Every day, thousands of sites are subjected to successful hacking actions. Sites running on the WordPress CMS are no exception.
We’ll focus on the topic of WordPress protection and approaches to combating spam. We have some input to share with you.
CleanTalk
This cloud-based plugin offers over 30 solutions targeted toward ensuring no awkward data land in your database or a site comment section. CleanTalk provides an outstanding WordPress Spam protection for forums, blogs, and other sites. The solution works both with individual sites and multisite platforms. The functionality of the plugin includes many cool things:
- Prevention of massive attacks by denying access to users with numerous incorrect attempts to enter the site;
- Site crawling and reports on existing vulnerabilities, providing detailed recommendations of how to fix them;
- Access block to bots and suspicious users;
- Enhanced overall server security;
- Provision of strong passwords for all accounts;
- Enforced SSL for pages (if the server supports it);
- Recognition and block of numerous attacks on your file system, data repository.
Acunetix WP Security
Acunetix plugin checks the site for various security vulnerabilities and suggests how to fix them. This may relate to passwords, file permissions, display of various important info, database protection, and more.
Key features:
- Multisite support;
- Creation of backup copies of databases;
- Removal of messages about incorrect login on the login page;
- Adding index.php files to wp-content, wp-content / plugins, wp-content / themes and wp-content / directories to prevent viewing the list of directories;
- Removal of the display version of the CMS from everywhere, except for the admin part;
- Removal of Really Simple Discovery and Windows Live Writer meta tags;
- Tracking activity on your site in real-time;
- Disabling error messages and PHP errors in the database.
BulletProof Security
The BulletProof Security plugin solution safeguards the site from Remote File Inclusion, Code Injection, SQL Injection, XSS; it also blocks hacking actions. The plugin ensures security mechanisms for settings, logins, passwords and other elements that may be hacked.
The functionality covers the following:
- Protection with .htaccess;
- Hiding the plugins folder;
- Login security and tracking;
- Automatic termination of a session in case of downtime;
- Setting the validity period of the authorization cookie.
Firewall
The Firewall solution employs additional firewalls for the site, various methods of protection, and reports on them. Here are gathered of the best things about the solution:
Account Protection:
- Defines an admin account and offers to alter it to another one at your discretion;
- Generates ironclad / impossible-to-hack passwords.
Protection of credentials and on-site actions:
- Login Lockdown option — blocks users for a certain number of incorrect login attempts;
- Makes forced logout for all users after a set time;
- Monitors activity by logging information;
- Provides a report on the complete list of users who are currently logged in;
- Adds captcha to all the on-site forms;
- Allows manually confirming each new registration on the site.
No matter what you implement for the online project you lead, it is critical that you stay tuned to your resource weak points.