good to go.  I use it for the simple “Enable” buttons on the Hardening tab to do all the heavy lifting on writing the appropriate limitations for file access.

Wordfence Security – Anti-virus, Firewall and High Speed Cache
Description:  The title says is all.
Author:  Wordfence

I use the Wordfence scan to ensure everything’s cool.  The email notifications can be annoying, but then again, anything that motivates you to do something about it is worth using.

I'm your mild-mannered, marketing guy. I love maximizing returns for businesses using imagination and low-cost approaches.

Leave a Reply

Your email address will not be published. Required fields are marked *