05/07/2012

Stopping Hackers on Your WordPress Blog

There are few things worse in the online world than getting hacked. Our websites often become an extension of our lives whether they be for business or personal use. If you put a lot of time into maintaining and keeping your website current with a blog, getting hacked can feel very personal. And if you run a blog on your website, chances are you’re using Wordpress.

Fortunately keeping Wordpress websites secure can be fairly easily done using plugins. Today we’ll take a look at BulletProof Security (BPS) produced by AITpro. According to their own description:

“BulletProof Security protects your website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. One-click Website Maintenance Mode (HTTP 503). Additional website security checks: DB errors off, file and folder permissions check... System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload... Built-in .htaccess file editing, uploading and downloading.”

The free version of the BPS plugin provides many basic features to help protect your website. The interface is continually improving, though it will still be intimidating for those who aren’t technically inclined. With one click of their “Automagic” button you can set up the .htaccess file for your Wordpress site. Another click takes care of the secure.htaccess file. Radio buttons let you activate the other security features, though the buttons always say “Activate” so it is impossible to tell from the setup page whether or not you actually activated the feature.

Screenshot of BPS WordPress plugin status tab

One look at the “Security Status” tab however, lets you know if you’ve turned it all on. In a wise decision, the developers stuck with a green is good, red is bad methodology. If the status screen has all green text then activation is complete. If there is any red, then either the feature isn’t activated or there was an issue. They do their best to let you know how to fix the problem with a description, though again it might be too technical for an average user. Once activated though, BPS protects your website from the most common forms of attacks.

The Pro version, available for a reasonable fee, includes additional functionality such as notifications, PHP file protection, and monitoring and alerting for changes in critical files.

What’s your favorite Wordpress security plugin?