Making sure your website is secure is one of, if not the most important thing you should think about especially if you’re using a common script like WordPress. Because the script is so popular people find any vulnerabilities it has and exploit it on any blogs they find. Luckily, again because it is such a popular script, there are a lot of nice people who develop plugins to make it more secure. In this guide, I’ll go through some of these plugins with you.
Now this isn’t really a plugin that will make your blog more secure, but it is so important I thought I’d include it anyway. Your blog could go down for loads of reasons, from server failure, to hackers and if for some reason you are unable to get your data back then this plugin would be a godsend.
What it does is to backup your database every day and your whole installation (files and all) every week. It will store a certain amount of backups on the server (the number is definable in the admin panel) and it will even email you the backups it does. I have all the backups emailed to my hotmail account which I only really use for Xbox Live. You can also generate on demand backups whenever you want.
Secure WP automatically performs a range of modifications to your WordPress installation to make it dramatically more secure. Simple things like creating an index.html file in your /plugins directory to stop potential hackers seeing what plugins you have installed and hiding the tooltips on the login page will make your blog a lot more hacker proof.
Limit Login Attempts
One method hackers use to gain access to password protected areas is something called a brute force attack. This is basically where they try to guess your password again and again until eventually they get it right. The limit login attempts plugin allows you to limit the amount of times the person trying to login can get their username or password wrong. Say you set the limit to five and they get their username or password wrong five times, they will not be able to try again for a set amount of time. This seriously limits the efficiency of brute force attacks.
Limit login attempts can also be set to log every failed login attempt and to email the blogs admin whenever a failed login occurs.