WP Minder

firewall

Weekly Links Roundup – SEO Title, Membership Plugins, Security Plugins, Firewalls

by Leave a Comment

This week’s WordPress and web marketing links.

What’s the difference between the post title and the SEO title? Ever asked that question? Here’s a definitive explanation from Yoast.

If you’re thinking about creating a WordPress-based membership site, this is the post for you! Here’s a roundup of 15 of the top membership plugins to handle subscriptions, membership tiers and levels, payments, content restrictions and more. Personally I’m a big fan of MemberPress (which I use to run WP Minder’s membership program) – it should definitely be on this list too.

Wordfence has been my security plugin of choice for several years, but their recent redesign and changes in functionality leave a lot to be desired. Another good option is Sucuri – here’s a comparison of Wordfence and Sucuri.

While we’re on the topic of security, here’s a very fresh review of the top WordPress security plugins and services for 2018.

Let’s wander just a bit further down the security road and look at firewalls for WordPress. Best in class is Sucuri’s Web Application Firewall (which is included in WP Minder Small Business and higher plans). My experience with Sitelock support on behalf of clients was very poor and I cannot recommend them. If you want the most secure firewall for your business site and are not using managed WordPress hosting like our recommended partner WP Engine, Sucuri is the one to look at.

 

A Quick Look at the Security Settings for Sucuri Firewall for the Non-Geek

by Leave a Comment

A lot of my clients opt to use the excellent Sucuri Web Application Firewall (WAF) with their Small Business, Business or Premium Plans. Just yesterday I had a new client request we set up a call to talk about the security options before turning on the firewall on his account. I think that’s an excellent idea (one most clients don’t inquire about) and as a result, I’m writing this post to help me get the details into an easy-to-understand format.

So here we go… first, the Sucuri WAF acts like a barrier between your site visitors and your website. It has two modes – High and Paranoid. What Sucuri says about High:

It will enable all our default security checks to prevent SQL injections, Cross site scripting, RFI, LFI, security scanners and a myriad of attacks from ever reaching your site. It will also enable our Virtual patching so if you are ever using an outdated software, it can’t be used to hack your site.

‘Paranoid’ does all that and also prevents anyone from POSTing anything to your site (it’s also called ‘lockdown mode’ ).

Some of the advanced options are a bit confusing, so here’s an attempt at simplification…

  • Restrict the admin panel to whitelisted IP addresses – this is great if you’re not running a membership or ecommerce site where you allow visitors to sign up and login. Basically, you supply a list of IP addresses for legitimate backend users. You can get a URL that will instantly add the user’s IP address to the whitelist (distribute this with care).
  • XMLRPC, Comments and Trackbacks blocked – if you don’t allow comments or use an external comment system like Disqus, turn this on. It will block any comment attempts.
  • Stop upload of PHP or executable content – as long as you don’t allow uploads of scripts or code, turn this on. It will block those attempting to load scripts on your site.
  • Enable Emergency DDoS protection – if your site’s experiencing a DDoS attack you can turn this on temporarily, it prevents anyone not using Javascript from reaching your site.
  • Block anonymous proxies and the top three attack countries (China, Russia and Turkey) – if your logs show repeated visits from these three countries, turn this on (unless of course you sell to or are in these countries). Visitors from them can see all content but can’t create an account or login.

Other things you can do with WAF security settings:

  • Protect individual pages with a password or 2-factor authentication (like mobile phone authentication).
  • Block visitors from specific countries. You can allow them to view content but not login or post, or can prevent them from seeing the site at all.

All WP Minder Plans except the Starter Plan include Sucuri Antivirus for malware scanning and the option to use Sucuri WAF. To learn more about what WAF does, check out this page.

And for an honest review of Sucuri and its services included WAF, take a look here. I really like Sucuri, I use them myself for my own sites and feel very good about offering it to clients as an integral part of my WordPress maintenance services.

New Security Features for WP Minder Plans!

by Leave a Comment

Keeping your site safe!Our Small Business, Business and Premium Plans now come with additional security features from Sucuri.

Our malware monitoring is the same as before – your site is scanned continuously for malware and hacks, plus your site is checked against the biggest blacklists. Cleanup of malware and removal from blacklists continue to be key features.

The new offering we’re now including is Sucuri’s CloudProxy Firewall. Having a firewall in place lessens the likelihood of being hacked in the first place! The firewall protects against:

  • Brute force attacks (an antiquated attack that involves trying all possible combinations of usernames and passwords against your login page)
  • DDoS attacks which throw 10x, 100x or 100,000x more traffic at your site than normal
  • Exploits of insecure code, including Zero Day vulnerabilities

A side benefit of the cloud-based firewall is an included CDN (content delivery network). The CDN can dramatically increase performance as your site files are stored in high-performance servers worldwide – users access the files closest to them, which means faster loading times.

The CDN is highly configurable; you can choose to exclude specific directories, minimize the caching time to just a few minutes, or not use it at all. You’ll have the ability to clear the cache at any time.