My first pick for WordPress plugins was Better WP Security. Now, normally, I don’t make a habit of announcing the plugins I’m using, especially when they have anything to do with security. It’s like announcing to more malicious hackers “Hey, this is what I’m armed with! These are my weaknesses!” If your hypothetical attackers know what you’re using, they have a much better idea of what kind of soft spots they can exploit to gain access to your site.
For the purposes of this blog, though, I don’t mind terribly. I’m intentionally hiding this blog from search engines because I already have a blog I try to use with some regularity. Hopefully, this site will, for the duration of this semester, be protected by virtue of obscurity. Fingers crossed.
As I was saying, though: Better WP Security. The plugin is intended to be something of a one-stop shop for a lot of the basic security measures you can take to protect to your blog, things like making sure your admin account isn’t actually called “admin”, securing key files like .htaccess, and even preventing 24/7 access to the admin area.
Installation is pretty simple. You can search for the plugin by name for one-click installation in the WordPress admin area, and then all you have to do is click “Security” in the sidebar to start getting things set up. The plugin even color codes the steps you can take to secure your blog based on the severity of the threats. It’s pretty handy if you’re not all that familiar with security.
Mind, Better WP Security covers only some aspects of site security, so it should only be one aspect of your security strategy, but it’s definitely a good tool to employ.