What with all the static over DDoS botnets directed at WordPress sites, I thought it was time to get serious about the security of this and my other personal sites. Enter the Better WP Security Plugin and CloudFlare.
The Better WP Security plugin has been around since 2011, and CloudFlare since 2010. So there’s really no excuse for my being ignorant of their existence until today.
But once I checked them out it took me about 15 minutes to realize I had to give both a try.
Better WP Security analyzes the plugged-in site and presents a dashboard with a color-coded list of potential vulnerabilities. Each of these is accompanied by a link to proposed fixes that can be executed from the plugin.
Most of the solutions are common sense best practices that will be familiar to most webmasters who have been around WordPress for awhile. The real genius of the plugin is in its clear presentation of issues and remedies such that even experienced administrators will find it beneficial to employ.
CloudFlare’s content delivery network is analogous to well-known enterprise services like Akamai, without the crushing price tag. The most basic service is free and provides control at the DNS domain level (enabling requires switching to CloudFlare’s DNS name servers). My host provider, Bluehost, is currently heavily promoting CloudFlare’s services.
Reporting and analytics are also available, although I haven’t been on the service long enough to evaluate them (the free service only provides results for the period beginning 24 hours earlier).