1. Sucuri WordPress Security Plugin
I was on a webinar this past week with an online security expert. She is a real expert. She makes her living as a security expert. She’s the real deal. She mentioned two WordPress security plugins that every WordPress website owner should install. I’ve been using WordPress exclusively for over 3 years now, and I’ve heard the names of these two WordPress security plugins pop up repeatedly from people in the industry whom I respect.
The first WordPress security plugin is the “Sucuri Security – SiteCheck Malware Scanner”. Here’s the link to that plugin at WordPress.org:
http://wordpress.org/extend/plugins/sucuri-scanner/
Sucuri SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc.
This plugin is completely free.
You can also scan your site for free and learn more about Sucuri at the Sucuri Website.
2. Wordfence WordPress Security Plugin
The Wordfence Security Plugin is another extremely important and helpful WordPress Security plugin. I use the free version although there is a paid version that you can find out more about here: http://wordpress.org/extend/plugins/wordfence/
Here’s the blurb for Wordfence on the WordPress.org website:
Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups. Wordfence Security is full-featured and constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.
They Tried to Hack My WordPress Site!
I just installed Wordfence security plugin this week and today I got an email letting me know that someone tried more than six times to log into my WordPress Website (Jupiter Jim’s Marketing Team site) without my knowledge or permission.
Here’s part of the email message that Wordfence emailed to me:
A user with IP address xx.nn.xxx.aa has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 6 User IP: xx.nn.xxx.aa
I looked up the IP address and the attack originated from Russia.
While Wordfence did not prevent this attack, it did let me know that someone did try to break into my website. That makes me want to remain extra vigilant about my site security and my password security!
You can learn more about Wordfence by checking out the Wordfence Website.
And you can check out some of the Wordfence reviews here.
In the comments below please leave your experiences with either of these plugins or your experiences with WordPress Security Issues.
This is something we all need to learn more about and be more aware of!
Thanks for sharing!
Article Written by Jim Landers aka “Jupiter Jim”
Over 75 FREE WordPress Video Tutorials!
I have created over 75 FREE WordPress and Thesis Theme Video Tutorials! That's over 10 hours of FREE Training! Click here for my Thesis Theme Video Tutorials. And click here for my WordPress Video Tutorials. You may find all my videos on my YouTube Channel. I also design WordPress Blogs and Websites using the Thesis Theme.
Thanks for your COMMENTS!
Sincerely,
Jupiter Jim
{ 29 comments… read them below or add one }
Jim,
That seems like a really valuable plugin. I use Kaspersky and they seem to be quite stringent in catching threats. In fact, for awhile they were calling my own website “Attack sites” until I got them approved by google.
Warmly,
Dr. Erica
Dr. Erica Goodstone recently posted..YOU CAN Succeed in Business and in Your Life
I use a free plugin called User Locker. I once got locked out myself but had another administrator identity that got me in. They will try to crack into your site. My log in password that is quite elaborate. Not possible to brute force it with the few chances that User Locker allows. Biggest danger is if a hacker uses “admin” and fails, locking you out. So give admin rights to another name that you don’t use as an author.
Astro Gremlin recently posted..The Great Swiss Army Knife Debate
Astro,
Great Advice!!!! Never thought about that because I never use “admin” but some of my clients do!!! Thanks again!
jupiterjim recently posted..Create Contact Page with
Hi Jim,
Thanks for sharing these I am going to look at them in more detail now. It is so sad that we have to take all these extra precautions. But people will try to keep us on our toes so we have to be prepared.
Thanks,
Beth
Beth Hewitt recently posted..[Webinar] – Create Instant Attraction
Beth,
Yes, very sad! But, unfortunately, it’s the only game in town, so we gotta play! LOL
jupiterjim recently posted..Create a Static Home Page or Front Page using WordPress 3.5
Hi Jim,
thank you so much for sharing this information!
I installed both plugins before even writing this comment, since I know you would only share trusted resources.
I was pleased to have the first scan come back clear and I am aware of my anxiety as I am waiting for the second one from Wordfence.
It is amazing what is possible with technology and I am glad that these plugins are available.
I appreciate knowing you and that you made this information available!
Cheers,
Yorinda
Yorinda recently posted..Loving Kindness Prayer
Yorinda,
Thanks for the positive feedback! I really appreciate the fact that you follow my blog regularly and KNOW that I would not endorse something unless it was Rock Solid for WordPress!
Take Care,
Jupiter Jim
jupiterjim recently posted..Create a Static Home Page or Front Page using WordPress 3.5
Jim Thank you for this post…I’m pretty new to blogging and appreciate any information that is helpful….Thanks again
Gregory Bowen recently posted..What Is Quality?
Thanks for the great post about Wordpress security plug-ins. While my site is fairly new, I guess it’s not immune to hacking. I also like the other comments, too. Astro Gremlin really gave me a good idea to add another admin name (wink) just in case. As always, Jim, you rock!
Charlene Christiano recently posted..By: Charlene
Charlene,
Thanks for the Kudos!!! And you’re never too New to be a victim of hacking!
jupiterjim recently posted..Create a Static Home Page or Front Page using WordPress 3.5
It is really important to have a highly secured blog because nowadays a lot of hackers are on a prowl. The plugins you have mentioned will help a lot to make our blogs secure. Thanks a lot dude
Jaimie recently posted..Blogging Your Business Can Expand Your Brand and Increase Your Profits
Most Wordpress blogs seem to be under constant brute force attacks now, I use ‘Limit Login Attempts’ and ‘Login Logger’ at the moment.
Hythe recently posted..Driving schools dover
Every morning when I log onto the internet I get messages that someone else has registered as a user on my site. Not one of the people who are commenting so that they can select from additional posts in CL, but from bots.
Most often these are from Poland, although I have no idea why. Fortunately, I have never had a problem with accessing my site or being locked out. it is a good idea to have multiple admin accounts, and I am hoping that one of these plugins which make my security concerns go even farther away.
Thank you Jim, I had not heard of either of these before, and I am very interested in taking a look at them.
Michael Shook recently posted..How To Get Positive Thinking Tips
Wow thanks Jim – scary about that hacking thing! I have used Sucuri in the past – but it was definitely not free. The plugin is new to me so I’ll take a closer look. As concerned as I am over security – I also worry about overlapping programs. Between my blog and my computer I have 4 security programs running and I’m always a little nervous about jamming things up that are already working by overcompensating.
marquita herald recently posted..How Do You Know When It’s Time to Give Up a Dream?
I am using antivirus plugin but not satisfied with it. now i will try your given plugins. Is it necessary to use both plugin simultaneously?
Electrical engineering recently posted..How to install thesis theme on wordpress
Well, the Sucuri is just a scanner so you can run that whenever you want.
jupiterjim recently posted..Create Contact Page with
Thanks Jim for yet another wonderful post and advice. I’ve been concerned about safety for a while so this came at the right time. Already installed both of the plugins and hope to get a little peace of mind. How do you handle the “attacks”? I would freak out getting messages, but how to you handle it? Do you change passwords often? Any advice to make me not freak out when a message comes in would be greatly appreciated.
Melanie a/k/aCrazyMom recently posted..iPad safety needs to be addressed if your kids use it #Free Apps
Wow. This serves a reminder for me to perform maintenance on my blog…I am long overdue and need to protect my blog from being hacked.
I have several plug-ins installed and one of them shows me how many people have tried to hack into my blog.
Rachel Lavern recently posted..Is Pure Leverage All Hype?
Sucuri Scanner have been proved one of the best plugin for me.
Thanks for introducing another plugin.
Kulwant recently posted..Money is in the List. But How?
HI Jim I have no idea if I have a security plug in or not on my wordpress, is there a way to find out? Do I need to have both of these plug-ins you are talking about here today? I am going to go and see if I have them available in my dashboard now. Thanks for sharing! Chery
Chery Schmidt recently posted..Becoming Conscious About Your Actions As An Online Entrepreneur
Chery,
Use both.
jupiterjim recently posted..Jupiter Jim is in The WordPress Handbook!
Thanks Jim I did go and activate both plug ins, I did run the wordfence and it keeps coming back as a scan error that they cannot connect with the host Not sure what this means, any thoughts. Also is there anything I need to do for the Sucuri plug in? Again Thanks for all you do Chery
Chery Schmidt recently posted..Becoming Conscious About Your Actions As An Online Entrepreneur
Chery,
I am sorry I don’t know why you are having the scan error with Wordfence. You can go to the developer’s site and they should have a forum on WordPress.org to answer all questions and problems.
As for sucuri, I would run it at least once to scan all your files on your server that hosts your WordPress site / blog.
I hope this helps!
jupiterjim recently posted..Why I Don’t Use WordPress JetPack
hi all. i’ve coded a new antivirus perl based.
Functions:
1) found and remove malicious file and if you want make a backup.
2) found exploitables file and suggest update
video demonstration
http://www.youtube.com/watch?v=RLG2g5HsGnQ
if someone is interesting to test please contact me
last few testing and program will be public
regards
david
01darkan01 recently posted..WordPress Antivirus security
Thanks for the heads up on WordFence. Hadn’t come across it before even after watching a very recent Wordpress security video. It’s great. Have a free version of the Securi scanning for malware installed with BackupBuddy, but WordFence picked up outdated copies of Timthumb lying around in all sorts of unused theme folders plus a couple of suspicious links in files. Much appreciated.
Limit Login Attempts or Login Lockdown can also protect your site against brute force attempts on your WordPress admin.
Also be sure to keep your computer updated and run a modern browser.
Lorenzo recently posted..How to Fix PHP Fatal Error: Allowed Memory Size of # Bytes Exhausted
Quite funny that you blogged about this last month and this month there was a huge attack on all the wordpress sites. All those who had their sites secure would have felt very glad to take some steps before it was too late.
Keral Patel recently posted..Top Questions To Ask Before Hiring A Webmaster
Hi Jim,
Thank you very much for sharing this advice . It is so important to have the right plugins to keep wordpress sites safe . Rosemary
Thanks, Rosemary!
jupiterjim recently posted..How to Change WordPress ‘admin’ username for Security Reasons
{ 1 trackback }