Security is an important consideration for anyone who runs a web site. Hackers are always searching for vulnerabilities. Fortunately with WordPress there is a dedicated community of developers and companies constantly monitoring internet traffic to discover and fix WordPress vulnerabilities. Yet, it is important for site administrators not let their guard down. Installing the proper plugins that can monitor and enhance the security of your site is a necessary step. Here is a selection of the most useful plugins.
Edit Author Slug
An author slug is a label that use to identify a particular user. When a post on a WordPress site has a link to a page listing other posts by the same author, the link uses the author slug. The problem with the author slug is that is identical to the author’s user name that he or she uses to log on to the site. Such information as user names is often useful to hackers. The Edit Author Slug plugin allows a user or site administrator to change the author slug and prevent it from revealing the user real login name.
TimThumb Vulnerability Scanner
TimThumb is a popular PHP script for resizing images which is used in many WordPress themes. However when it was first released it created a vulnerability in sites running it because it allowed visitors to upload malicious content from remote websites. The TimThumb Vulnerability Scanner plugin allows site administrators to check for the existence and the version of TimThumb on their site. If a vulnerable version is found the plugin will replace the TimThumb script with a secure one. Every WordPress site should have a copy TimThumb Vulnerability Scanner so that administrators can insure that the themes have have installed do not contain insecure copies TimThumb.
Centrora Security
The OSE Firewall, a.k.a. Centrora Security is a powerful plugin for maintaining site security. It includes features to manage I.P. addresses, prevent span, scan for malware, detect directory traversal attacks, block javascript injection, detect database SQL injection attempts, block malicious user agents and bots and guard against denial of service attacks. The plugin will notify site owners of failed attacks.
Wordfence Security
Wordfence Security has similar features to Centrora Security but it stands out with it scanting feature that checks WordPress core files and plugin files and notifies site owners if any files have been modified. It also notifies site owners when a plugin or WordPress itself needs to be updated. Site administrators are able to configure many features including how much traffic from visitors and bots to allow. You can also set it to lock out anyone logging in after a certain number of failed login attempts or when they use an invalid user name. The down site of security plugins like this one is that it does not work well with caching plugins. Thus, in some cases site administrators have to choose between security or performance.
Remove XMLRPC Pingback Ping
XMLRPC is a capability built into WordPress for sending pingbacks, trackbacks and permits remote access via mobile devices. But this capability also allows WordPress sites become part of denial of service attacks. With the use of the Remove XMLRPC Pingback Ping this capability can be turned off. I’m including this plugin here to help get the word out to those who do not want their sites participating in denial of service attacks.
Sucuri Security – Auditing, Malware Scanner and Hardening
Finally Sucuri Security has recently released its Auditing, Malware Scanner and Hardening plugin that in addition to its well know malware scanning adds some great features to protect your WordPress core files.
Use of these and other plugins will aid site administrators in maintaining the integrity of their sites and help them to stay aware of attacks directed against their sites.