SecuPress security for WordPress

/0 Comments/in

SecuPress is a security plugin for WordPress.
With its 30,000+ active installations, SecuPress may not be the most well-known security plugin, especially compared to iThemes Security with 1+ million installations and WordFence with over 4+ million active users.

However, we still want to highlight SecuPress because it appears to be a very good security plugin with unique features that are currently lacking in the previously mentioned popular plugins.

What cool features does SecuPress offer?!

  1. In the “Anti Spam” tab, you can choose to completely disable comments, including their display in the admin menu. This eliminates the hassle of dealing with unnecessary comment features and comment spam.
  2. In the “WordPress core” tab, you can enable automatic updates for minor and/or major WordPress updates. This is typically configured in the wp-config file, but SecuPress makes it much easier.
  3. In the “Plugins and Themes” tab, you can check a box to prevent the activation of new themes or plugins. This is useful when someone with administrator access wants to install any insecure plugin they can find 😉 Additionally, you can disable the upload of zip files (themes and plugins), which helps prevent the upload of nulled themes or plugins.

Most of the other features offered by SecuPress are quite similar to iThemes Security and WordFence. Virtually all the important functions provided by the other two plugins can be found in SecuPress.

Cost of the PRO version is cheaper than iThemes and WordFence

The free version of SecuPress is very comprehensive, and the pro version (€60 per year) is slightly more cost-effective compared to iThemes Security (€67.44 per year) and WordFence (€83.45 per year).

What is Wordfence?

/0 Comments/in

Wordfence is a plugin that protects WordPress websites against malware and hackers.

Wordfence works proactively by using a firewall and includes a file scanner to check your WordPress site for hacks, backdoors, and viruses.

What does Wordfence do?

  1. Wordfence uses a firewall to block attacks on your website
  2. Wordfence has a built-in scanner to scan your WordPress website for hacks, backdoors, and common viruses
  3. Wordfence provides options to enhance the security of your login screen
  4. Wordfence offers features to disable WordPress functions commonly exploited by hackers
  5. Wordfence sends you notifications when issues arise
  6. And more…

Wordfence is the most widely used plugin for WordPress

With over 4 million users, Wordfence is the most popular security plugin. Following Wordfence, iThemes Security has 1 million active installations, and there are a few other smaller options like Bulletproof, Sucuri, Cerber.

Are you already using a security plugin for WordPress?

It is recommended not to wait too long to install a security plugin. Both new and old sites are targeted by hackers. Whether your website is small or large, make sure hackers can’t gain control over it!

Who created Wordfence?

/0 Comments/in

The strength of Wordfence lies in the team behind it, which is Defiant.

teeam defiant

Defiant is the company behind Wordfence, and the team currently consists of 35 developers, each with 5-20 years of experience in websites, programming, and communications.

Team Defiant has various analysts (such as Ram Gall, Giles Wright, Marco Wotschka, Gregory Bloom, Matt Sinagra, Charles Sweethill) who monitor and analyze online threats.

They also have specialists who are skilled at removing malware from websites. While much of the work is automated with the help of customized software, due to hackers constantly coming up with new tricks, manual work and checks are still necessary.

 

Install Wordfence in WordPress

/0 Comments/in

You can install Wordfence in three different ways:

  1. Via the plugin installer in your admin area: This method allows you to retrieve Wordfence from the reliable WordPress.org plugin database. In your admin area, go to “Plugins” and then “Add New.” Type “Wordfence” in the search field. Make sure you do NOT install the assistant version but the plugin called “Wordfence – Firewall & Malware scan.” Click on “Install Now,” and once the plugin is installed, click on “Activate.”
    wordfence installeren
  2. If the installation method described in the previous step doesn’t work, you can manually download Wordfence from WordPress.org and upload it in your admin area.
    wordfenceGo to “Plugins” in your admin area, then click on “Add New.” From there, select the “Upload” option and choose the downloaded zip file from your computer/mac. Click on “Upload/Install” and then “Activate.”
  3. If both methods mentioned above don’t work, you can manually upload the plugin to the server. For this, you’ll need server access and an FTP program. You can use a program like Filezilla. Upload the Wordfence plugin (unzipped using WinRAR or WinZip) to the wp-content/plugins directory. Once uploaded, go to the “Plugins” section in your admin area and click on “Activate” for the Wordfence plugin.
Always make sure to install Wordfence from WordPress.org and NOT from any other source. Do NOT search for Wordfence on Google to download it, as paid advertisements with malicious programs may appear at the top of the search results!

Is Wordfence enough to secure your Web site?

/0 Comments/in ,

Many people install Wordfence and then happily continue developing their websites. Voila! Security is taken care of, right?!

However, I still have a few tips if you want to properly secure your website. Here are some important steps to take:

  1. Review Wordfence settings: When you first install Wordfence, not all settings are configured optimally. This is because different servers or websites may not work well with certain restrictions. You need to manually review the settings to secure your website as effectively as possible.
  2. Use one security plugin, not three at once!: It’s important to use one reliable security plugin. Using multiple security plugins can lead to conflicts. They essentially perform similar functions, such as logging and blocking IPs and attacks. Multiple security plugins will interfere with each other.
  3. Ensure you have a complete data backup: Do you rely on your web host to handle backups? Well, not all web hosts provide complete backups (data + database), and some may only perform them weekly. There may also be storage limitations. Make sure you have the ability to choose backups from at least the past 3 days and have backups available for at least 2-3 weeks. At minimum! If your host doesn’t offer this, you can use a plugin like UpdraftPlus to configure backups. For example, set it to create backups once a day or every two days, with a retention policy of 10 backups and a minimum of 4 weeks. (Keep in mind that you’ll need sufficient server disk space or consider storing backups externally.)
  4. Update in a timely manner: No matter how good the security is, keep your theme, plugins, and WordPress itself up to date. Certain vulnerabilities can provide hackers with ample opportunities that security measures cannot counteract, risking the functioning of your website.
  5. Host one WordPress installation on a hosting package: It’s common for a test installation or an old blog to remain active. Hack scripts test your domain name for old installations to gain access to the server. Examples of folder names they search for include “old,” “new,” “blog,” “wp,” and “wordpress.” Additionally, WordPress sites can easily show up in search engines like Google, including old sites and test installations. So, don’t leave them unattended!
  6. Ensure you have a reliable web host: Some web hosts lag behind in maintenance or use outdated PHP versions. Hackers frequently discover vulnerabilities that require regular updates to server software. Make sure your host applies updates in a timely manner.
  7. Use a strong password: It goes without saying, use a strong password. But how often do people use passwords that are in the dictionary, like “fridge7” or the name of a pet? Even worse, some people use the same password to log in to multiple websites. Don’t do that! If a website, not even yours, gets compromised, those usernames and passwords will be exposed. Scripts will pick them up and attempt to use them on any website they can associate with the username. Use a long and unique password or consider using a password manager like LastPass or Dashlane.

A chain is only as strong as its weakest link, so make sure there are no weak links in the security of your website!

Wordfence expands their services with Wordfence Care & Wordfence Response

/0 Comments/in

![wordfence](https://wpbeveiligen.nl/wp-content/uploads/2022/02/worfence-uitbreiding.jpg)

Wordfence FREE is well-known, right? It’s the free security plugin from Wordfence, currently used on at least 4 million websites.

Then there’s Wordfence Premium, which currently costs $100 per year. Premium offers enhanced security with faster firewall/threat updates.

And now, Wordfence has introduced two additional services:

Wordfence Care

Installation and configuration of the Wordfence plugin, monitoring, and security issue resolution. These services are provided during office hours.

It currently costs $490 per year.

Wordfence Response

This is Wordfence Care, but with faster service within 1 hour, 365 days a year!

For this, you’ll pay $950 per year.

Conclusion

Good or bad: It’s great that they are offering these services now. For large companies already using Wordfence, this can be an interesting addition.

In terms of pricing: It’s not cheap, but it’s also not unaffordable for a medium-to-large company.

Let us know in the comments if you use Wordfence and if you’re considering using Wordfence Care or Response services!

iThemes 7.1 update brings back the import – export feature

/0 Comments/in

iThemes has brought back the import and export of settings that disappeared in the major 7.0 update!

![ithemes import export](https://wpbeveiligen.nl/wp-content/uploads/2022/02/import-export.jpg)

This is great news if you have multiple websites that you want to secure. There are quite a few settings to go through, so having the ability to import and export them is very helpful.

And it must be said, they have done a good job with it! You can now specify exactly which settings you want to export. This way, you can choose to include or exclude things like logs or blocked IP addresses.

![ithemes export settings](https://wpbeveiligen.nl/wp-content/uploads/2022/02/export-settings.jpg)

Poof – gone!

The disappearance of the export function (which is now thankfully back) is a typical iThemes move. In their haste to release a new feature, related functions that don’t cooperate are often temporarily deactivated or (in the past) even commented out in the code.

Either way, it’s great that it was temporary and that it’s now back and functioning well.

Upgrade WordPress or wait and see? Here’s the answer!

/0 Comments/in

WordPress updating can be a challenge! That’s true for most WordPress website owners. Many people hesitate and postpone updating their WordPress websites month after month, and eventually even for a year or longer. We understand why.

The fear of changes to the website design, concerns about non-functioning plugins, or the cost and effort of updating.

However, it’s crucial to set aside these concerns and regularly update your WordPress website. Read on to learn why it’s better to update WordPress and its plugins every 2 months or even monthly.

Updating WordPress prevents bigger problems!

updating WordPress is necessary to prevent the risk of hacks
You can (not) endlessly postpone updating WordPress. By regularly updating your WordPress website, you prevent bots from exploiting weak plugins and creating malware, backdoors, SEO spam, and unwanted administrators on your website.

Removing and undoing malware and hacks can be expensive and time-consuming. That’s why it’s important to update your WordPress website regularly and prevent these issues.

Yes, there can be issues with updating your WordPress website…

[inn-2v3e]Unfortunately, updating your WordPress website can sometimes cause problems.

You’re absolutely right about that.

Perhaps you’ve experienced it yourself while updating your WordPress website or some plugins… or your theme.

Buuuut…[sluit-inn]
[inn-1v3e]website update error[sluit-inn]

The risks of not updating your WordPress website are much greater!

Research on wpscan.com reveals that there are many old plugin versions and themes with security vulnerabilities. Ignoring updates leaves your WordPress website open to these unnecessary vulnerabilities!

But how can you update WordPress, plugins, and themes without issues?

PRO TIP: Updating WordPress? FIRST create a free backup with UpdraftPlus for WordPress!

UpdraftPlus allows you to create a free backup of your WordPress website before performing updates. If something goes wrong, you can restore the plugins, theme, or database individually to their previous state before performing the update.

Some of the key features of UpdraftPlus that are currently available for free:

  • Backup creation
  • Ability to restore the theme
  • Ability to restore plugins
  • Ability to restore the database

Download and install UpdraftPlus for free!

After creating a backup, you can proceed with the updates with greater confidence.
Are you still very cautious? Are you still postponing the updates?

But updating my WordPress website is still scary!

PRO TIP 2: LET a professional update and maintain your WordPress website</

Link spam – what is it?

/0 Comments/in

Link spam, you may have never heard of it, and that’s a good thing! It’s a technique that hackers and online criminals use to make money at the expense of a website’s reputation.

How does it work?

A hacker, or in most cases, a script, discovers that you are using an outdated or risky plugin on your WordPress website that allows them to manipulate the database.

When this vulnerability exists, a hacker or script will execute a payload.

In simple terms, the hacker injects a series of links and articles into your database.

Within seconds, your website will no longer display the desired pages and information that you carefully created, but instead show the information that the hacker wants to display.

Google will index this information, and from that point on, your website will be used as a reference for products that I don’t even want to mention.

The hacker earns money by selling those products.

Meanwhile, the reputation of your website on Google is being destroyed.

Sooner or later, your website will be flagged as 18+ content or spam.

example links in Google

Preventing link spam

  1. Keep your website up to date.
  2. Install and configure a security plugin.
  3. Regularly check the status of your website on Google.

I understand that you may not have time for all of this.

Good news! I do this full-time for WordPress websites.
Monitoring reputation, checking for hacks, keeping everything up to date, and implementing preventive security measures.

Let me proactively secure your website and prevent trouble!

 

Hacked before you’ve even logged in yourself!

/0 Comments/in

That your website is vulnerable when you are highly visible on Google, and that more plugins increase the risk of being hacked, we know. But being hacked even before you have logged in yourself?

That happened to several websites that didn’t complete the installation quickly enough.

How is that possible?!

During a new WordPress installation, the first step is to choose a username and password. You would think that no one can interfere with a new installation. The domain name has sometimes just been registered… no one knows about it yet.

But that’s not the case. The Letsencrypt service used to request free SSL certificates has leaked information, allowing hackers and scripts to identify newly registered domain names and websites.

1, 2, 3 malware

Hackers immediately took advantage of this and if the installation was not completed quickly enough, they filled in a username and password using a script.

They installed a file manager (plugin)

And they uploaded their own malware.

Good practices

It’s a good practice to complete an installation right away, not just the part where you choose a username and password, but also by installing and configuring a security plugin.

If you don’t have the time or the knowledge to secure your website, let us take care of it!
Request a package in time, and we will be ready to secure your new website immediately.
Secure your WordPress website.

Source: [Security.nl](https://www.security.nl/posting/750062/Let%E2%80%99s+Encrypt-logs+vermoedelijk+gebruikt+voor+infecteren+WordPress-installaties?channel=rss)