The forums ran from 2008-2020 and are now closed and viewable here as an archive.

Home Forums Back End Securing and Backing up WordPress

  • This topic is empty.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #167727

    Hello everyone,

    I was wondering what everyone thought on how to properly secure wordpress, and a *GOOD Free backup plugin.

    By this I don’t mean the common securing ie, .htaccess, moving the wp-config file, aka hardening wordpress.

    I mean thing like a plugin to prevent brute force attacks, JS injection, defacing, etc…

    I used to use Better WP Security but the last update is well, anything but good.

    Any help on the matter would be great, and much appreciated.

    Thank you all for reading


    There is no such thing as a “one click” solution. You need to learn about PHP security (and security in general). You’re certainly not going to find what you need in a plugin: a lot of critical things need to be done at the server level, not from inside WP. This post might interest you.

    • brute force attacks:

    “brute-force” what? I assume you’re worried about logins.

    simply rate-limiting your forms will make “live” brute force attacks impractical. Use nonce tokens with your forms and ignore submissions that took less than a second to return to you.

    most brute force attacks are offline attacks anyway, however. So make sure your database is secure. For example, the MySQL user that WP runs under shouldn’t be able to do anything critical—create, read, update records; and that’s it.

    • JS injection:

    JS injection is the same thing as HTML injection, and so has the same solution: make sure you know what you are outputting to the browser, and how it will be treated. If something should be text-only, then use htmlspecialchars before you print it. If something is allowed to contain HTML, then make a whitelist of allowed HTML tags/attributes and use a script like HTMLpurifier.

    • defacing:

    is not an attack. It is something done after the attack.


    I don’t prefer plugin for backup. Currently I am using online backup software for backup my everything. I also recommend you to try CloudBacko Pro for backup. CloudBacko Pro Software supports backing up Microsoft Exchange Server, Microsoft SQL Server, VMware, Hyper-V, and other databases. Check this software for backup or click here


    I use

    xcloner – to backup wordpress
    bullet proof security – for protection which locks out login attempts (however I have had issues with this on one site)
    So the site I had issues with I used

    However neither plugin actually stops the attempts before they hit the login page, I tried a couple including secure wordpress but they didn’t work.

    I hope the above helps and if you find one that actually stops the attempts before they hit the login page, please post it as I need it too!!


    Interestingly, thanks a lot for making some points clear.

Viewing 5 posts - 1 through 5 (of 5 total)
  • The topic ‘Securing and Backing up WordPress’ is closed to new replies.