Essential WordPress Plugins for Artists: Security

Guest blogger: Kim Bruce

Hackers are finding the open doors in WordPress and unless you know how to close these doors and batten down the hatches your site is vulnerable to attack. It is just a matter of time until you’re hacked. Artist Frances Clements Fawcett shares in this blog post how it happened to her and how stressful was.

You have been hacked!

I recommend two security plugins. The first will educate you on what you need to do. The second will scan your site on demand.

1. Ultimate Security Checker

Ultimate Security Checker will scan your current installation of WordPress and tell you where and how to fix the problems. Read the entire list and what to do if your site gets hacked.

2. Sucuri Scanner

Sucuri Scanner scans your site for malware on demand. With just a few clicks you can harden – close the doors – the leaks that hackers look for in a WordPress installation. Make sure you harden your site again when updating to the newest version of WordPress.

Notice I said scan “on demand.”

Don’t be fooled into thinking that you can run either one of these plugins once, follow the directions, and you are done. You’re not! WordPress is always developing and the only thing consistent about the Internet is that it changes.

Make it part of your login routine to scan your WordPress site with Sucuri every time you log in to your dashboard. It only takes a few minutes and can save you the hours or days of grief that Frances had to endure.

I suggest using these two plugins in combination. First manually harden with the Ultimate Security Checker and then scan ongoing with Surcuri Scanner.

Kim BruceAbout Our Guest Blogger

Kim Bruce is a working artist who runs Artbiz, where she creates websites for artists. She also teaches how to watermark images with NextGen Gallery at The WordPress for Artists School. Kim works out of her office/studio located in the foothills of Alberta just outside of Calgary.

Send to Kindle

18 comments to Essential WordPress Plugins for Artists: Security

  • I have heard of this happening – our Chamber of Commerce website has been hacked 3 or 4 times already in the last couple of months.Can these scans be done for both the .org and .com WordPress platforms? I would like to scan my website which is on WordPress .com.

    • Hi Morgan

      These scans are only done on the self hosted version of WordPress, being wordpress.org

      The security at the hosted version at wordpress.com is handled for you by the folks there.

      If your Chamber of Commerce site has been hacked 3 or 4 times in the last month, yikes, please upgrade your WordPress install and batch down the hatches (using the list of what to do).

      on an aside: It may seem that going with a hosted site at wordpress.com may save you some grief with security BUT you do not own your content at wordpress.com. If you keep your installation of WordPress and the plugins up to date your security risk goes down substantially, secure it the rest of the way by using these plugins.

      • Thank-you. I’m not ready to manage a self hosted site which is why I have stuck to the .com platform – but glad to hear that they manage the security for me. As far as our chamber website goes, I think the person building the website is switching servers, but perhaps she should be looking at theses plugins too – I will pass this on to her. Thanks again.

  • I installed both of these and after some hunting managed to run them both. Unfortunately the links for more information (after the successful run) for sucuri didn’t work. I got “you don’t have permission” error messages. I figured it didn’t matter because I got enough info from the post run results summary.

    Both utils let me see that I’ve never been hacked and my install is actually pretty good.

    • Hi Patricia

      I think the permission error is coming from Ultimate Security Checker and not Sucuri.

      More than likely if you changed your wp-admin and wp-includes to anything lower than 705 it could trigger the permission error.

      If they are at 705 and you are still getting the permission error, try changing them to 755.

      • Thanks Kim, I’ll look into that. Can I chmod these from the command line or do I need to chmod through the utilities’ own settings sections?

        Patricia

        • The easiest way to do this is to go to the “Legacy File Manager” inside the hosting account cPanel. Once there you should be a menu item on the right “Change Permissions”.

          Contact your host provider if you can’t access your site file manager.

  • Since I’m being paid for my blogs, I expect that my employer is taking care of this — or that it doesn’t even occur, since it’s a .com site.

    What I object to about WordPress is the limited set of formatting options — no bullets, now, in 2012? I need to communicate to my readers in the most efficient way possible; WP, please don’t get in my way.

    Arthur
    arthurcomings.com

    • Hi Arthur

      Yes it is the theme, in your case WordPress’s 2012 theme, that applies the styling including the bullets. Maybe your employer could be persuaded to change themes.

  • This is a serious issue, never give your email in your website and use forms and filters to avoid this.
    I do not use WordPress but a great all-in-one package that I consider great for artists because almost everything is under control and security is paramount. I have never had a problem with security, knock on wood.

    • That’s great Pedro if your program is working for you then definitely use it.

      Personally, I find the freedom of controlling how my URL’s appear, the flexibility, scalability, content ownership and design control that wordpress.org provides far out weighs any security issues, because when properly implemented there are no security issues.

  • How often do you think security programs hack on purpose to stimulate business?

  • […] artists how they can make their WordPress sites more secure using a combination of two plugins.www.artbizblog.com/2012/10/wpplugins-security.html Posted in WordPress on Google News | Tags: google news,News,plugin,Plugins,podcasts,wordpress […]

  • […] Guest blogger Kim Bruce tells artists how they can make their WordPress sites more secure using a combination of two plugins.Read more here. […]

  • […] as: blogs, SEO Related PostsEssential WordPress Plugins for Artists: SecurityManage Your Artist Portfolio in WordPressAnyone Can Snip: Protect Your Art with WatermarksBe More […]

  • […] post in my Essential WordPress Plugins for Artists series for Art Biz Blog. The first one was on Security and the second focused on Search Engine […]