Security

Your Security and Helpful Plugins

Akismet | Wordfence | iThemes Security (formerly Better WP Security) | Backup Database

Your wordpress is uploaded and you’re probably anxious to start using it. But before you do, your security is very important.

Because WordPress is so popular, it also attracts that tiny percentage of malicious coders who can’t wait to sabotage everything they can get their sticky fingers on. A secure password helps but may not be quite enough. WordPress has an arsenal of some very useful plugins that are very easy to install from within WordPress. One security related plugin, Akismet, comes automatically with your WordPress download. But there are a couple of other plugins you would be wise to install.

If you look in your plugin area by going to your Administration area – Plugins – Installed Plugins, you’ll see that WordPress has installed two plugins already. One of them is the frivolous “Hello Dolly” plugin, (not just a plugin, it symbolizes the hope and enthusiasm of an entire generation summed up in two words sung most famously by Louis Armstrong: Hello, Dolly. When activated you will randomly see a lyric from Hello, Dolly in the upper right of your admin screen on every page) that has come with all WordPress installations (one of the developers likes it). You can safely delete this plugin.

Delete Hello Dolly Plugin

It’s easy to delete a plugin that you will not require. Simply check the box beside Hello Dolly and select “delete”; confirm by clicking on “Yes, delete these files” button that appears.

Activate Akismet Plugin

The other plugin that WordPress installs automatically is “Akismet” (checks your comments against the Akismet web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen.). This plugin is completely useful – particularly if you plan to have comments enabled on your WordPress.

Here’s how to get Akismet working:

  1. Go to Administration area – Plugins – Installed Plugins. Click on “activate”. To fully activate Akismet, you need to get an API key. Please note that this is free. Simply click on the words “create one here” (akismet.com – wordpress). Once you have your API key, copy and paste it into the box. While you don’t have to, it’s probably not a bad idea to check the box beside “Auto-delete spam […]”. This will help to keep your database from getting overfull (spammers are persistent). Then click on “Save Changes”. Akismet Configuration
  2. You can also help yourself by going to Administration area – Settings – Discussion to configure the Discussion Settings. Look for “Before a comment appears” and check one of the boxes. Choose “must be manually approved” if you are expecting comments from many different people. If you are comfortable with immediately displaying comments from previously approved authors, check “Comment Author must have previously approved comment”. Scroll down to the bottom of the page and click on “Save Changes”.
    WP comments

Wordfence Security Plugin

Wordfence Security is a free enterprise class security plugin that includes a firewall, virus scanning, real-time traffic with geolocation and more.
 
wordpress.org/plugins/wordfence/

To get this plugin, go to Administration area – Plugins – Add New and type “Wordfence” into the search box. Click on “Install Now” beneath “Wordfence Security”. Go to Administration area – Plugins – Installed Plugins. Click on “activate”.

Backup Your Database

Backing up your database is one of the best things you can do. Do this often and you will save yourself a world of grief in the event of a meltdown.

  1. Login to your CPanel (http://youatcw.net/cpanel/), and click on the phpMyAdmin link in the Databases area (it may be located under “MySQL Databases).
  2. Select the WordPress database that appears in the menu on the left. Look near the top of the right side of the page that appears and select “Export”. Make sure that the Format is “SQL”. Click on “Custom Display all possible options” CPanel phpMyAdmin
  3. Choose “Select All” under the tables. Check “Save Output to file”. Below Output, toggle “Zipped” in the dropdown list beside compression. CPanel phpMyAdmin
  4. Under Object Creation Options, Check the “Add DROP TABLE” box (so you can over-write an existing database if you need to restore it). Also make sure the “Add IF NOT EXISTS” box is checked (to prevent errors during restores if the tables are already there).
    CPanel phpMyAdmin
  5. Scroll down to the bottom of the page and click on “Go”. The database backup will downloaded to your computer.


WordPress Codex: WordPress Backups with CPanel

You can also use a plugin to backup your database.

iThemes Security (formerly ‘Better WP Security’) Plugin

WordPress says that this plugin is the “easiest, most effective way to secure WordPress in seconds”.

iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.
 
Most WordPress admins don’t even know they’re vulnerable, but iThemes Security works to fix common holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users, iThemes Security can help protect any WordPress site.
 
iThemes Security (formerly Better WP Security)

To get this plugin, go to Administration area – Plugins – Add New and type “iThemes Security” into the search box. Click on “Install Now” beneath “iThemes Security”. Backup your WordPress database (Backup Database via CPanel), wp-config.php file, and WordPress .htaccess file. Go to Administration area – Plugins – Installed Plugins. Click on “activate”.

Go to Administration area – Security – Dashboard and you will see a message that you must update your index. Be careful with this plugin though. You MUST backup your database before making some of the recommended changes. You can use iThemes Security to do that. OR you can use your CPanel.

There are several other security and database backup plugins available on the WordPress site.