Essential WordPress plugins (part 1)
We at Tactic Group are big WordPress fans. For any project requiring a blog/news based site it is our platform of choice. We’ve installed and maintained a number of sites on WordPress and I would like to share our list of essential plugins to make it fly.
There are over 8,000 plugins available for WordPress. I’m not claiming these are the only plugins you’ll ever need. The plugins I’m listing here are those we’ve used time and time again for specific tasks. Each of them does their job very well, and as a result we’ve grown to love them.
We’ve identified four areas of WordPress that can be beefed-up for easier management and better business: Security, Maintenance, Search Engine Optimization (SEO) and Analytics. It’s quite a long list so I’m going to break it up into four weekly posts. This week I’ll look at Security and reinforcing your WordPress site, keeping any vulnerabilities to a minimum.
Making your WordPress site more secure
Before addressing plugins, the critical point of securing WordPress is to make sure you upgrade to the latest version ASAP and keep all your plugins up to date. Assuming you’ve done that, here’s three plugins we use to harden WordPress:
WP Security Scan
This plugin “scans your WordPress installation for security vulnerabilities and suggests corrective actions”. It makes updates to your site (such as hiding the WordPress version number), which all make it harder for hackers to break in.
It’s best to run Security Scan soon after launching a new site, as a few of the fixes it advises are fiddly to do afterwards. Further to an initial scan when you first activate this plugin, it is definitely worth checking the settings and report after every upgrade you do.
Login Lockdown
This plugin protects you from brute force password discovery (i.e. a type of hack that systematically tries to login until it finds the right password).
Login LockDown works by recording the IP address and timestamp of every failed WordPress login attempt. If a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. Administrators can see a list of banned IP addresses, and if someone gets locked out by accident administrators can manually grant them access.
Exploit Scanner
This plugin scans through the files in your WordPress installations and looks for potential traces of hacks or malware that might have made their way in. It does return a lot of results that turn out to be false alarms but it’s worth wading through these to look for anything unusual or unexplained.
We advise running this plugin every couple of weeks or so, or any time you hear about a new security threat doing the rounds.
So that’s this week’s installment. While Login Lockdown can just run in the background, Security Scan and Exploit Scanner do involve a bit of regular time and effort to prove their worth. That said, when it comes to security it pays to be paranoid and costs to be complacent. Anyone who has had their site hacked will tell you that!
Look out for part two where I’ll introduce a handful of plugins to make maintaining a WordPress site easier.
Tags: Plugins, site management, Wordpress
