4 Extensions to Help Secure Your Web Site

4 Extensions to Help Secure Your Web Site

If you're managing your own Web site or managing sites for clients, chances are you're trying to find a way to keep your site secure. It's getting difficult to go just a week without catching wind of some hacking scandal from the news. There's also a good chance your site is built using either Joomla or WordPress, which is great because there are a variety of extensions available for both platforms to make it easier to keep your site safe.

Joomla

BruteForce Stop

Most site administrators set things up using the same common settings. This practice, while it does making managing a large number of sites easy, leaves the site vulnerable to what's called a "brute force attack". Essentially, an attacker plays a numbers game and submits the standard default administrative username (either admin or administrator) and cycles through a list of common passwords. They may or may not continue with randomly generated strings of characters for passwords, but there's a very easy way to reduce the effectiveness of this type of attack and that is to block a source after too many failed attempts.

BruteForce Stop does a great job at this and blocks any source after ten failed attempts, forcing attackers to use a different source (which they can also use only ten times before its rendered useless). I tend to be a little more strict and reduce the allowed failed attempts to five, but in most cases you don't need to be so draconian. It also provides notification capabilities so you receive an email each time a source is blocked, but it's optional.

Download BruteForce Stop

Encypt configuration

Unless your site runs SSL (you know, that padlock you see next to the Web address you're visiting), each time you login to your site you expose your password to any potential listeners. There may not be any, but why risk it when there's a free extension like Encrypt configuration which can ensure the password is encrypted in transit to your Web site even when you aren't using SSL. This extension is one of my favorites because all you need to do is install and activate it to reap the benefits. It's not perfect, but it's all about layering security.

Download Encrypt configuration

WordPress

BulletProof Security

This WordPress plugin adds firewall, database, and login security and comes with four-click setup interface. It provides protection against brute force attacks similar to what BruteForce Stop does for Joomla, as well as scans posts for malicious code and sending notification emails to site administrators for anything it comes across. In addition to the security features, it adds some site performance utilities which are native to Joomla but not WordPress which caches pages (so the site is doing less work to provide a page to a visitor).

Download BulletProof Security

Sucuri Security

This plugin provides similar functionality to BulletProof Security, but was authored by well-known Web security firm, Sucuri. A basic version is available for free in the WordPress extension directory, but if you're willing to shell out some money for added peace of mind, Sucuri can offer better advice with the premium service. The free version incorporates blacklists like Google Safe Browsing and McAfee Site Advisor. In addition to all the features of BulletProof Security, Sucuri also provides logging so you have records of attempts and can pre-empt possible larger-scale attacks by noticing smaller, "probing" attacks design to gather information about possible vulnerabilities. While BulletProof Security does offer email notification regarding security, you may not like receiving a flood of emails and that makes the logging feature of Sucuri Security a better choice.

Download Sucuri Security

Ping! Development

1000 Characters left