Welcome back to another article on how to maximize the performance you can get out of Wordpress , this time in the form of Security. As most webmasters know the most important asset that you have is your website, if there are any holes in your defense then there goes your whole site in a blink of an eye. Don’t let it happen to you.

So once again I have compiled a list of some heavy-duty security plugins to make your wordpress core as tight as the NSA.

“The Following 10 Plugins will fortify your site and I strongly recommend that you check them out in your free time.”

WP Security Scan – It scans your wordpress from the inside out to see if any malicious code has been injected into any core files or if anything weird has been uploaded. Sometimes you MAY get false positives. It’s a good start for a security plugin.

Wordpress Login Lockdown – Now this is a more conventional plugin , It does the same thing bank websites do, which simply is you login with the wrong username & password combo 3 times and BAM! You are locked out for 1 hour. It’s very useful against brute force attacks or pesky people. It is also customizable in the admin options panel.

Wordpress Database Backup – In time , everything is bound to fail. Windows Vista has taught me that lesson I think more than 10 times now within the past 2 years haha. Anyway this badboy is plug’n'play. It’ll restore your wordpress “just the way it was” before you decided to “Tweak” that one special setting.

Ask Apache Password Protect – Now this plugin struck me as unique when I found it on the web because it claimed this “Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well.”. So that sounds like a firewall to me after reading up some , it basically uses htaccess files to prevent malicious bots to keep coming to your site. I have not personally used this as of yet but I will report later on how it has worked. Sounds very promising and you should give it a check.

Force SSL – For anyone with an official SSL certificate , the Force SSL plugin for Wordpress forces for an HTTPS connection for security purposes. This is useful for those who with to enforce a higher level of security regarding the delivery of Wordpress content to the browser. It works by redirecting any requests for pages via plain old http into requests for pages via https.

Anonymous Wordpress Plugin Updates -This nifty small plugin prevents Wordpress from sending out a list of the active plugins on your website as well as the blog url & WP version your using. This seriously ups the Ante for wordpress users who want ultimate privacy brought to you ala` Jason Borune style.

Replace-WP Version – I personally like this plugin the most for unusual reasons or perhaps I enjoy my privacy heavily. What this plugin does exactly is it rips out what version of Wordpress you are currently using. It does it very neatly and simply. I really recommend you all to get this one.

Members Only ! – This great plugin makes your blog absolutely private to outsiders and will only let you view it once you have logged in. Users who try to view your website will be automatically redirected to the login/registration page. This plugin also boasts the fact that you can “privatize” your rss feeds to members only. I haven’t exactly tested out this portion of the plugin but I can verify this plugin is one mean club Bouncer from NYC!

Allow Categories – Is a plugin that lets you control which users are allowed to see a specific category within your wordpress. It’s simple if the user is not allowed to view a post within a certain category all they see is a blank post in the end. It’s quite useful in certain cases if your website is dependent on membership basis.

Simple Feed Copyright – This plugin does exactly what it’s name says. It simply adds a copyright notice at end of full text articles in your feed. Personally I have seen a lot of blogs being ripped off and reposted as full blown articles with no mention of the original author. Remember people if you steal, Chuck Norris WILL find you & carve the Author’s name on your forhead using his fingernails.

Spiky’s Random Do’s n’ Don’tz

1) CONSTANTLY UPDATE wordpress.org is always working on patching up security loopholes and such and besides that it is just overall beneficial to you, The current Wordpress updated the 2.6.1 build to 2.6.2 to seal up some holes that could potentially leave your site open to harm from malicious hackers.

2) MAKE sure your password includes Digits 1 , 2 , 3 & Capital/Mixed A , a , B , b & symbols $#%@. These will only help you and strengthen your site security.

3) MAKE sure you update the plugins you use as well , the author may have updated some crucial code that is open to hackers.

The following is an excerpt from the blogger at Milo of 3OneSeven.com

Tip #1

DO NOT use this search code in the

:

“<?php echo $_SERVER [’PHP_SELF’]; ?>”

Nobody should be allowed to search your entire server, or?

Use this one instead:

“<?php bloginfo (’home’); ?>”

Tip #2

Another bad code used in title tags or search templates:

“<?php echo $s; ?>”

as it allows malicious code injection.

Use this one:

“<?php echo wp_specialchars($s, 1); ?>”

Tip #3

• DO NOT use the default Kubrick theme, as it contains a security bug. Affected Script:
  /themes.php?page=functions.php

  “Header Image and Color” section of the Default Theme Kubrick.

• Further info here.
• Also, some themes are based on the Kubrick header functions, examine those themes carefully as they can have the same vulnerability.

Before doing any of the following customization, BACK UP your existing files. Or better, test it on your local or server test site.

Tips #4

Block search robots from your archive page by preventing the indexing:

“<?php if(is_archive()) { ?><meta name=”robots” content=”noindex”><?php } ?>”

Paste it anywhere in the header of your current theme BEFORE the closing of the head tag.

Phew , that’s all for today boys n’ girls

I hope you enjoy this article n’ find it useful , Hit me up at the forums in VadexFX.com

~ Spiky