I’m back 🙂
This time I have over 7 months working for Site5.com. I have been able to interact with probably more than 1 thousand customers and helped them on their issues. Most of them have no HTML or Security expertise and are regular folks like you and me trying to get on the digital stairwell of the world wide web.
But when they install WordPress they forget about having to do some maintenance to it. Having a website whether is WordPress, Drupal, Joomla or any other CMS, requires some admin work as well. Having a website is like having a vehicle, it needs tuning, maintenance and gasoline, and off course you CAN NOT OVERLOAD the weight it can carry or you will take it down.
The same thing applies to WordPress, bugs are discovered, there are several Botnets that daily scan across the internet for websites running wordpress and then attempt thousands and thousands of login attempts where via wp-config.php or the gruesome xmlrpc.php. These are called BRUTE FORCE ATTACKS. Sucuri, a leading security provider, published a report on the XMLRPC attacks that you can read here.
So for all of you WordPress users I am writing this article from my perspective as a technical support specialist.
Just like your computer, your WordPress also needs a firewall service, and BulletProof Security from AIT-pro is just that. It works as a protection to disable unauthorized access and to block those script kiddies trying to brute force their way into your site. It implements security controls like:
- .htaccess rules generation, to block IPs that have failed to login to wp-admin more than 3 times. Once the plugin detects an IP with several failed attempts, it adds it the .htaccess file so your Apache can block access to this particular offender.
- It also logs and checks for HTTP errors, that why you might have someone trying crawl thru your website or scan for vulnerabilities; so you can also block them from snooping around.
- It also creates backup databases and can even email them and schedule the generation and deletion of old backups.
As I stated previously one of the most recent ways to take down WordPress sites are done using the XML-RPC procedure. But you can simply download this plugin to disable that feature, then go to your wordpress admin console >> plugins and then enable the Disable XML-RPC plugin. And you are done!
You can validate that XML-RPC is disabled on the following web tool:: http://xmlrpc.eritreo.it/
Similar plugins or services: Remove XMLRPC Pingback Ping
W3 Total Cache
Every single time you load a page from a WordPress based site, it does several queries to the database and process the PHP into plain HTML, all of that uses resources. And when you are using a shared hosting account, chances are that you have limited resources and you can get limited whether on CPU, Memory or PHP Process like we do on Site5.
The cache layer is a very important one, because it reduces the usage of CPU, Memory and queries to MySQL. The plugin create a static copy of your site, so instead of having wordpress to perform the same task over and over again, it creates a cache of the files and contents and set a expiration or TTL time on that, which will tell the script to try to fetch a new copy of the site every given time.
WP Cron Control
Let me first start explaining that on the Linux world, a CRON is a scheduled task that runs every certain tab depending on the scheduling setup by a person.
This plugin allows you to take control over the execution of cron jobs. It’s mainly useful for sites that either don’t get enough comments to ensure a frequent execution of wp-cron or for sites where the execution of cron via regular methods can cause race conditions resulting in multiple execution of wp-cron at the same time. It can also help when you run into posts that missed their schedule.
Google XML Sitemaps
Use this plugin to submit your WordPress site to Google’s Webmaster tools. This plugin will generate a special XML sitemap which will help search engines like Google, Bing, Yahoo and Ask.com to better index your blog.
With such a sitemap, it’s much easier for the crawlers to see the complete structure of your site and retrieve it more efficiently. The plugin supports all kinds of WordPress generated pages as well as custom URLs. Additionally it notifies all major search engines every time you create a post about the new content.
And there you go folks, this is what I recommend folks to use on their site as basic pillars on which to build your awesome website. Hit me up if you have any comments or need some guidance, I’d be happy to lend you a hand.
Please don’t forget to share this article on your social media and other websites 🙂