We have talked about WordPress Security quite a bit lately. Since WPLift has become well-known and traffic has gone up, so too unfortunately have people trying to take advantage of the site - We are under constant attack from people trying to hack our admin and spam the site. I have the limit login attempts plugin activated, here is a small sample of people trying to log in as admin and other users (this plugin automatically blocks people's IP addresses) :
On other blog of mine, I had someone successfully install malware which resulted in us being blocked by Google for a period while we cleaned the site and filed a re-inclusion request. Obviously this is a huge pain and results in a loss of traffic and therefore a loss of income.
I now use a service called Sucuri which is an amazing security service - it does server-side monitoring on your website and watches out for any malware, file changes, changes in content and if it finds any it alerts you. They then remove any security problems for you. The service costs $89 per year for one website which I think is a steal really - it cost me more than that when my other site was banned from Google for a month.
In this post Im going to take a closer look at the features offered.
So the first step in protecting your site is to monitor it for any attacks, it does this by creating a snapshot of your site and looking for changes like new posts, content changes, files being added etc. If you are using WordPress, they provide you with a plugin which keeps a complete log of whats happening, it also provides one-click hardening for various aspects of your site. The monitoring section of the plugin looks like this :
I have blurred out the details but it lists things like - user logins, failed user logins, IP addresses automatically blocked, content changes (when writing editing a post), posts published, attachments added etc.
The malware monitoring system looks out for the following things :
- Cross Site Scripting (XSS)
- Website Defacements
- Hidden & Malicious iFrames
- PHP Mailers
- Phishing Attempts
- Malicious Redirects
- Backdoors (e.g., C99, R57, Webshells)
- IP Cloaking
- Social Engineering Attacks
So now you know the your website is being monitored closely, you need to know as soon as possible if anything does get compromised. The following options are offered :
- Jabber – Chat
- RSS Feeds
I have it sent up so I get sent an @reply on twitter which goes through to my phone as soon as something is dicovered - I quite a few alerts a day because I publish new posts daily and my ad system rotates banners which show up as the content being modified - this is a small price to pay though.
Finally, Sucuri also includes a clean-up service so if your site does get hacked / infected etc they will manually remove anything malicious and return your site to it's original state. I love the peace of mind this gives - many people would panic if they were hacked an not know completely what to do, now that doesn't matter - you can just let the professionals take care of it for you - you just have to provide access to your site via FTP or control panel and they will repait it and keep you updated via ticketing system.
I'm very impressed with this service and plugin, for $89 per year, the peace of mind it offers is well worth it. Luckily I have not needed to use the clean-up service but knowing it's there is great - how much would you have to pay a professional to audit and secure a website after a hacking? I'm sure it would be more than $89! If your website is important for business then give Sucuri a try - I'm sure you will be as pleased as I am.