Forums

The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Securing and Backing up WordPress

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • April 6, 2014 at 2:11 am #167727
    WMEric
    Participant

    Hello everyone,

    I was wondering what everyone thought on how to properly secure wordpress, and a *GOOD Free backup plugin.

    By this I don’t mean the common securing ie, .htaccess, moving the wp-config file, aka hardening wordpress.

    I mean thing like a plugin to prevent brute force attacks, JS injection, defacing, etc…

    I used to use Better WP Security but the last update is well, anything but good.

    Any help on the matter would be great, and much appreciated.

    Thank you all for reading

    April 6, 2014 at 1:49 pm #167750
    __
    Participant

    There is no such thing as a “one click” solution. You need to learn about PHP security (and security in general). You’re certainly not going to find what you need in a plugin: a lot of critical things need to be done at the server level, not from inside WP. This post might interest you.

    • brute force attacks:

    “brute-force” what? I assume you’re worried about logins.

    simply rate-limiting your forms will make “live” brute force attacks impractical. Use nonce tokens with your forms and ignore submissions that took less than a second to return to you.

    most brute force attacks are offline attacks anyway, however. So make sure your database is secure. For example, the MySQL user that WP runs under shouldn’t be able to do anything critical—create, read, update records; and that’s it.

    • JS injection:

    JS injection is the same thing as HTML injection, and so has the same solution: make sure you know what you are outputting to the browser, and how it will be treated. If something should be text-only, then use htmlspecialchars before you print it. If something is allowed to contain HTML, then make a whitelist of allowed HTML tags/attributes and use a script like HTMLpurifier.

    • defacing:

    is not an attack. It is something done after the attack.

    January 16, 2015 at 3:55 am #193403
    Wayne90
    Participant

    I don’t prefer plugin for backup. Currently I am using online backup software for backup my everything. I also recommend you to try CloudBacko Pro for backup. CloudBacko Pro Software supports backing up Microsoft Exchange Server, Microsoft SQL Server, VMware, Hyper-V, and other databases. Check this software for backup or click here http://www.cloudbacko.com/

    February 4, 2015 at 1:17 am #195047
    serendipity
    Participant

    I use

    xcloner – to backup wordpress
    bullet proof security – for protection which locks out login attempts (however I have had issues with this on one site)
    So the site I had issues with I used
    wordfence

    However neither plugin actually stops the attempts before they hit the login page, I tried a couple including secure wordpress but they didn’t work.

    I hope the above helps and if you find one that actually stops the attempts before they hit the login page, please post it as I need it too!!

    July 16, 2019 at 1:45 am #292894
    Bladebringer
    Participant

    Interestingly, thanks a lot for making some points clear.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • The topic ‘Securing and Backing up WordPress’ is closed to new replies.