- This topic is empty.
April 6, 2014 at 2:11 am #167727WMEricParticipant
I was wondering what everyone thought on how to properly secure wordpress, and a *GOOD Free backup plugin.
By this I don’t mean the common securing ie, .htaccess, moving the wp-config file, aka hardening wordpress.
I mean thing like a plugin to prevent brute force attacks, JS injection, defacing, etc…
I used to use Better WP Security but the last update is well, anything but good.
Any help on the matter would be great, and much appreciated.
Thank you all for readingApril 6, 2014 at 1:49 pm #167750__Participant
There is no such thing as a “one click” solution. You need to learn about PHP security (and security in general). You’re certainly not going to find what you need in a plugin: a lot of critical things need to be done at the server level, not from inside WP. This post might interest you.
- brute force attacks:
“brute-force” what? I assume you’re worried about logins.
simply rate-limiting your forms will make “live” brute force attacks impractical. Use nonce tokens with your forms and ignore submissions that took less than a second to return to you.
most brute force attacks are offline attacks anyway, however. So make sure your database is secure. For example, the MySQL user that WP runs under shouldn’t be able to do anything critical—create, read, update records; and that’s it.
- JS injection:
JS injection is the same thing as HTML injection, and so has the same solution: make sure you know what you are outputting to the browser, and how it will be treated. If something should be text-only, then use
htmlspecialcharsbefore you print it. If something is allowed to contain HTML, then make a whitelist of allowed HTML tags/attributes and use a script like HTMLpurifier.
is not an attack. It is something done after the attack.January 16, 2015 at 3:55 am #193403Wayne90Participant
I don’t prefer plugin for backup. Currently I am using online backup software for backup my everything. I also recommend you to try CloudBacko Pro for backup. CloudBacko Pro Software supports backing up Microsoft Exchange Server, Microsoft SQL Server, VMware, Hyper-V, and other databases. Check this software for backup or click here http://www.cloudbacko.com/February 4, 2015 at 1:17 am #195047serendipityParticipant
xcloner – to backup wordpress
bullet proof security – for protection which locks out login attempts (however I have had issues with this on one site)
So the site I had issues with I used
However neither plugin actually stops the attempts before they hit the login page, I tried a couple including secure wordpress but they didn’t work.
I hope the above helps and if you find one that actually stops the attempts before they hit the login page, please post it as I need it too!!July 16, 2019 at 1:45 am #292894BladebringerParticipant
Interestingly, thanks a lot for making some points clear.
- The topic ‘Securing and Backing up WordPress’ is closed to new replies.