For the past day or two, some readers had trouble accessing this blog. Instead of seeing the familiar blog home page, readers were greeted with a 403 forbidden warning saying they don’t have permission to access. The reason for this was I was testing out a new security plugin call AskApache Password Protect. This is an incredibly strong security plugin to protect your WordPress blog. However, it’s so strong that it can lock you and your readers out if you go crazy with the settings, which was what happen yesterday.
This plugin doesn’t control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.
The power of this plugin is that it creates a virtual wall around your blog allowing it to stop attacks before they even reach your blog to deliver a malicious payload. In addition this plugin also has the capability to block spam with a resounding slap, saving CPU, Memory, and Database resources. Choose a username and password to protect your entire /wp-admin/ folder and login page. Forbid common exploits and attack patterns with Mod_Security, Mod_Rewrite, Mod_Alias and Apache’s tried-and-true Core Security features. This plugin requires the worlds #1 web server, Apache, and web host support for .htaccess files.
AskApache offers tons of options to lock down your WordPress blog. You can turn on any or all. However, you should turn on each feature one at a time and then see how it affects your blog. You should also ask your readers if they can access your blog after turning on a feature. I had a total of 12 features enable and while I was able to access everything, a small group of readers were locked out.
If you lock yourself out (which happened a few times to me) then you’ll need to FTP/SFTP/SSH into your blog and remove the code the plugin wrote in your blog’s .htacess file. It’s pretty simple to do and gets you instantly back in but I can imagine the look of horror on a locked out blog owner’s face if he didn’t read the plugin’s readme file.
While no amount of security can keep out a determined hacker, AskApache will stop most of the automated bot and SQL injection attacks. Having an extra layer of security never hurts. Just remember to not turn on everything all at once (unless you enjoy locking everyone, and yourself, out of your blog).
Thanks to Geeks Are Sexy for the heads up on this plugin.
Did you enjoy this post? Get John Chow Dot Com updates via email...
Stay up to date with all of John Chow’s tips for making money online and blog posts by subscribing via email. Your email will be kept private and never shared with anyone.
One of the most common complaint (or excuse) I hear from potential new bloggers is they don’t know how to install WordPress. Terms like FTP and CPanel are like a foreign language and setting up a database might as well be setting up the space shuttle for a launch. Because of the technology barrier, many would-be bloggers never start their blogs...
{ 40 comments }
With wordpress plugins things become so easy. I remember doing all this manually on my websites a few years ago.
That’s still the best way IMHO.
It sure is the best solution, but knowing how hosting has evolved nowadays, few bloggers actually have that much access, for them, it’s no point to reinvent the wheel as these kind of plugin are all they need.
Wordpress plugins make membership sites even easier. Doing it manually might seem like the best way, but with a really good, quality WP plugin, why reinvent the wheel?
Well, poorly coded plugins are always a security threat and vulnerable.
Well, the key to that is to not use a poorly coded plugin. One can always look at the code before they install it.
Wordpress plugins are good because they save you lot of time. At times they can prove to be risky. The best way is to try them after doing some research. Monitoring the blog is important after installation of a plugin.
AskApache Password Protect is awesome. I love how it literally blocks the bots and creates a virtual force field for our blogs. I no longer have to worry too much about hackers stealing my password because i now have my own virtual body guards! haha
Oh and I’ll be sure to not go crazy turning everything all at once, as I’m sure we all can agree that being locked out of your blog, which is like your second home is not fun.
Cool post John.
That is nice.. But I am not sure if we all should be activating that as the plugin warns us that it might break other plugins. Also hacking is widely successful because of the security weakness at your host end. I am not saying that the WordPress flaws are not the reason. It is just one of the reasons.
I know web hosts who deploy software firewalls. How can they skip a hardware firewall? They dont even take care to ensure proper security in the routers. All they look for is cheap hardware so that they can offer cheap plans
Its a nice plugin indeed, but slows down your blog’s performance.
I haven’t noticed any performance issues so far, nor any complaints about it. Have you experienced that?
Hadn’t heard of it yet. Looks like it might be a good security plugin, but I’ll have to look into it more.
By the way, how much money did you lose while your blog was down? lol
Yes … that we would love to know …
What was the amount of your loss for these two days.
The number of spammers and hackers are definitely on the rise. I always wake up in the morning with 100′s of spam orientated content. I will definitely give this plugin a whirl.
This plugin has nothing to do with SPAM comments..
Yes, you should use it if you are concerned about hacking.
I think it can stop spam comments as well. This plugin can stop automated bots that post comments.
For the spam comments I think Akismet is really doing great …
this one will be helpful to you for the security purpose.
Well, to filter SPAM comments, Akismet is the best.
Many CMS script (including vBulletin) using akismet API to fight SPAM.
Amazin John, it would be awesome if you can tell us how to use the settings.
yeah I am also looking for some setting information ..
Thanks for the plug-in info… wouldn’t have found it without your blog!
does it slow down the blog site?
thanks
I have no noticed any slow down. In fact, it could speed up your blog since it stops those exploits before it has a chance to hit your blog. Once those exploits hits, they take up server resources and can really show you down.
Have you noticed any drawback of this plugin yet …
John,
Thanks for sharing. This seems like an awesome plugin to add another layer of security to one’s blog!
Best,
Ian
Yes certainly … blogger like John and Darren is always on target … so they must have these kind of extra safety.
I am sure John already has plenty of security features installed on his server.
NO ‘ZK @ Web Marketing Blog’ I think hackers are smart enough and thats why they mostly target bloggers who are in middle.
i haven’t yet try it. but reading your post it seems very cool and i’m going to try it very soon. thanks for sharing, john.
Let us know how it turned out for you, Rahul
nice tip. could do with some extra security on my site. nice to know it doesnt slow things down as well
hi, nice article, but i don’t find that plugin
Go to your Wordpress admin dashboard and find it there. It still astounds me so few people know you can install plugins directly from your admin panel..
Aah John we really missed you these two to three days.
It was like some important thing in our life is missing.
I think if you are getting some popularity amongst bloggers you should have the plugins like this.
great post, i think i should use this plugin
If you have a good amount of audience and wanna stay safe, you sure should. Already on it haha
Security plugins for wordpress are very popular these days. I’m using only security scanner
well, i installed askapache, great security plugin by the way
Great post. I havent had any problem with security on my wordpress blogs but this is something that should definitely be considered.