Lock down your casino website with WordPress plugins
You might know how to use WordPress to start your own casino website, but do you know how to make it secure?
WordPress is one of the most stable and widely adopted blogging platforms, but it’s also become a target for malicious hackers who are looking for a new thrill, cracking into someone’s website, and destroying their data, or worse.
Go for the low-hanging fruit first
Before you install any new plugins to your own casino affiliate site, you want to follow two best practices to dramatically improve your security:
1) Don’t use the default account name for administrators — First, make sure that whenever you set up a new site, that your administrator account is not named by the WordPress default, which is “admin.” Once a hacker knows your account name, he’s got half the information he needs to get into your site.
2) Use secure passwords — Second, use a secure password, ideally one that’s randomly generated by a secure password tool such as KeePass (Windows, open source) or 1Password (Mac, commercial). Use this for a rule of thumb: if your password is easy for you to remember, it could be easy for others to guess.
Now that you know the basics, here are our three favorite WordPress plugins for ensuring your security as you start your casino website.
This plugin scans your WordPress installation for vulnerabilities and suggests ways you can improve your security. Here’s what it does:
- Checks your version, to ensure that you’re running the latest safe build of WordPress,
- Checks your SQL table prefix, to make sure it’s not the WordPress default
- Reviews the database errors page to make sure you’re not accidentally allowing someone to reinstall your site and create their own username and password combination,
- Removes the WP ID meta tag, which can tell others details about your installation,
- Checks whether there is an “admin” user, and
- Ensures the accurate placement of the wp-admin file.
This is a great choice for people who are comfortable with editing PHP and backing up a database. If you don’t want to do either of these, you might want to find yourself a freelance web developer who can help.
According to its description in the WordPress Codex, “Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adding index.html to plugin directories, hiding the WordPress version, and much more.”
We tested it on several sites, and it did a great job of doing what it claims to do: removing a lot of rarely-used information and features that can compromise your site’s security. In addition to what it removes, it also hides the plugin and theme information for non-admins, which keeps your site safe from prying eyes.
We liked the easy control panel and the ability to take actions by clicking a few dialog boxes and a submit button. Compared to most of the other security plugins out there, the information provided here is easily actionable for beginners.
This plugin is a great way to get a baseline score of how safe your website is. It looks at six areas where you need to have security and tells you how good your security is, with a red/yellow/green scorecard.
The six areas are:
- Updates — do you have the most current versions of your theme and plugins?
- Configuration file — Where is your configuration file located? It’s best if you move it out of the root folder. And also make sure that it can only be read by you and the web server (400 or 440 permission).
- Code Check — This checks to see if your site’s installation script is still in the WordPress folder. If it is, you’re better off removing it. It also checks for the read me file that displays your WordPress version, and advises you to remove it.
- Files and Folders — Are all of your files and folders protected with the right permissions? This will let you know.
- Database check — Like WP-Security Scan, it checks to see what your database prefix is.
- Server Configuration Check — Does a security scan of your server to make sure everything is working correctly.
If you’re not a WordPress power user, this plugin is going to frustrate you. It does a great job of pointing out the problems, but doesn’t direct you on how you can solve the problems.
All in all, the security of any website is an ongoing project and a moving target. The best thing you can do for yourself is to follow the advice in this article and use these plugins to the best of your ability to tighten the security of your sites.
Have you had any issues with security of your WordPress website, or any site at all? Please take a minute to leave your feedback in the comments.