For the past day or two, some readers had trouble accessing this blog. Instead of seeing the familiar blog home page, readers were greeted with a 403 forbidden warning saying they don’t have permission to access. The reason for this was I was testing out a new security plugin call AskApache Password Protect. This is an incredibly strong security plugin to protect your WordPress blog. However, it’s so strong that it can lock you and your readers out if you go crazy with the settings, which was what happen yesterday.
This plugin doesn’t control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.
The power of this plugin is that it creates a virtual wall around your blog allowing it to stop attacks before they even reach your blog to deliver a malicious payload. In addition this plugin also has the capability to block spam with a resounding slap, saving CPU, Memory, and Database resources. Choose a username and password to protect your entire /wp-admin/ folder and login page. Forbid common exploits and attack patterns with Mod_Security, Mod_Rewrite, Mod_Alias and Apache’s tried-and-true Core Security features. This plugin requires the worlds #1 web server, Apache, and web host support for .htaccess files.
AskApache offers tons of options to lock down your WordPress blog. You can turn on any or all. However, you should turn on each feature one at a time and then see how it affects your blog. You should also ask your readers if they can access your blog after turning on a feature. I had a total of 12 features enable and while I was able to access everything, a small group of readers were locked out.
If you lock yourself out (which happened a few times to me) then you’ll need to FTP/SFTP/SSH into your blog and remove the code the plugin wrote in your blog’s .htacess file. It’s pretty simple to do and gets you instantly back in but I can imagine the look of horror on a locked out blog owner’s face if he didn’t read the plugin’s readme file.
While no amount of security can keep out a determined hacker, AskApache will stop most of the automated bot and SQL injection attacks. Having an extra layer of security never hurts. Just remember to not turn on everything all at once (unless you enjoy locking everyone, and yourself, out of your blog).
Thanks to Geeks Are Sexy for the heads up on this plugin.