WordPress is an excellent platform to create your website on, but it does have its shortcomings: security, speed, and data backup. With the addition of the following 4 plugins, your WordPress site will be faster, more secure, and have a complete backup copy stored away.
Out of the box features in WordPress leave some developers and security experts scratching their heads. One of those features is the unlimited log-in attempts to the admin panel, meaning a user/hacker can try every combination possible until they get in. As you may well know, your bank website and even your email provider locks you out after 3 or 4 failed attempts, so why shouldn’t your website? I don’t know why WordPress feels this is a necessary feature, but numerous security professionals find it a serious problem and one of the top reasons WordPress sites get hacked.
For this, I highly recommend 3 things:
- Use something other than “admin” for your username. It’s the first username all hackers attempt because it is the default username and therefore the most widely used.
- Use a strong password (you can test yours at Microsoft’s password checker.)
- And even if you ignore the first two suggestions, at least limit the number of log-in attempts to your WordPress admin panel by using the free Limit Login Attempts plugin. Think your password “Ilovecats” is amazing? So do hackers. See the chart of how long it will take a hacker to gain entry for your weak password at Lockdown Security Centre (//www.lockdown.co.uk/?pg=combi )
Limit Login Attempts plugin
Downloaded over 62,000 times, the Limit Login Attempts plugin allows you to set the number of allowable attempts a user can make before they are locked out. The default lockout is for 20 mins, but can be changed. One of my favorite features of this plugin is in the admin panel you can see how many lockouts there have been and the IP the user was on.
Download Limit Login Attempts
Screenshots of warning and lockout messages from Limit Login Attempts:
Secure WordPress plugin
There are numerous ‘security’ plugins for WordPress. Some require a subscription, some offer to clean up malware, and others are free and close loopholes and protect folders. This plugin is the latter of the group, but not to be discredited. While there are more powerful security plugins out there, Secure WordPress plugin wins in the free category. The main reason I use this is to hide the version of WordPress the site is using. While you should ALWAYS update to the latest version of WordPress, sometimes you that is not possible or you let an update or two pass. The version of WordPress your site is using is listed in the source code as Hackers use this information to tell them which security holes were in that version and exploit them directly.
See the Secure WordPress plugin website for more features
I had tried a few other backup plugins before stumbling across this one. (To see how easy it is, be sure to watch the video on this one below.) I found that so many backup plugins only copied the database, and not the entire website. Why does this matter? If your WordPress site gets hacked and turned into some malware-spreading site, you can rest assured that you have a recent backup of the entire site sitting outside the WordPress directory (in fact, you can download the backup to your computer for safe storage.) After cleanup, you can be back in business with the click of a button. Malware cleanup is a whole other can of worms, but let me just say that I spoke to a rep at HostGator that claimed they offer to clean up infected websites for subscribers.
Download myEASYbackup plugin
If the current myEASYbackup plugin doesn’t work for you, try installing the beta version of the plugin.
See myEASYbackup in action:
And the number 1 gripe typical clients have about WordPress websites… speed. You have now packed everything under the sun into your website and the thing runs like than a 1982 slow jam. There are numerous caching plugins that will help speed up your site and fine tune it, but only one has shown me incredible speed, consistently: W3 Total Cache.
W3 Total Cache plugin
I used to use WP Super Cache until a read a bunch of other developers moving over to W3, so I tried it out on a big, bulky site. The difference between the two was very noticeable. The difference between no caching and W3 was huge. The site loaded in 2-3 seconds with the plugin turned on, and about 7 seconds without it (told you it was a bulky site!) Out of the box this plugin works like a champ. With some knowledge of what your server and site can handle, you may be able to turn on/off some of the features to get even faster load times. Just keep in mind that you want to do your before and after testing of this plugin while you are logged out of WordPress and after you have cleared your browser’s cache. The plugin does not serve up cached pages to known users (logged in users), and the browser’s cache can skew your load time estimate since most visitors will be new visitors.
Download W3 Total Cache plugin
These four plugins should be staples in your WordPress website development. While I am proud of them and certainly rely on them, I would highly recommend you stay away from telling the world that you are using WordPress to power your site, and never list what plugins you have installed. Like Fight Club, don’t go telling people you use it, and trouble may pass you by.
In an upcoming blog post, we’ll talk about hiding your WordPress log in page.
Feel free to add comments below, and let other know of plugins you find useful for WordPress websites.