After I wrote my post on plugins for increasing your blog’s security last Thursday, I sent it out on Twitter, shopping for readers. I do that because it is nice to think that someone may get something from the effort I put into writing the posts. Well I got a response on Twitter, from @blondishnet,  about it being better to use other methods, like modifying the .htaccess file, to tighten security on your blog, rather then using plugins.

I think I finally managed to convince her that I did agree with her point, but I was not writing these posts for the kind of person that was able or comfortable with doing that kind of thing. I am trying to point out plugins that are easy to use and add functionality for people that are not technically inclined or even tech-phobic. That may seem somewhat strange, given the plugins are for software used on the “intrawebs”, but the fact is, the web is so ubiquitous these days, all kinds of people use it.

But since I do agree with her, I decided today to put up a few links to other places where you can find information about making your blog more secure.

Links for improving your security

• Blog Security – This should be your first stop. A lot of articles, covering all levels of security. Including a security scanner that can run some basic checks of your blog.
• Geek Ramblings – An article discussing some of the things that Blog Security talks about. The comments are also useful reading.
• Webmaster World – A very informative thread on the forum there about various ways to secure WordPress. A lot of it is very technical, so it is definitely not for everyone.
• Make Tech Easier – Another post about making your blog more secure. With more good information in the comments.
• guvnr – An excellent video tutorial, along with notes on the post, for making your blog much more secure. If you are at all willing to try something new with your blog, follow along and secure it with these instructions.

Final Words

One thing you will notice about these sites is the amount of overlap. They all talk about good passwords, protecting your plugin directory, changing your admin name, and other things like that. The reason they overlap is they are all covering the most basic things you should do for security. If you are not comfortable doing most the things that are talked about and explained in the various places on the list, you should at least do the most basic.

And add some plugins like the ones I looked at last week.  A couple of them will help do some of the things mentioned in the articles, others help in different ways. They are not the best ways to keep your words safe, but every little bit helps.

Keeping your information secure on the Internet is a never ending battle. You need to keep your OS, anti-virus, anti-adware, and anti-spyware all up to date. And your WordPress blog is not an exception to this. So today will be a look at the various plugins available to help increase the security of your blog.

Secure WordPress has a nice selection of options for making your blog harder to hack. It hides your WordPress version number and creates an index.html in your plugin directory to keep that information hidden. It also allows you to remove the Real Simple Discovery and Windows Live Writer links from your blog header if you do not plan to use either of those methods of remote blogging. Two of the options are very useful for multi-user blogs. You can remove the ability of non-admins to use or even see the upgrade abilities for both the core WordPress files and any plugins. Finally you can choose to remove both the tooltips and error messages from the login page.

Not much available on this plugin, but it takes care of some of the most basic things to make you blog more secure. Hiding the upgrade stuff is obviously not useful for single user blogs, but does give you options if your blog expands. And one other nice touch is the ability to delete the plugin settings from your database if you decide to remove it. It would be nice if more plugins had this ability.

Admin SSL is designed to give you a secure connection to your admin login page, as well as some others. You can also set up some pages to not use SSL, if this is required for proper use like xmlrpc. It also allows you the option of adding other pages if you need to. It is easy to set up, and there are good instructions and a FAQ on the plugin at its homepage.

WP-SpamFree uses a combination of javascript and cookies to block spam comment attempts. Rather than capturing the spam like Akismet so it can be checked, this plugin prevents the comment from even being posted. It also give you the option of blocking both pingbacks and trackbacks if you are getting a lot of spam with that method. And there is a contact form included, if you want one that does not use CAPTCHA for spam protection.

The contact form is nice, with options for various fields, including a customizable drop down menu that can be required.  You can also have technical information about the sender included, if you are having problems with harassment. And there are some buttons included to show how many spam have been blocked by the plugin. The documentation is very good, and linked to directly from the setup page.

There are some plugins that conflict with this one. The known list is on the documentation page. The button for how many spam have been blocked is a nice touch, but it does require getting into your PHP files. A widget option, like the one for Akismet, would be much nicer for the average user. But the downsides for this plugin are fairly minor. It is plug and play, you do not have to do anything to get it working. The added options are just some nice touches in addition to its main function.

Invisible Defender is another spam protection plugin, which is even more plug and play than WP-SpamFree. There are no options, you just install and activate the plugin and it starts working. It uses CSS styling and some input fields to detect spambots, returning a 403 error when they are found. Easy to install and use, the only question is effectiveness, which only time will tell.

Login LockDown helps prevent a brute force attack on your blog login. You can set how many times it will allow retries from the same IP address within a certain amount of time before it blocks more attempts. Another easy way to help keep unwanted people out of your stuff.

Final Words

Here are five ways to make your blog more secure. They are all easy to use and seem to do the job they are designed for. None of them cover a large number of areas, but they seem to be able to work together for the most part. It is doubtful you would need both spam blockers, especially if you also have Akismet, but even they do not seem to conflict.

You should give serious consideration to these plugins, or others like them, for securing your blog. Along with standard things like backing up your blog regularly, keeping it more secure will help keep your blogging experience enjoyable.