Guest blogger: Kim Bruce
Hackers are finding the open doors in WordPress and unless you know how to close these doors and batten down the hatches your site is vulnerable to attack. It is just a matter of time until you’re hacked. Artist Frances Clements Fawcett shares in this blog post how it happened to her and how stressful was.
I recommend two security plugins. The first will educate you on what you need to do. The second will scan your site on demand.
1. Ultimate Security Checker
Ultimate Security Checker will scan your current installation of WordPress and tell you where and how to fix the problems. Read the entire list and what to do if your site gets hacked.
2. Sucuri Scanner
Sucuri Scanner scans your site for malware on demand. With just a few clicks you can harden – close the doors – the leaks that hackers look for in a WordPress installation. Make sure you harden your site again when updating to the newest version of WordPress.
Notice I said scan “on demand.”
Don’t be fooled into thinking that you can run either one of these plugins once, follow the directions, and you are done. You’re not! WordPress is always developing and the only thing consistent about the Internet is that it changes.
Make it part of your login routine to scan your WordPress site with Sucuri every time you log in to your dashboard. It only takes a few minutes and can save you the hours or days of grief that Frances had to endure.
I suggest using these two plugins in combination. First manually harden with the Ultimate Security Checker and then scan ongoing with Surcuri Scanner.
About Our Guest Blogger
Kim Bruce is a working artist who runs Artbiz, where she creates websites for artists. She also teaches how to watermark images with NextGen Gallery at The WordPress for Artists School. Kim works out of her office/studio located in the foothills of Alberta just outside of Calgary.
18 thoughts on “Essential WordPress Plugins for Artists: Security”
I have heard of this happening – our Chamber of Commerce website has been hacked 3 or 4 times already in the last couple of months.Can these scans be done for both the .org and .com WordPress platforms? I would like to scan my website which is on WordPress .com.
Hi Morgan
These scans are only done on the self hosted version of WordPress, being wordpress.org
The security at the hosted version at wordpress.com is handled for you by the folks there.
If your Chamber of Commerce site has been hacked 3 or 4 times in the last month, yikes, please upgrade your WordPress install and batch down the hatches (using the list of what to do).
on an aside: It may seem that going with a hosted site at wordpress.com may save you some grief with security BUT you do not own your content at wordpress.com. If you keep your installation of WordPress and the plugins up to date your security risk goes down substantially, secure it the rest of the way by using these plugins.
Thank-you. I’m not ready to manage a self hosted site which is why I have stuck to the .com platform – but glad to hear that they manage the security for me. As far as our chamber website goes, I think the person building the website is switching servers, but perhaps she should be looking at theses plugins too – I will pass this on to her. Thanks again.
I installed both of these and after some hunting managed to run them both. Unfortunately the links for more information (after the successful run) for sucuri didn’t work. I got “you don’t have permission” error messages. I figured it didn’t matter because I got enough info from the post run results summary.
Both utils let me see that I’ve never been hacked and my install is actually pretty good.
Hi Patricia
I think the permission error is coming from Ultimate Security Checker and not Sucuri.
More than likely if you changed your wp-admin and wp-includes to anything lower than 705 it could trigger the permission error.
If they are at 705 and you are still getting the permission error, try changing them to 755.
Thanks Kim, I’ll look into that. Can I chmod these from the command line or do I need to chmod through the utilities’ own settings sections?
Patricia
The easiest way to do this is to go to the “Legacy File Manager” inside the hosting account cPanel. Once there you should be a menu item on the right “Change Permissions”.
Contact your host provider if you can’t access your site file manager.
Since I’m being paid for my blogs, I expect that my employer is taking care of this — or that it doesn’t even occur, since it’s a .com site.
What I object to about WordPress is the limited set of formatting options — no bullets, now, in 2012? I need to communicate to my readers in the most efficient way possible; WP, please don’t get in my way.
Arthur
arthurcomings.com
Hi Arthur
Yes it is the theme, in your case WordPress’s 2012 theme, that applies the styling including the bullets. Maybe your employer could be persuaded to change themes.
This is a serious issue, never give your email in your website and use forms and filters to avoid this.
I do not use WordPress but a great all-in-one package that I consider great for artists because almost everything is under control and security is paramount. I have never had a problem with security, knock on wood.
That’s great Pedro if your program is working for you then definitely use it.
Personally, I find the freedom of controlling how my URL’s appear, the flexibility, scalability, content ownership and design control that wordpress.org provides far out weighs any security issues, because when properly implemented there are no security issues.
How often do you think security programs hack on purpose to stimulate business?
About as often as the developers of any technology build in obsolescence.
So when I looked up statistics on “planned obsolescence”, it appears that it is quite a common thing…
Pingback: Essential WordPress Plugins for Artists: Security — Art Biz Blog | WordPress Planet
Pingback: Wordpress Plugin Auto-Generates Google News Meta Tag Keywords | Open Knowledge
Pingback: Essential WordPress Plugins for Artists: Search Engine Optimization — Art Biz Blog
Pingback: Essential WordPress Plugins for Artists: Showing Off Your Art — Art Biz Blog