Improve WordPress Security using Better WP Security plugin

Written by Tushar. Posted in Blogging

As a wordpress blog owner you might be aware of fact that wordpress blogs are prone to various attacks. Nowdays wordpress security is a widely discussed topic as most of the wordpress blogs are hacked now and then. Securing a wordpress blog to a 100% is not that easy, but there is always a way improving security.

To secure your wordpress blog, you need to follow the steps.

  1. Make sure your wordpress installation is up to date with latest updates applied to it.
  2. Have complex password for login (i.e. password should be a combination of alphabets, numerals, special characters).
  3. Perform regular backups.
  4. Have good plugins that are well rated (at least 3 stars). Good plugins are well coded and are regularly updated. Poorly coded plugins can provide loop holes for hackers.

As you know that wordpress has numerous plugins, so for wordpress security there is also a plugin named Better WP Security. This plugin is rated 4.8 out of 5 stars  and has been downloaded 826,576 times (as on 05 July 2013).

Capabilities of Better WordPress Security

Features

  • Remove the meta “Generator” tag.
  • Change the urls for WordPress dashboard including login, admin, and more.
  • Completely turn off the ability to login for a given time period (away mode).
  • Remove theme, plugin, and core update notifications from users who do not have permission to update them.
  • Remove Windows Live Write header information.
  • Remove RSD header information.
  • Rename “admin” account.
  • Change the ID on the user with ID 1.
  • Change the WordPress database table prefix.
  • Change wp-content path.
  • Removes login error messages.
  • Display a random version number to non administrative users anywhere version is used.

Detection and Protection

  • It can monitor file system for unauthorized changes and can detect bots attempting to search vulnerabilities of your blog.
  • It can ban troublesome bots and user agents.
  • Scan your wordpress blog for vulnerabilities and fix them.
  • Detect and block attacks to database and filesystem.
  • Prevent brute force attacks by banning hosts and users attempting too many invalid login attempts.

Backups

The plugin will make regular backup of  wordpress database . It can create and email database backups as per scheduled customized by user.

Using Better WP Security

After installation and activation of Better WP Security plugin you will have two options of the Dashboard.

  1. Secure my site from basic attacks.
  2. No thanks, I prefer to do configure everything myself.

Wordpress Security

I would suggest to go with second option and configure plugin manually. After clicking the second option button you will be presented with the System status of your wordpress installation. This System Status shows the items which are actually the vulnerabilities that is needed to be fixed.

Wordpress Security

Now focus on the items presented in Red Color, click the link “Click here to fix” next to each item. These links will take you to various security settings page. From there enable and apply the fix. 

After applying a fix you can check for status from Dashboard. If it’s not red color then everything is working good, else try again.

If you want to explore everything related to wordpress security, then visit each tab of the plugin. The available tabs are, User, Away, Ban, Dir, Backup, Prefix, Hide, Detect, Login, SSL, Tweaks, Logs.

Note: Remember one thing, before exploring and going advanced way of configuration, backup your database.

Technoxpad is secured with the help of this plugin, so I will recommend to try it. For new bloggers this plugin is best and as I have explained consider things displayed in red color on Dashboard to secure first.

Tags:

Tushar

If you like this post then follow on Twitter and Facebook. If you have any query then contact the author.

Leave a comment