Lock down your Wordpress blog, and stop giving away all the usual information that would allow hackers an easier job getting into your blog.
This is Day 26 of the 30 Days, 30 Killer WordPress Plug-ins Series.
Yesterday, I told you about WordFence. And, no doubt, that plug-in goes a long way to securing your WordPress blog.
So, why today am I telling you about the Better WP Security plug-in?
Well, as with all things, there can be multiple approaches to the same target. And blog security is no different. While WordFence does a number of things, Better WP Security does some other things that WordFence doesn’t.
One of those phrases you hear in the world of online security is: “Security through obscurity”. Essentially, it means you protect yourself by hiding. It assumes you can’t protect yourself against every threat there is (which is true), so it uses the ability to hide as a means of protection.
WordPress is a very popular platform, so everybody knows how the heck it works and how it is built. If you are running a fully default install of WordPress, then a hacker who knows WordPress can potentially find and do a lot of things to your blog simply because they know certain things would be true.
For example, it used to be that the administrative user to WordPress would automatically get a username of “admin”. A ton of bloggers out there log into their blogs using “admin” as the username. Consequently, a lot of potential hackers know that a lot of blogs out there and be logged into using “admin”. If they can crack the password, the username is already a given.
So, Better WP Security does many things to your blog to accomplish “security through obscurity”, such as:
- Remove the meta “Generator” tag, which advertises to the world exactly what version of WordPress you’re using.
- Changes the URLs of many of the common WordPress pages, including the dashboard, the login, etc.
- Remove all update notices inside of WordPress for unauthorized users.
- Remove the Windows Live Writer information, which sits in the source code of your blog and tells the Windows Live Writer blog client how to log in.
- Rename the “admin” account.
- Change the ID number of the main admin user away from “1” in the database (which is far too predictable)
- Change the default WordPress database table prefix
Better WP Security also has feature overlap with WordFence. Both plug-ins can scan for vulnerabilities, ban users, prevent brute force attacks – and much more.
So, the natural question would be: Should you run Better WP Security or WordFence? Or both?
In my research, I do show that some WordPress users DO run both plug-ins at the same time. There doesn’t appear to be any compatibility issues between them. Some have reported that the WordFence plug-in scanning doesn’t report accurately when Better WP Security is active, so that may be a slight issue. But, I’m not sure if that is still an issue or not.
If you do this, I would recommend you go through the configuration of both plug-ins to ensure they don’t overlap. For example, there is no need to have WordFence scanning for problems if Better WP Security does the same.
Truth is, these two plug-ins seem to have slightly difference approaches. WordFence is more focused on being a firewall, whereas Better WP Security is more about locking down WordPress itself. I think there is definitely a case to be made for using both plug-ins simultaneously.
Better WP Security is completely free.
Keep up with the latest in this 30-day series by staying connected!
- Follow me on Twitter
- Connect on Facebook – my personal profile or my public one
- Connect on Google+
- Subscribe via RSS
You can enter your email below and I’ll keep you in the loop….
[contentblock id=11 img=optin.png]