• Skip to main content
  • Skip to forum navigation

StudioPress

  • Shop for Themes
  • My StudioPress

Forum navigation

  • Home
  • General Genesis Discussions
  • StudioPress Themes
  • Genesis Blocks
    • Genesis Blocks
    • Genesis Custom Blocks
  • Retired Themes
  • FAQs
  • Forum Rules
  • Internationalization and Translations
  • Forum Bugs and Suggestions
  • Forum Log In

Are You Using The WordPress Block Editor?

Genesis now offers plugins that help you build better sites faster with the WordPress block editor (Gutenberg). Try the feature-rich free versions of each plugin for yourself!

Genesis Blocks Genesis Custom Blocks

Need suggestion/review of Security plugins

Welcome!

These forums are for general discussion on WordPress and Genesis. Official support for StudioPress themes is offered exclusively at My StudioPress. Responses in this forum are not guaranteed. Please note that this forum will require a new username, separate from the one used for My.StudioPress.

Log In
Register Lost Password

Community Forums › Forums › Archived Forums › General Discussion › Need suggestion/review of Security plugins

This topic is: not resolved

Tagged: plugin, security

  • This topic has 7 replies, 6 voices, and was last updated 8 years, 8 months ago by coralseait.
Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • September 9, 2014 at 12:30 pm #123620
    Ron Jones
    Member

    Hi all. I am looking for a plugin that will add a layer of security to my wordpress installation. Currently I am considering "iThemes Security" (formerly "Better WP Security").

    I am not looking for a silver bullet, or all-in-one solution, as defence-in-depth is a better approach (to that end, I have subscribed to Incapsula's CDN/security service as well).

    Better WP Security seems to be well reviewed. However, I am particularly concerned with the "weight" and server load of any security plugin.

    Suggestions and comments welcome.

    Thanks

    September 9, 2014 at 1:26 pm #123630
    Brad Dalton
    Participant

    I like Wordfence but would strongly advise to take backup after every new post is published.

    NO matter what happens, if you have local backup, you're safe.


    Tutorials for StudioPress Themes & WooCommerce.

    September 10, 2014 at 5:01 am #123715
    coralseait
    Member

    Very happy with iThemes, the load is not high at all ... as long as you don't have monitor file changes on esp in shared hosting where resources are tight. If you have a VPS or extra resources monitor file changes is not a problem.

    I'm a big fan of iThemes due to nginx integration / support as it is part of our preferred stack.

    Along with what Brad mentions we use UpdraftPlus for backups to cloud storage (Google / S3), esp as UpdraftPlus auto backs up during Plugin, Theme and Core updates. The developer is very responsive as well. We keep minimum of 14 nightly full backups for all clients (usually 30) and so if a breach we're to occur we could restore to a known good point. Not to mention easy recovery from failed updates, which although rare, do happen.


    Coral Sea IT

    September 10, 2014 at 11:45 am #123783
    lifeinrealthyme
    Member

    I use same security and backup tools as coralseait: iThemes and UpdraftPlus (to Dropbox) and very satisfied. I don't notice an impact on server. I've had to do a restore from backup and it was easy-peasy.

    Just a note when you're configuring iThemes Security, you will be prompted to rename wp-content folder. This will break image links in some cases and plugins that are hard coded to wp-content may not work. Ask me how I know.

    September 10, 2014 at 1:05 pm #123799
    William
    Member

    There is no plugin for WordPress that can truly secure your site. By the time it runs, there are too many other ways that someone could compromise your site. I realize that you aren't looking for a silver bullet, but the best thing you can do is learn the various forms of attack and vulnerabilities of your WordPress site. With that in mind, I shared two different articles that do a good job explaining some of the issues. I hope this is helpful and gives you some useful info.

    http://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.html

    http://moz.com/blog/the-definitive-guide-to-wordpress-security


    –William
    http://williambeem.com

    September 10, 2014 at 2:12 pm #123816
    Ron Jones
    Member

    Thanks for the tips guys!

    braddalton, I am a big fan of backups. Right after deciding on typography, and right before setting up security protocols.

    coralseait, UpdraftPlus was a no brainer for me (especially after learning it would back up to Google Drive)

    lifeinrealthyme, I will learn from that particular mistake 😉

    September 11, 2014 at 1:04 am #123879
    Mealtog
    Member

    Just loaded UpdraftPlus and ran a backup to Dropbox. Pretty slick. Am I right in thinking that this backup is not a "cloned" backup like BackWPUp but just the database and file system?

    Now, can anyone tell me the right procedure to restore. Is it:

    1. Install WP
    2. Inject SQL file into mysql
    3. upload entire filesystem

    Done?

    September 17, 2014 at 1:17 am #124729
    coralseait
    Member

    Hello Mealtog,

    We use a slightly different process since we always use cloud storage for clients (Google Drive or S3).

    1) Install clean WP
    2) Install UpdraftPlus
    3) Activate Full UpdraftPlus and update it
    3) Configure UpdraftPlus to use which cloud storage we're using / credentials
    4) Restore, using database search and replace

    It is dead simple to restore sites using UpdraftPlus - usually there's no need for MySQL config or File System / FTP (unless you want to use FTP to upload the backup sets)

    Note, if you are using UpdraftPlus for clients, we recommend separate OAUTH or S3 credentials per site and esp w/ S3 credentials JUST for that bucket so any attacks can't break out into your cloud storage.


    Coral Sea IT

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • The forum ‘General Discussion’ is closed to new topics and replies.

CTA

Ready to get started? Create a site or shop for themes.

Create a site with WP EngineShop for Themes

Footer

StudioPress

© 2023 WPEngine, Inc.

Products
  • Create a Site with WP Engine
  • Shop for Themes
  • Theme Features
  • Get Started
  • Showcase
Company
  • Brand Assets
  • Terms of Service
  • Accptable Usse Policy
  • Privacy Policy
  • Refund Policy
  • Contact Us
Community
  • Find Developers
  • Forums
  • Facebook Group
  • #GenesisWP
  • Showcase
Resources
  • StudioPress Blog
  • Help & Documentation
  • FAQs
  • Code Snippets
  • Affiliates
Connect
  • StudioPress Live
  • StudioPress FM
  • Facebook
  • Twitter
  • Dribbble