Your blog is your online base. It is a place you spend quite a lot of time at and a place that you want to protect.
A bit like home really!
We have security locks and alarms and insurance to help protect our homes and we can and should do the same for our online homes.
And while these measures are not going to give us 100% protection they make it harder for those with bad intent to harm us or our property.
We started our Blog Security series here and Part 2 here.
So we can install a firewall in our computer to guard against malware getting entry and wreaking havoc – and we should. We can also install the WP firewall plugin to do the same job for our blog.
Like other security plugins I recommend there is no tweaking to do – just a simple one click install and activation.
You might be surprised one day though. There you are doing some routine work in your blog and you find yourself looking at the home page!
In terms of home security – you would be resting in your fave comfy chair and with one blink you are outside your front door wondering how you got there!
WP Firewall has thrown you out of your blog.
It is actively protecting your blog 24/7 and you did something it regarded as a threat – so, BOOM, it threw you out.
This is good – it will email you as well about the "threat" so if you need to do some tweaking that the plugin objects to just deactivate it, tweak away and then remember to reactivate afterwards.
Then we get to a type of security software we can call, "scanners". In our computers we can do a security scan which hopefully can detect any viruses or malware that managed to creep past our firewall.
We can do the same with our blogs too.
There are a multitude of these and there's no way I can cover them all in one post. What we can do now is simply pick one that looks good and useful and install it.
And I'll go over other options in the coming weeks.
So for now let's look at a security plugin called…Wordfence.
Wordfence is a plugin that you can access at different levels depending on whether you have the free option as I do or you choose a paid option with more features.
The free version is superb.
It scans the core wordpress files for any infection by hackers as well as plugins and themes and displays the results for inspection and action.
Out of date plugins and themes will be highlighted because they offer a hacker a way to exploit any weakness in the code.
A basic precaution then is to use only a necessary minimum of plugins and themes.
Any not being used should be deleted. Even sitting in your blog deactivated they may offer a vulnerability which you do not need and which you can solve simply by hitting the delete button.
The scanner may find odd patterns for example in your error logs and may offer you the chance to see the problems and also to delete the file infected.
Be careful with the last option. It sounds good but deleting a file that may be essential for the blog to work may well break your blog.
If in doubt go for support to their support forum and while waiting for a reply do a little research.
But breathe easy.
You have a backup file of your blog because you installed a backup plugin in week 1 of this series and even if the whole blog vanished you could install a new one in 2 minutes with your cpanel auto installer – Fantastico / Simplescripts.
Security is not a one step answer but a process. You are better off than the vast majority of WordPress users so you can focus on the essentials – writing great content for your visitors.
More WordPress security posts to come but please take action on the posts so far and work through all the action steps. You can't learn self defence by reading books and you don't get security by reading either. And please do share any tips you have for better securing your blog.
Plugin Downloads may be from inside your blog admin area or directly from the WordPress pages below…