I have been cleaning up a lot of hacked websites/malware and doing security updates and hardening for WordPress websites lately. Ideally I’d be able to lock down a client’s server more thoroughly, implement a good firewall, and run some intrusion detection software, but since many people can’t afford this sort of thing and are on shared hosting environments, I have to lock down what I can.
For hardening WordPress I have traditionally been a fan of Secure WordPress, but lately it has seemed a little too simplistic and not proactive enough. Malware infestation on websites has been spreading like wildfire lately for whatever reason, so staying on top of things is a must.
WordPress Firewall 2 seemed to work pretty well in the past, but it would often kick back false positives which caused issues with plugins and prevented things from working that should otherwise not have a problem. Not to mention it hasn’t been updated in a while.
I was happy to see that Sucuri made their premium plugin free recently. It is pretty slick and has some cool features, and I really like what Sucuri does for web security. But with this plugin they are trying to walk the line between simplicity for the end user and comprehensiveness for being secure. It’s kinda weird to use for that reason, as you don’t really get a good understanding of what is being done behind the scenes.
I tried this a few weeks ago and orginally gave it up, but I have since returned to Better WP Security, especially now that I can specify an email address to send notifications to and can disable warnings in the WP admin area. These are things that mattered a lot to me, as they would inevitably lead to clients or bosses emailing me asking what all these warnings were. The recent update to the plugin fixed all that, and I’m a happy camper.
I really like that the plugin shows you what needs to be done, makes it easy to do it, and keeps you well informed about what is going on behind the scenes. There is intrusion detection, there are logs, there are password strength policies, there are database tweaks, there are database backups, and there are many other ways to tighten up security. You don’t find so many useful tools in one place with any other plugin.