L
L
Leonid2018-09-04 13:33:50
Information Security
Leonid, 2018-09-04 13:33:50

How and with what do you protect your WordPress sites - plugins, solutions?

Can you share what plugins or measures you take to protect your WordPress sites from hacks, hackers, etc.?
Using the popular iThemes Security (formerly Better WP Security) - or not?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
I
Igor Vorotnev, 2018-09-13
@HeadOnFire

1. Server-level protection, including blocking known dumb requests, limiting password attempts, blocking access to what is not needed, correct rights, etc. Fail2ban, UWF and that's it, plus Nginx.
2. Building a project based on Composer, where WP is a regular dependency, like everything else. Automatic deployment with the possibility of instant rollback. Checksum monitoring. Monitor performance, availability and logs.
3. Checking all the code that is being installed. Never use "zeroed" plugins and themes.
4. Using the best security practices when writing your code.
5. Using bcrypt or argon for WP passwords.
6. Using .env
7. Access to wp-admin only by IP or by IP via VPN (so that you don't have to update the whitelist if the IP changes).
8. In some cases, CloudFlare is at the entrance.
I don't use or recommend any plugins like Wordfence, iThemes Security, etc. They only slow down the site, don't do anything that can't be done without them, are themselves a vulnerability and create a false sense of security.

O
Orkhan Hasanli, 2018-09-04
@azerphoenix

1) Wordfence
2) Reliable hosting
3) Cleantalk to protect against SPAM or Akismet
4) Clearfy
5) If you install zeroed plugins, carefully study their contents (a common problem that occurs)

X
xmoonlight, 2018-09-04
@xmoonlight

For any sites:

  • Protection against "hacking": here
  • Spam protection: here

V
Vladimir Druzhaev, 2018-09-05
@OtshelnikFm

iThemes Security (formerly Better WP Security) are monsters.
I use Limit login attempts and have written my own solution - kwpl: Kill wp-login & Fix Login
by the way... Don't install null themes and plugins.
Update the VI and theme and plugins on time.
Do not let users into the admin panel, only the admin.
The admin account is cunning.
Monitoring of logs for artifacts
Backups of course.

B
Boris Shpakovsky, 2018-09-13
@kotboris

Clearfy to protect
Kama Spamblock from autospam
These two are enough for basic protection. Of the more complex ones, I like All In One WP Security & Firewall
, it has everything to protect the file system, databases, and that's it.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question