WP SITES

2948 Tutorials & 189 Plugins

Secure WordPress by WebsiteDefender

Secure WordPress is one of the most popular WordPress security plugins. Its very easy to use as all you need to do to configure the settings is check the boxes and save the changes.

You’ll then need to open an account with Website Defender and upload a verification file to your root directory on your server.

Its crucial to secure your WordPress installation from hackers by finding out which files hackers can exploit which this plugin alerts you to after scanning your WordPress installation.

I’ve just installed the plugin and set it up after creating a free account with Website Defender.

Before you start using the secure WordPress plugin i suggest to take a full backup of your files and databases and download them to your local computer just in case you make a mistake.

Once you’ve installed and activated the Secure WordPress plugin, go to the settings page and select which security measures you want to enable for your WordPress installation under the Configuration module.

Click Save and you’re done with the configuration settings.

Here’s the configuration settings i’m referring to in the screenshot below.

Secure WordPress Configuration Settings

You’ll also notice 3 red buttons on the right hand side of the configuration module.

These red buttons will turn green once you have created an account with WebsiteDefender and uploaded the user agent file to the root directory on your server for verification purposes.

Here’s an image of what i mean below.

Secure WordPress Website status on Website Defender

Alerts

Under the alerts tab in your Website Defender account you’ll find the different types of security alerts.

Click on each alert link to take a closer look at the different alerts.

WebsiteDefender Alerts

After clicking on the first link, Executable file found in WordPress uploads directory.

you’ll find that many of the critical security risks come from your /public_html/wp-content/uploads/ folder

WebsiteDefender Description

Here you’ll find temp files and uploads which you may no longer need.

To be on the safe side you can compress them and then download the zipped files using File manager in cPanel or FTP, otherwise you’ll have a copy of these in your full backup which i suggested you take before using this plugin.

Once you’re covered, delete the file’s which pose a security risk from your server.

Caution: Make sure you don’t delete files which you actually need to run your site otherwise you’ll need to upload them from your backup.

After deleting the files from your server, you can check the box next to the file you’ve deleted and then mark the files as Resolved.

The reason these php files are displayed as a security alert is because WordPress doesn’t allow uploading of php files in the uploads directory which is the only directory in WordPress with write file permissions.

Other Security Alerts

You also find the Secure WordPress plugin alerts screen displays:

  • Plugins which need updating
  • Backups that need deleting off your server after being downloaded
  • Multiple WordPress installations detected which may be for sub domains or sub directories

Analyze the contents of the files. If the file is malicious, delete it immediately from your system!

Status

The status tab displays Alerts, Malware, Site Status and Scan Status.

Here you can click on the Critical link and deal with each file as discussed above.

WebsiteDefender Status

Scan Settings

The scan settings is where you can download the user agent php file and upload it to the root directory on your server. Click the Test button to verify the file is working correctly.

WebsiteDefender Website Settings - Scan Settings

Conclusion

Secure WordPress has been downloaded over 600,000 times and is very easy to use.

Its a great plugin for detecting malware and cleaning up files which may pose a security risk on your server.

Have you used this plugin? Do you know of any WordPress security plugins which are similar?

2 responses to “Secure WordPress by WebsiteDefender”

  1. […] to change your WordPress username however i think there’s several others like Wordfence and Website defender are […]

  2. […] recommend Wordfence and Website Defender which i have tested and both detected the malware hacked into  my core WordPress […]

Was This Tutorial Helpful?