WP plugins you use

tf76

tf76

Active Member
Reaction score
133
Location
South Australia
So, recently my wp site got hacked into. Basically the hackers installed malicious code that linked to their pharmacy sites and gave them better SEO.
So from that point on these are the plugins I have installed that have given me more security measures.
From the logs they are still trying to get in from wp-login.php and wp-admin but they will have a hard time.

Anyway, here are the links to the great plugins I have recently installed:

Brute Force Login Protection - Protects your website against brute force login attacks using .htaccess

Exploit Scanner - Scans your WordPress site for possible exploits.

SF Move Login - Change your login url.

Sucuri Security - Auditing, Malware Scanner and Hardening:
The Sucuri plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.

Wordfence Security - Wordfence Security - Anti-virus, Firewall and High Speed Cache.

I especially like The SF Move Login plugin.


Anyway, you might think that's overkill but everything is working beautifully and I'm much more confident now that they will have a really hard time hacking me again.

So, which ones do you use?

Regards,
 
I'll add to this tomorrow. But one plugin I would definitely use is wp backupbuddy it's a paid plugin but will soon pay for it's if you need it. I use most of the above plugins as well.
 
PBComputer said:
I'll add to this tomorrow. But one plugin I would definitely use is wp backupbuddy it's a paid plugin but will soon pay for it's if you need it. I use most of the above plugins as well.
Click to expand...

Yeah I found this free good one for backups.
BackUpWordPress

It backs up your database as well as the rest of your wp files and folders.
You can also schedule it to run when you want and get email alerts when it's completed to download the compressed file.


Regards,
 
PBComputer said:
I'll add to this tomorrow. But one plugin I would definitely use is wp backupbuddy it's a paid plugin but will soon pay for it's if you need it. I use most of the above plugins as well.
Click to expand...

I also use BackupBuddy from Ithemes - its good, easy to use and has saved me twice from various issues, with minimal downtime.

They also do a Wordpress Security plugin (standard and Pro) which contains all the functionality of the above plugins, and much more.

It's a paid plugin but to me its worth it.
 
If you host multiple wordpress sites then I would also highly recommend InfiniteWP. It allows you to easily manage all sites (version, plugin, theme updates) has modules for backup, transfers, versions, and security. The base package is free and their modules all have a cost.

I have the backup module and wordfence module. I set the backup module to store a weeks worth of daily backups, and then a month of weekly, and 6 months of monthly backups. The wordfence module allows me to automatically install wordfence on the sites, and then view any issues it has found from one console.
 
tf76 said:
So, recently my wp site got hacked into. Basically the hackers installed malicious code that linked to their pharmacy sites and gave them better SEO.
So from that point on these are the plugins I have installed that have given me more security measures.
From the logs they are still trying to get in from wp-login.php and wp-admin but they will have a hard time.

Anyway, here are the links to the great plugins I have recently installed:

Brute Force Login Protection - Protects your website against brute force login attacks using .htaccess

Exploit Scanner - Scans your WordPress site for possible exploits.

SF Move Login - Change your login url.

Sucuri Security - Auditing, Malware Scanner and Hardening:
The Sucuri plugin provides the website owner the best Activity Auditing, SiteCheck Remote Malware Scanning, Effective Security Hardening and Post-Hack features. SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it's completely free.

Wordfence Security - Wordfence Security - Anti-virus, Firewall and High Speed Cache.

I especially like The SF Move Login plugin.


Anyway, you might think that's overkill but everything is working beautifully and I'm much more confident now that they will have a really hard time hacking me again.

So, which ones do you use?

Regards,
Click to expand...
Who's your host?
 
I find it's just as easy to login to the host and manually backup the dbase and public directory. Cpanel provides an option for it.
 
I use UpDraft as well for backup, but all of my sites I also use Jet Pack. It has lots of great features, but pertaining to this specific discussion one feature that stands out is monitoring. It'll tell you if the site ever goes dark and when it comes back.
 
layoric said:
I find it's just as easy to login to the host and manually backup the dbase and public directory. Cpanel provides an option for it.
Click to expand...
The key is automating ongoing backups.
The danger with doing it manually is that I think most users will probably forget to do so after a time. You know what its like with clients...
 
True - I also believe my host could set up a script to do the same thing, sending to my ftp. I'm all about saving myself some coin, but probably would set up a client with one of those plugins.
 
As Bryce said - automation is the key. Once you start managing multiple websites for clients it can become time consuming backing up all the websites and easy to forget if your stuck on another job doing something else.

The Host im with is CPanel but has an app or page called Installatron. This allows you to manage all updates to plugins and wordpress and it also allows for a automatic backup. Can be daily, weekly, monthly depending on what you want to set.
I get email notifications when updates are available for all my clients websites.
Also integrates with Clef so you can have two-factor authentication with the clef mobile app.

Installatron not only good for Wordpress but a stack of other types of sites. Also really easy to install applications with a click of a button- no downloading files, uploading via FTP, setting up databases its fully automated.
 
Checkout the iThemes Security plugin. I like it because it has a checklist of high, medium, and low priority items that you can go through and let it take care of for you. That coupled with Sucuri and WordFence have always kept my clients (who have had problems in the past) hack-free. That being said, the biggest thing you can do for your site security is to keep WordPress, your plugins, and your theme up-to-date.
 
A couple quick ones I would add to the list are:
Visitor Maps and Who's Online - Basic visitor tracking (IP/referral page/date and time)
Yoast SEO - Quite popular on Wordpress' add-on repository, I use it to modify each page title for Google
Cryptx - Converts all e-mail addresses found on the site to either [at] or [dot] listings, or best the whole address is converted using javascript. Good Luck data miners.
 
Ha anyone mentioned InfinteWP and ManageWP? Amazing platforms to manage all this stuff on multiple sites from one pane of glass.
 
You must log in or register to reply here.

Similar threads

HCHTech
Email authentication help
Replies
7
Views
887
Sky-Knight
Sky-Knight
Fred Claus
Cache
Replies
4
Views
1K
Fred Claus
Fred Claus
phaZed
Synology warns of malware infecting NAS devices with ransomware (Bruteforce)
Replies
1
Views
1K
Sky-Knight
Sky-Knight
Romaniac
[REQUEST] Synology and potential hacking
Replies
5
Views
2K
Your PCMD
Your PCMD
A
WordPress Error 500 in Wp-Admin
Replies
19
Views
2K
jmitservices
jmitservices
Back
Top