- This topic has 7 replies, 6 voices, and was last updated 8 years, 8 months ago by
.
-
Posts
-
Hi all. I am looking for a plugin that will add a layer of security to my wordpress installation. Currently I am considering "iThemes Security" (formerly "Better WP Security").
I am not looking for a silver bullet, or all-in-one solution, as defence-in-depth is a better approach (to that end, I have subscribed to Incapsula's CDN/security service as well).
Better WP Security seems to be well reviewed. However, I am particularly concerned with the "weight" and server load of any security plugin.
Suggestions and comments welcome.
Thanks
I like Wordfence but would strongly advise to take backup after every new post is published.
NO matter what happens, if you have local backup, you're safe.
Very happy with iThemes, the load is not high at all ... as long as you don't have monitor file changes on esp in shared hosting where resources are tight. If you have a VPS or extra resources monitor file changes is not a problem.
I'm a big fan of iThemes due to nginx integration / support as it is part of our preferred stack.
Along with what Brad mentions we use UpdraftPlus for backups to cloud storage (Google / S3), esp as UpdraftPlus auto backs up during Plugin, Theme and Core updates. The developer is very responsive as well. We keep minimum of 14 nightly full backups for all clients (usually 30) and so if a breach we're to occur we could restore to a known good point. Not to mention easy recovery from failed updates, which although rare, do happen.
I use same security and backup tools as coralseait: iThemes and UpdraftPlus (to Dropbox) and very satisfied. I don't notice an impact on server. I've had to do a restore from backup and it was easy-peasy.
Just a note when you're configuring iThemes Security, you will be prompted to rename wp-content folder. This will break image links in some cases and plugins that are hard coded to wp-content may not work. Ask me how I know.
There is no plugin for WordPress that can truly secure your site. By the time it runs, there are too many other ways that someone could compromise your site. I realize that you aren't looking for a silver bullet, but the best thing you can do is learn the various forms of attack and vulnerabilities of your WordPress site. With that in mind, I shared two different articles that do a good job explaining some of the issues. I hope this is helpful and gives you some useful info.
http://blog.sucuri.net/2012/08/wordpress-security-cutting-through-the-bs.html
http://moz.com/blog/the-definitive-guide-to-wordpress-security
–William
http://williambeem.comThanks for the tips guys!
braddalton, I am a big fan of backups. Right after deciding on typography, and right before setting up security protocols.
coralseait, UpdraftPlus was a no brainer for me (especially after learning it would back up to Google Drive)
lifeinrealthyme, I will learn from that particular mistake 😉
Just loaded UpdraftPlus and ran a backup to Dropbox. Pretty slick. Am I right in thinking that this backup is not a "cloned" backup like BackWPUp but just the database and file system?
Now, can anyone tell me the right procedure to restore. Is it:
1. Install WP
2. Inject SQL file into mysql
3. upload entire filesystemDone?
Hello Mealtog,
We use a slightly different process since we always use cloud storage for clients (Google Drive or S3).
1) Install clean WP
2) Install UpdraftPlus
3) Activate Full UpdraftPlus and update it
3) Configure UpdraftPlus to use which cloud storage we're using / credentials
4) Restore, using database search and replaceIt is dead simple to restore sites using UpdraftPlus - usually there's no need for MySQL config or File System / FTP (unless you want to use FTP to upload the backup sets)
Note, if you are using UpdraftPlus for clients, we recommend separate OAUTH or S3 credentials per site and esp w/ S3 credentials JUST for that bucket so any attacks can't break out into your cloud storage.
- The forum ‘General Discussion’ is closed to new topics and replies.