Security of your website
Whether it is an intrusion into the system through stolen user passwords or the loss of data due to a server failure, security is one of the top priorities. Although we can never be completely sure, with these few additions we will help you minimize the damage, if not completely avoid it.
Whether it is an intrusion into the system through stolen user passwords or the loss of data due to a server failure, security is one of the top priorities. Although we can never be completely sure, with these few additions we will help you minimize the damage, if not completely avoid it.
With the help of Login LockDown, we will protect you from unauthorized intrusion through the login form by guessing passwords - which is not so difficult if you were lazy and left some easy to remember ones ("admin", domain name, your name, etc.). It works on the principle of blocking IP addresses after too many unsuccessful attempts - you can define the settings yourself, although the default ones are also suitable for a start; after three unsuccessful login attempts within five minutes, the IP address from which the failed login was attempted is blocked (even if the correct password is entered, the login will be rejected).
Almost everyone who has worked with WordPress knows that login is possible via the wp-admin or wp-login.php routes. Stealth login changes that and thus confuses a possible attacker who will not be able to easily find a new address for the application form - for login (and also registration and logout) we can set the desired addresses and in this way replace at least the standard wp-admin and wp-login.php addresses and thus protecting your website.
If you often log in to your WordPress installation via other people's computers and open networks, this is a plugin that we will certainly help you with - login with a one-time password. Its use will remind you of logging in to e-banking, the only thing is that instead of a token, you will get a list of question-answer pairs that you can print so that paper is always at hand. For those who prefer token access instead of paper - a compatible java application for mobile phones (OTPGen) is offered on the plugin page, and you can also use it to generate password responses according to the code provided during login.
Despite its name, WP Security Scan helps you secure your WordPress installation by doing more than just scanning for security flaws – it will hide the display of database errors if they occur and also the version of WordPress within the html code. Linked directly to the name - after scanning the entire installation, it will show suggestions related to improving the situation (changes of permissions on files and directories, etc.).
A plugin that will scan your WordPress installation for suspicious things – including files, plugins and the entire database. Like WP Security Scan, Exploit Scanner will not attempt to repair what is found - it will only warn you about suspicious things, the user should decide his own course of action according to the results (it is also possible that "false suspects" will be listed, so it is better not to do anything do not download without the help of more experienced people if the specified part of the code is not clear to you).
Although it is not directly related to security but to the management of the WordPress database, this plugin has a functionality that overshadows most other backup plugins - it will send you a backup of the database directly to your e-mail (backup is only one of the functionalities that the plugin has - in addition to optimization and repair, it is also possible to restore old data from a backup). Maybe at first glance it seems unimportant, but if all the data (together with the backup files that are usually only saved locally by backup plugins) disappear from the server, you will be very satisfied that all the data is in your e-mail (Google or Yahoo Mail it's really not difficult to set up, if only for this purpose). It is true that you could make a periodic backup via ftp from the server yourself, which would eliminate the need for this kind of e-mail functionality, but let's be honest - who is disciplined enough to do it by themselves every day/week?
It is probably not necessary to explain the CAPTCHA principle of form protection to anyone - along with the generated image, it is necessary to enter the letters and numbers that appear in the image. In the vast majority of cases, this will deter automated bots from writing a spam comment, trying to log in, or contacting you directly via the contact form. Although several similar plugins are available, due to functionality and compatibility with other plugins, our recommendation goes to SI CAPTCHA Anti-Spam.
It is probably not necessary to explain the CAPTCHA principle of form protection to anyone - along with the generated image, it is necessary to enter the letters and numbers that appear in the image. In the vast majority of cases, this will deter automated bots from writing a spam comment, trying to log in, or contacting you directly via the contact form. Although several similar plugins are available, due to functionality and compatibility with other plugins, our recommendation goes to SI CAPTCHA Anti-Spam.