Security Optimizer (formerly SiteGround Security) - our new must-have WordPress plugin
Table of Contents
The security of our clients’ websites has always been an extremely important part of our web hosting services. Some of the brightest technical minds in our team have been continuously dedicated to crafting unique security solutions and keep the safety level of our hosting infrastructure on an unmatched high level. We have been an industry pioneer in developing server level protections like account isolation, server health monitoring, anti-bot traffic prevention, etc. We also know that on top of the server level solutions, the security of each individual website should be strengthened on application level too. That is why we provide services like auto updates, backups and WAF protection to our clients.
Today we are happy to introduce another tool that can greatly enhance any WordPress site security – our brand new plugin – Security Optimizer (formerly SiteGround Security). The Security Optimizer plugin is available for free download for anyone and it comes preinstalled with all new WordPress installations hosted at SiteGround and provides its users an easy way to protect a WordPress site from malicious attacks. It also includes valuable tools that can help a website owner react in case there is a suspicion that the site might have been compromised. Read below to learn how to make your site safer with our new plugin.
Protect your WordPress against common attacks
In the Site Security section of our plugin you will be able to easily switch on several rules that will harden your website security and prevent common malware, bruteforce and other security issues. Some of these rules, like hiding your WordPress version or deleting your default readme.txt, will make it harder for crawlers to detect you’re even using WordPress. Thus your website will not be easily identified as a possible attack victim when a vulnerability appears. Other rules in this section will add advanced XSS protection and protect your system folders from being injected with malicious files.
Strengthen your login security
In the Login Security section of our plugin you will be able to apply several methods that protect your login from unauthorised access. One of the most recommended methods to protect your login is the 2-factor authentication and with the Security Optimizer plugin, you can easily switch it on for your WordPress administrative area. Some simple, yet very effective protection measures like changing your login URL and not allowing “admin” to be used as a username can be also easily set here. You can also limit the number of login attempts from one and the same IP, which will block attackers trying to guess your password through brute force. And if you want to go even deeper in protecting your WordPress login, there are two more advanced options available. You can specify the IPs from which your login page can be accessed. The option should be used with caution if you use dynamic IP, so that you do not block yourself out.
Monitor your admin area activity log
One of the best plugin features is the detailed Activity log. It allows you to pinpoint things like bad IP addresses that try to access your website as well as registered users that are performing tasks they are not supposed to. For example, you can block with one click IPs that have numerous incorrect logins and at the same time find out which user has deleted that post you are missing. For the initial version, we keep the log 16 days back so it’s worth giving it a look every now and then especially if you have a busy site and number of users with the capabilities to edit content.
React if you suspect your site might have been compromised.
In the Post-hack section of the plugin you will find a set of actions that are useful, if you believe your site security has been compromised. Here you will be able to automatically log out all users and force them to change passwords. This way if any user was compromised, you may stop the malicious access through its account. You will also be able to reinstall all your current plugins. This will make sure you are using a clean copy of each plugin instead of a possible compromised one. Please bear in mind that although these post-hack actions are handy, they are not a substitute to a thorough site clean up that might need to be done by a WordPress security expert, if there are signs that your website might have been hacked.
How to get Security Optimizer?
Security Optimizer is available as any other free WordPress plugin. You can find it in the official WordPress plugin repository (https://wordpress.org/plugins/sg-security/) or install it directly through your WordPress admin area. If you host your next WordPress website at SiteGround, using the plugin comes right out-of-the-box, since all new WordPress installations now come with the plugin preinstalled with some of its features enabled by default.
This is the first plugin we are releasing whose full functionality can be used by anyone, even people that are not hosted by SiteGround. This said, we haven’t done excessive testing on every other company so issues caused by their particular setup may occur. If that’s the case, don’t hesitate to post a thread in the plugin forum in the WordPress repository, we will do our best to make sure it works great on all platforms.