Jump to content

Recommended Posts

Hi all,

 

One strategy I have with WordPress, revolving around security, is to install myself an analytics plugin (free) called "Slimstat" and a free security plugin once known as "Better WP Security" (I think it's changed names).

 

If you set things up well, you can use slimstat to track the pages people visit and even their IP addresses. If you find some fishy behaviour going on such as constant hitting on potentially vulnerable plugin files (you may not even have these installed) or various hits on your login page, you can simply copy the IP; go back to your better wp security and blacklist the IP.

 

Of course, those two plugins have many more features to explore. Very powerful!

 

On a related note, is anybody using Slimstat? I am actually using it instead of Google Analytics.

  • Like 4

Share this post


Link to post
Share on other sites

Thanks for sharing Mark, I'm going to have to check those plugins out.

 

Here are the links to them in case others want to look them up.

 

iThemes security, formerly, Better WP Security: https://wordpress.org/plugins/better-wp-security/

Slimstat: http://wordpress.org/plugins/wp-slimstat/

 

I use Google Analytics and then use a Wordpress Firewall 2 for my security and I have a few backup systems in place.

  • Like 4

Share this post


Link to post
Share on other sites

It's so important to keep high security on Wordpress and thanks for sharing Mark. I just had a client on one of my servers get their wordpress hacked which resulted in this person's email getting used for spam and getting them blacklisted. So good advice to keep Wordpress not only up to date but also secure via wordpress plugins.

  • Like 1

Share this post


Link to post
Share on other sites

I'm creating my website, so this will be extremely helpful. It's good to know about security and not just how to get the site up and running. This will be great to get it right from the start. Thanks so much!

  • Like 3

Share this post


Link to post
Share on other sites

Thank you loads for sharing, Mark - I gotta say, naively, I hadn't even thought of backing my website up! Jeeeez, there is a LOT to learn!!! I'll be checking these links out pronto!!

 

:bubbly:

  • Like 2

Share this post


Link to post
Share on other sites

Oh lordy... just installed BPS as a firewall and it seems you need a degree to understand the settings... :blush:

 

Yes, it's true. Understanding the risks and applying the solution is an entire field of its own. I am starting to do talks on this topic and educating people on it. I can be hard to sell your clients something that prevents disaster rather than add value to their bottom line.

 

But we have to protect our clients so at the very least, we as VAs, need to understand the risk at hand. The solution is mind boggling but when you understand the pieces it becomes a lot easier.

 

My advice to you is to know first why are you putting on a firewall? Do you know what an application level firewall is and what it does? This is not only useful for you to know if its the right strategy for the site you are working on, but also for you to explain to your clients.

 

Feel free to hit me up if you have any questions.

  • Like 1

Share this post


Link to post
Share on other sites

Fantastico and other 1-click installs are introducing security risks into WordPress because they use default options that are known vulnerabilities, such as the wp_ database prefix and the Admin user. "Long" installs let you choose your own prefix and username.

 

Some security measures I have added to my website in progress:

  • Password-protecting the wp-login page
  • Deleting the /wp-admin/install.php and readme.html files
  • Moving wp-config up one folder and setting its permissions to 440

 

I have also used the "Ultimate Security Checker" plugin that checks for vulnerabilities and gives instructions on how to fix them. For those who are not comfortable making manual fixes, the plugin authors also offer a fixing service for a fee.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Want to Become a VA?
    Invest in The VAC!
    How Do YOU Startup A

    Virtual Assistant Organization Association
    Upgrade Your FREE Account & Receive Today...
    * Access to Our Bus JOB Board *
    * Group Coaching & Training*
    *Training Tracks*
    * Private Mastermind Area *
    * Business Templates *
    * Contracts & Forms*
    * Plus VAinsider Perks! *
    UPGRADE HERE


    Virtual Assistant Organization Association

    Virtual Assistant Organization Association







    HootSuite - Social Media Dashboard




×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.