So you finished your website! Congratulations. All images are neatly aligned, posts and pages are SEO proof and it is time to go live. But what about the security of your site? Hackers are all around and the platforms everyone uses (e.g., WordPress, Joomla, Drupal) experience a lot of attacks. Sometimes your webhost is helping out a little but it is advised to add some layers of security yourself. Here I will discuss the iThemes security plugin formerly known as the Better WordPress security plugin. This plugin can do a lot and configuration takes some time but it is well worth the effort.
Security plugins for WordPress
There are many plugins around that claim to secure your WordPress site. Do a quick Google on WordPress security plugin and you’ll see for yourself. But (as with all plugins), there are very well written plugins and there are those that are not so good or contain malware to compromise your site. And that was not the idea of this post right?! My advice in this matter is to use only plugins that are available via WordPress.org. Here you can check the plugin rating, whether it is compatible with your version of WordPress and you can read the details about the plugin.
Install and configure
I assume you know how to install a plugin. If not, check out the WordPress codex, it is not that hard. After successful installation you will see a new item in your WordPress backend menu which is named Security. Clicking this icon leads to the following screen where you can do a quick configuration. Follow their guidelines though and make that backup!
Alright, succeeded in making that backup? I use the Backup to Dropbox plugin which makes a weekly backup of my files and database to my Dropbox account. Configuration is very intuitive so there is no need to postpone this. After this I click the second blue button Allow File Updates. Now the plugin has write access to the .htaccess and wp-config.php files. The next quick security measure is the One-Click Secure to get the basis configuration. Clicking Dismiss leads to the dashboard page of the plugin. Here you can see a list of security holes ordered by priority.
Red means danger and yellow means warning. The plugin is able to fix a lot of the common security holes and the descriptions of most of the points are quite clear. I have to note here that in my opinion it is best to install and configure this plugin in an early stage of building the site. To fix some of the security issues, changes to your database are required and that may conflict with other plugins. I think it is best to add your other plugins one by one after configuration of the security plugin to see if there are any problems.
More control by doing security manually
If you don’t like plugins, for example due to possible overhead or performance loss, it is also possible to secure your site manually. A nice starting point could be this tutorial in which you learn how to make changes to the .htaccess file. Funny thing is that this plugin actually performs these changes 😉
Configuration complete? All points fixed and no more red, yellow or blue points remaining? Great job. And what about page speed? Try it yourself in a new browser (incognito) window. If your page speed has decreased dramatically you now know the price of maximum security: it affects your performance big time.
I experienced the same issue and found out that the option File Change Detection was slowing down the site. However, in a more recent thread iThemes Support did not have any experience with their plugin slowing down websites. It is also possible that the issue was caused by the server settings.
The iThemes Security plugin is a very powerful and great plugin for securing your WordPress site. Installation and configuration have been greatly improved in comparison with the older version and you can easily secure your site by clicking away the coloured security holes. If you have used this plugin or another security plugin I would love to hear your experiences in the comments below!