This plugin is more technical than I had hoped for, but I have learned some very important facts about WordPress by using this plugin.
- NEVER use the username ‘admin’ when installing WordPress on your site!
- Enforce strong passwords! I cannot stress this enough! With this plugin, you can force every role, Administrator, Editor, Contributor, and User to use strong passwords.
This particular plugin is very technical. But don’t be afraid. There are notes along the way as you close up all the vulnerabilities with this plugin.
Pros: This plugin will tell you where your website’s vulnerabilities are and walk you through locking it down and making it more secure. The log files are very informative and continually show you where the attacks are. As you get used to how this plugin works, you can begin to ban IP addresses that seem to attack a lot and regularly.
Technical support seems to be on top of helping their customers out in a timely fashion.
Cons: There is so much to this plugin, if you’re not careful, you could end up locking yourself out or hosing your site. However, as I said above, technical support seems to be on top of helping their customers. Also, in order for this plugin to be effective, it must access core files as well as .htaccess files. Although this is a plus, it’s also a problem if you need to access your own .htaccess for any reason. Also, this plugin will send you emails of changes to files and login attempts. This is cool except that it sends multiple emails, thus driving the bandwidth of your site up. So once you have a handle on what you really want to know about NOW, you can shut this feature off. It’s already put 3 of my sites over bandwidth.
You can read more of this and other WordPress Security Plugins that I find work well with Better WP Security plugin.