Is your website hosted on wordpress?  Is it safe from hackers?  

Last February my website was hacked, and I made a post on what I learned from that titled, 5 Things I Learned From Being Hacked!.  Being hacked was a horrible feeling.  Wondering what they hacked, and where the site was being redirected to.  It took hours to get youth ministry media back up and running.  Just because you have a wordpress website doesn’t mean you aren’t vulnerable to being hacked.  Trust me!  I was naive, and this site went down and it took hours to get back up.

Here are 5 plugins you should have installed if you are paranoid like me!  

1. Antivirus for wordpress.  This is a great plugin.  It will scan your wordpress site for malicious code or backdoors that will allow others to hack your website.  This plugin cleared up so many of my problems!  I would install this on any fresh wordpress install.

2. Secure wordpress.   A few features of secure wordpress are:

  • Remove error-information on login-page
  • Add index.php plugin-directory (virtual)
  • Add index.html to plugin directory
  • Remove the wp-version, except in the admin-area
  • Hide wp-version in backend-dashboard for non-admins
  • Remove Really Simple Discovery
  • Remove Windows Live Writer
  • Remove core update information for non-admins
  • Remove plugin-update information for non-admins
  • Remove theme-update information for non-admins (only WP 2.8 and higher)
  • Block bad queries

Essentially, it removes all the ways hackers can sneak into your website.

3. Login lockdown. Have you ever checked your google analytics only to see a few hits at your login screen?  This plugin sets up permissions for your login.  Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes.

4. File Monitor Plus.  If someone changes one file on my website I want to know!  When I was hacked in February I had to personally check 100’s of files.  This was a pain.  If I had this plugin activated I would know what files were tampered with and in what way.  Helpful plugin.

5. Exploit Scanner.  This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.  You might want to download this plugin to see if anything sketchy is going on with your website.

Those are the 5 free wordpress security pugins.  Which ones do you have installed?