We love anything which tries to make WordPress a more secure installation, highlights security vulnerabilities, or is proactive in notifying or making recommendations.
Recently we stumbled across this new service called Website Defender for WordPress which is still in beta. We signed up straight away. There is a standalone plugin called WP Security Scan which can be used within WordPress and alongside the Website Defender dashboard. If you do opt to also use the Website Defender online dashboard functionality an “agent” file must be installed somewhere below the document root of your web server, which is a PHP script allowing the Website Defender website to connect to your site automatically and perform security scans. We’d recommend taking an extra step and adding this file to robots.txt to prevent it from being indexed, taking the security to yet a further level.
Website Defender also provide a free security scan if you so wish.
They also claim to :
- Detect Website Malware (What is malware ?)
- Audit your web site for security issues
- Keep your site safe from Google blacklisting
- Keep your web site content & data intact
- Alert you on suspicious hacker activity
- Help fix issues through your online dashboard
So far we’ve been very impressed with the results. It prompts for some interesting security changes on certain sites, including some of the more well-known security vulnerabilities such as changing the admin username and creating a .htaccess file in /wp-admin/ and through the plugin it is possible to review the security scan results, security status, use a tool to generate a strong password and backup your database prior to “securing” your database, which only actually implements a non-default prefix to your database tables. If you’ve already done this, you can skip this step.
The dashboard that Website Defender provides is clean, intuitive and easy to use.
We will keep monitoring this product and will be using it for our customer sites, and may offer further updates on this in the future. For the moment, we definitely recommend giving Website Defender a try.