In and by itself WordPress is a remarkably secure and stable platform. Add to this its flexibility and it is small wonder why 15% or so of all the websites out there are running on WordPress.
However, even a rocksolid safe is not very safe if it is installed on a rolling cart.
The unfortunate truth is some WordPress administrators have an attitude that can only be described as either ostrich or Pollyanna. More than a few people believe they do not need to be concerned about security ‘because I don’t have anything the bad guys would want.’
This is wishful thinking at best. If you have a WordPress site you have something the Black hats want, resources. This is no different than a person at home with the computer attached to the Internet. In that case the bad guys want the homeowners computer to make it part of a botnet. In the case of a WordPress site the bad guys want you for a hacking attempt such as a cross site script (XSS).
Fortunately there is a killer nice plug-in known as BulletProof Security that is available. The good news is you don’t need FTP access and is relatively easy to install and use.
Installation is like any other plug-in. It really becomes one click protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.
I have been using it for about six months now and I have to say it is remarkable. At the time of this writing it has 137 ratings averaging out to 4.5 stars (out of five) and seen more than 210,000 downloads.
I can confirm that when an update is made I get automatic notification in the WordPress dashboard.
It does require a minimum of WordPress version 3. Of course if you are not running the most recent release of WordPress this entire article probably is of no value to you. And in my opinion, you’re just asking for trouble.
BulletProof Security works on WordPress as well as MU – Multisite websites. In a MU site only Super Admins see the BPS menu as it is automagiclly there in sub sites.
For the truely paranoid there is BulletProof Security Pro at a one-time cost of $49 with free lifetime upgrades. If you are not using BPS, give the free version a spin before you go pro. You will sleep better at night. Just ask HB Gary.