Wordpress Backup isn’t a plugin I use these days because it doesn’t scale well for large blogs and I figure it’s best to just stick with tools that have continuity. But what it basically does is backup your blogs files (plugins, themes etc) and then send them via email just like the WP DB Backup plugin.
If you aren’t interested in paying for Amazon S3 then this is a suitable alternative, but just be mindful of the fact that it’ll probably stop working if your blog gets too large.
WP DB Backup is the premier database backup plugin for Wordpress. Simply install the plugin and then enter the email address you want the backups sent to.
Choose the backup frequency based on your blogs activity. I backup once per day, because I receive a moderate amount of comments. If you receive a greater number of comments throughout the day, or simply post more frequently, then increasing the backup frequency to twice per day is probably a good time.
Note: This plugin is not officially associated with this project. The name is simply a coincidence.
Secure WordPress automates a few simple security tasks:
There is some duplication with other plugins (Login Lockdown removes error information on the login page for example) but features like hiding the version number make it a worthy install.
Stealth Login makes it easy to change the login address for the WordPress administration area, and prevent users form logging in via wp-login.php (just activate Stealth Mode). Even if someone cracks your username and password they’ll become stuck because there won’t be anywhere to login.
While it may not stop seasoned hackers from getting into your system, it takes just a few seconds to setup and is a worthy precaution to take.
As the name implies, WordPress Firewall is a firewall for your WordPress installation. This is a list of every feature and option:
But there’s not fancy configuration needed to get started. Just install it and *BAM* your blog is now protected against a whole bunch of attacks. And just like with the Antivirus for WordPress plugin I recommend that you create an email forwarder to receive emails if your blog is attacked, and then use Gmail filters to make sure these emails are obvious to you, so you can respond quickly.
AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well. Imagine a HUGE brick wall protecting your frail .php scripts from the endless attacks of automated web robots and password-guessing exploit-serving virii. Forget spam, these millions of zombie bots are too outrageous to ignore, they are attempting known (but strangely outdated) exploits looking for known vulnerabilities against blogs and other Internet software. Sooner or later some poor blogger is going to miss an upgrade and become a victim to this type of video-game-like-attack.
Unfortunately not all servers will support this plugin, mine included, so I haven’t been able to test it personally. But, it comes highly recommended by many people and certainly packs a ton of features. Install the plugin to see if it’s compatible with your server.
Antivirus for Wordpress is an amazing plugin that I’m really surprised is available for free. It performs a very simple, yet critical task: scanning your site for viruses, worms, and malware that exist for Wordpress.
After installing the plugin you enter your email address and scans will be performed automatically in the background on a regular basis. If a threat is detected the output will be sent to that email and then you can take the necessary action.
I’d suggest creating a new email forwarder, something like wpantivirus@yoursitename.com and entering that email address into the field on the plugin’s admin page. Then you can use your email program, Gmail for example, to automatically filter emails sent to that address and make them very obvious to you. This means you’ll always be aware of potential threats.
Login Lockdown is an ingenious plugin that helps ward off brute force attacks. It works by temporarily blocking users by their IP address if they fail to login X amount of times.
Out of the box the default settings are pretty good but I still recommend you set the Lockout Length to as high as you feel comfortable with. The longer malicious users are blocked from the login page, the better.
It’s also a good idea to limit the Max Login Retries. This is easier if you’re managing passwords with software because you’ll never enter an incorrect combination.
Lastly, there’s a feature to Mask Login Errors, which means you won’t have to add the code to hide login errors manually.
Upgrading your plugins is nearly as important as upgrading Wordpress itself, because just like Wordpress, plugins are susceptible to their code being exploited for malicious purposes.
Now, upgrading Wordpress plugins is dead simple out of the box, but what if you could make somehow even simpler? That’s where One Click Plugin Updater comes in handy.
After installing this plugin a yellow striped bar will appear at the top of Wordpress admin pages, listing all the plugins that have updates available, and a single clickable button.
With a single click you can upgrade ALL of your outdated plugins at once. It literally takes just a few seconds and the uber simplicity means you’re more likely to upgrade your plugins as soon as an update becomes available.
