Lately I’ve been dealing with a lot of malware on WordPress sites that either I manage or my friends manage. Here’s a little collection of plugins and sites that I use to mitigate the risk, protect against common hacks, and track down the issues:
- WordPress Backup to Dropbox – This is a simple plugin that keeps a live backup of your WordPress site to Dropbox. I check on the backups occasionally and am always pleased that the files and database exports are current. There might be better ones out there with more options, but I’ve been happy with this one (and donated some cash to the author too).
- BulletProof Security – I’ve been using this on all my sites to protect against common threats. However, it’s kind of nerdy and doesn’t have a smooth administrative side. You really have to read all of the directions on this thing. Also, one of my sites running this did get some malware through another plugin that I hadn’t kept updated, so that is a good reminder to keep things current!
- Sucuri Security Malware Scanner – Great tool to check the integrity of WordPress files and help narrow down security issues. Their website is also excellent for doing a scan of your site.
- Google Webmaster Tools - Really great at helping track down issues, especially if you’ve been blacklisted.
- The most important thing to do, though, is keep your site completely updated. I use WPRemote to monitor all the plugins and WordPress versions on all of my sites. I admit, though, I was lazy and didn’t keep a few of my sites updated which is why one of them got hacked. Been thinking today about maybe upgrading to get the automatic updating service. They also have a backup service that could replace using that WordPress to Dropbox plugin.
Do you have any plugins or sites that you deem essential for using with WordPress? Would love to hear about them in the comments!
Update 25 Feb 2015:
- Wordfence. Fantastic plugin to scan ALL files, including plugins. I would scratch out Sucuri and go with this instead. Also gives you alerts to bad user passwords and blocks multiple suspicious login attempts. This tool saved my butt on several sites. Love!