The WordPress Security Learning Center – Wordfence Wordfence.com December 16, 2015 The makers of the WordPress security plugin, Wordfence and Wordfence Premium, announced a new free feature today: The WordPress Security Learning Center – Wordfence. It includes tutorials from beginner to advanced and developer level. Everything from WordPress Security basics, security threats and attack types to guides for developers to help them avoid writing vulnerabilities and to penetration test their own code. The Learning Center is a completely free resource. No registration is required and absolutely no payment is needed. We have put this together as a resource for the WordPress community to do our part to help secure WordPress as a platform. This new resource should prove to be an excellent resource for beginners to seasoned WordPress users. The articles and videos are written and designed for anybody wanting to learn more about WordPress Security; also, a great selection of back-to-the basic resources for any WordPress Network Pro or Admin, computer sciences (Comp Sci) student and professors too. They also include information on what to do if your WordPress site has been hacked. Check it out here: The WordPress Security Learning Center – Wordfence Disclaimer: I have no association or affiliation with Wordfence. However, I do use Wordfence on all my sites and on sites I create for others, and I highly recommend it to anyone.
How to Scan Your WordPress Site for Potentially Malicious Code WPBeginner.com August 11th, 2014 If you don’t like the video or need more instructions: Theme Authenticity Checker (TAC) Theme Authenticity Checker is a free plugin that scans all of your WordPress theme files for potentially malicious or unwanted code. Often hackers target themes to inject links, so this plugin is a good way of checking for that. Exploit Scanner Exploit Scanner is another free WordPress plugin that is much more robust than the Theme Authenticity Checker because it search all files and database of your WordPress install. It checks for signs that may indicate if your installation has fallen victim to malicious hackers. Note: this does return a lot of false positives, so you have to know what you are doing to see if the error is really malicious or if it is ok. Sucuri Sucuri is by far the BEST WordPress security scanner out there. They have a very basic free site scanner, which checks your site to see if your site is doing ok. But the real value is in their paid version. See our article: 5 reasons why we use Sucuri to improve our WordPress security for detailed overview. In short, once you install Sucuri, it automatically monitors your website 24×7 against all threats. It audits all the activities that happen on your site to keep track of where things went wrong. If something looks fishy, Sucuri blocks the IP. They also send you alerts if they notice something going on with your site. Last but not least, they offer a malware cleanup service which is included in the price of their service (no matter how big or small your site is). WordFence Not mentioned in this article is WordFence, another free WordPress plugin which I personally
WordPress has become increasingly popular as a platform for creating highly customizable responsive websites. And of course this makes it increasingly attractive as a target for hackers and spammers. To help guard against this, here are a couple of plugins that help to at least minimize unknown vulnerabilities. Your first defence should be to ensure that you keep WordPress itself and all your plugins and themes up to date. WordPress and the WordPress community is very good at reacting to security threats and vulnerabilities as they are discovered and typically patched or updated versions are made available within a few days. But the patches won’t do you any good if they are not applied. Advanced Automatic Updates by pento adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also optionally supports installing major releases, plugins, and themes. If you use this to keep your themes updated, please see Don’t let WordPress theme upgrades break your site to avoid losing your theme customizations. Plugin Vulnerabilities by White Fir Design alerts you when any of your installed plugins contain known security vulnerabilities, as well as warning you of vulnerabilities in other versions of those plugins. This will at least make you aware of an issue until the plugin updater can instgall a patched version. Finally, Wordfence Security by Wordfence is a must have plugin for any WordPress site. From the plugin description: Blocking Features Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected. Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report security threats to network owner. Rate limit or block security threats like aggressive crawlers, scrapers and bots
You’ve put in a lot of effort to customize your site with added CSS and HTML. But will it survive an update to your WordPress theme? Here’s how to avoid that. First, there is a great little plugin called MP Customizer Backups by Mint Plugins (available from the WordPress.org Plugins repository) which allows you to back up or restore all customizations added via Customizer. This is a great time saver for developers allowing you to return to a previous working version if something goes wrong. And of course you can update the theme and use this plugin to reapply your customizations if required. The second plug-in is WP Add Custom CSS by Daniele De Santis. With this plugin, rather than editing the theme’s CSS file, you can simply add your changes or additions to this file so they are not overwritten when the theme updates. If you are familiar with vBulletin forum software, it works much like the additional.css template. 1 Finally, the third plugin is Insert Headers and Footers by WPBeginner. As the name implies, this allows you to add HTML or PHP to customize the header or footer for your theme and again avoid having your changes overwritten by a theme upgrade. Anything which makes your job as a WordPress site designer or developer a little easier is worth the few minutes it takes to install these plugins. Happy WordPressing! 🙂 1 Update: I’ve recently discovered an alternate plug-in named Simple Custom CSS by John Regan & Danny Van Kooten which you may prefer (as I do). This includes highlighting for syntax, etc., similar to NotePad++.