WordPress Security

August 3, 2010 By Karen Burton
iStock_000009439902XSmall-433x235

I have just spent the last 36 hours (yes, NO SLEEP) fixing a site that was hacked by a malicious code / virus or something. It took over complete control of my clients site. When I created the site, I implemented all the recommended security settings at the time and have kept up on updates and such. But over the last 36 hours I have learned quite a bit about wordpress security.

First and most importantly, upon ANY NEW installation (or even current installations) here are a list of the plugins that are recommended if you want to start adding these protections to your wordpress sites (after what I’ve been through, these will be my first plugins after a theme install); NOTE: Do not activate Antivirus or WordPress firewall till last (firewall being the very last plugin to activate).

  • Askimet – comes standard with WordPress, api keys are available for FREE and low cost, but is a great way to combat spam comments
  • Antispam Bee
  • AntivirusNOTE: activate this plugin after ALL others
  • Bad Behavior – uses a code from Project Honey Pot
  • Block Bad Queries
  • Chap Secure Login
  • Exploit Scanner
  • Secure WP
  • WordPress FirewallNOTE: You MUST deactivate this plugin to install additional plugins, as such this should be one of the LAST plugins you activate
  • WordPress Table Rename2nd plugin, follow the directions to rename your database, do an additional BACKUP after this plugin has been installed.
  • WP Ultimate Securityactually CHECKS your blog and installation of wordpress for security weaknesses and grades you. By fixing the error messages you can actually improve your Security Grade
  • WP DBManagerThis should be the 1st plugin you install and don’t forget to BACKUP before doing ANY of these recommended changes*

Another thing to consider is blocking countries that seem to overspam; contact your hosting provider to block any countries that you want to hide from, some of the top countries include;

  • Russia
  • Korea
  • India
  • China
  • New Zealand

Other protections include: (just do a google search for directions on anything listed below)

  • redefining your wordpress msql table where wp_ should be renamed to a funky string like O0hM2Db97T_ – this is harder to guess and access. – this can be done with the wp_table_rename plugin (NOTE: first install the WP DBManager and backup your database files)
  • moving your config.php file to a different directory so it’s not on the same level as your other wordpress files (can only move ONE LEVEL UP)
  • removing the wp version from the head and footer – can be done using Secure WP Plugin
  • CHMOD your permissions as recommended in the WordPress Codex
  • turning off the ability to receive comments and trackbacks – if you don’t allow comments at all you can actually delete a few files (there are several depending on what you allow)
  • deleting your install script (install.php) – must have FTP or File Manager access to do this.
  • always make sure you update to the most current versions of WP, themes, plugins, etc.

These are just some of the basic wordpress security options available.

Site References:

http://maketecheasier.com/the-safe-way-to-change-your-wordpress-database-table-prefix/2009/11/07 – Database backup and renaming procedures

http://www.ultimateblogsecurity.com/ – Ultimate Security (PRO – paid plugin for enhanced security)

http://www.projecthoneypot.org/index.php - Project Honey Pot

http://www.seoegghead.com/ – SEOEgghead – top notch wordpress security and SEO for wordpress

http://tdot-blog.com/wordpress/6-simple-steps-to-change-your-table-prefix-in-wordpress – Great tutorial

http://wpengineer.com/small-security-tipps-for-your-wordpress-install/ - Security Tips for Secure WordPress Installs

http://www.noupe.com/how-tos/wordpress-security-tips-and-hacks.html

http://codex.wordpress.org/Hardening_WordPress – Hardening WordPress

http://www.problogdesign.com/wordpress/11-best-ways-to-improve-wordpress-security/ – 11 Ways to Secure WordPress

http://speckyboy.com/2009/09/22/20-powerful-wordpress-security-plugins-and-some-tips-and-tricks/ – 20+Powerful Plugins for Securing WordPress

http://www.bloggingpro.com/archives/2010/04/20/wordpress-security-a-comprehensive-guide/ – Comprehensive WordPress Security Guide

Filed Under: Featured, Wordpress Tagged With: , , , , , , , , , , , ,

Favorite WP Themes and Plugins

July 27, 2010 By Karen Burton
eco1
AgentPress screen shot

Agentpress child theme by Studiopress

Until June 2009 I had never touched (or even heard of wordpress), now I almost exclusively design my clients sites (and my own) using WordPress. My favorite themes for the WordPress platform are made and supported by Studiopress. I have found that Studiopress develops the best of the best in customizable themes, which is great for someone who still considers herself a “newbie”. Now the only reason I call myself a newbie is because I don’t have years and years of coding experience and until recently didn’t even know what PHP was or how it relates to webdesign. I knew the basics of Dreamweaver, thats it.

The first theme I ever touched in WP was the Arial Flexx Theme – everything was already set up and all I had to do was create new posts, but when the site went down and we lost everything I convinced the company to start using Studiopress’ Streamline theme – partly because I couldn’t figure out how to set the page back up the way it was originally. What a difference, the theme and the files were so incredibly easy to work with and it made sense to someone who didn’t know ANYTHING about css and modifications, not-to-mention the Studiopress support forum is the absolute best of the best. I use it constantly.

Since then, I bit the bullet and finally decided to go with the ProPlus (all themes) membership ($249); that includes

  • 1 parent theme (genesis)
  • 24 child themes
    • Agency
    • AgentPress
    • Amped
    • Church
    • Corporate
    • Education
    • Enterprise
    • Executive
    • Family Tree
    • Freelance
    • Going Green
    • Landscape
    • Lifestyle
    • Magazine
    • Outreach
    • Pixel Happy
    • Platinum
    • Serenity
    • Sleek
    • Streamline
    • **Delicious – soon to be released
  • Classic Themes
    • Agent
    • AgentPress
    • Allure
    • Black Canvas
    • Chrome
    • Church
    • Corporate
    • Education
    • Executive
    • Lifestyle
    • Magazine
    • Metro
    • News
    • Streamline
    • Tubular
  • Not-to-mention, Studiopress recently merged with ModThemes and Studiopress has guaranteed that all ProPlus Members will be extended the priviledge of all those incredible themes as well (updated to Studiopress standards before release).
  • I understand there are 7 more child themes in the works (so if you haven’t bought the ProPlus Membership yet, I highly recommend that you do now before the price goes up.

What Does This Mean For Current ModThemes Users?

The themes available from ModThemes will be converted to the state-of-the-art, Genesis Theme Framework and all ModThemes members will receive free upgrades to Genesis and the resulting converted child theme or can continue to use the legacy version.

ModThemes Developer pack members will also become StudioPress Pro-Plus All-Theme members, giving them access to the entire suite of current and future StudioPress themes.

ModThemes members will be moved over to the StudioPress Support Forums in the coming weeks and will have continued support along with future legacy-theme support.

WordPress Themes by StudioPress

As you can see, this is a very ALL-INCLUSIVE membership, and their support forum is TOP-NOTCH. If I post a question, I usually get a response and solution within 30 minutes. (TOTALLY RECOMMENDED for ANYONE who builds websites using WordPress!!!

My clients tend to use the same themes, these seem to be the most popular

Agentpress (child theme)

As I am contractually hired to help build/modify/customize several Real Estate Sites, this definitely seems to be the most popular theme I use. The ease of configuration and modification of css makes using this theme very very easy. When coupled with the IDX plugin, real-time property search is amazing.

Lifestyle (child and classic themes)

When a client of mine plans to be a huge blogger, this is a common theme, with so many widgeted areas, it makes categories on the homepage incredibly extensible.

Executive (child theme)

This theme is typically used for higher end (more luxurious) clients that want the “elegant” look.

Serenity (child theme)

previously used for my own website, until the magazine child theme was released then I switched.

Amped (child theme)

used by a restaurant consultant client of mine and possibly a band that I am proposing a site for.

SEO and Plugins

Studiopress is one up on everyone, while WP already comes prepackaged with some amazing SEO, Studiopress has done one better and its included in all their genesis child themes. The most common plugins I tend to use are;

  • contact form 7
  • favicons
  • next gen gallery
  • digital content gallery
  • wp-cycle
  • total social
  • facebook fan box

Gallery of Screen shots from sites I have worked on/created.

Filed Under: Featured, Wordpress Tagged With: , , , , , , ,
« Older Posts

Bad Behavior has blocked 156 access attempts in the last 7 days.