As WordPress blog owner spending hours on its content you should concern about your product security. In other case it’s possible to lose all that hard earned content in a minute. There are a lot of malicious software bots and damn headless young crackers permanently trying to hack our blogs. And if it’s easy to restore original content from the fresh backup copy (do you have it?), it’s more complex (if possible at all) to restore the lost reputation in case your blog was used as spammer base or showed some bad content after hack incident.
Are you sure that your loving blog is secure?
Ultimate Security Checker WordPress plugin is the tool which could check your blog for security issues and recommend how to fix them. At the moment this review version 2.7.0 is available at WordPress repository. I tested it successfully with WordPress versions 3.2.1 and 3.3 Beta. What does “Ultimate Security Checker” offers to its user?
In seconds it checks your WordPress installation for 25 well known default WordPress configuration security issues. The most of them should be fixed for every fresh installed WordPress blog. In addition “Ultimate Security Checker” could check your WordPress files for integrity and analyse installed plugins and themes for possible malicious code inclusion.
After activation you can find “Ultimate Security Checker” menu item under the “Tools” menu. When you select it 1st time “Ultimate Security Checker” (USC) automatically makes 25 tests against your blog and shows the results. For example:
USC assigns to your blog security state letter grade from A (best) to F (worst) and gives detailed list of discovered vulnerabilities. You can consult with ‘How to fix’ tab to get more detailed information about each vulnerability and the most important – how to fix it.
When recommended fix is applied return to “Run the tests” tab, press “Run the tests again” button and compare the results. Finally, you should get not lower than “A” grade, like on the screenshot below:
At “Files analysis” tab USC offers to scan your blog files. It automatically checks WordPress core files integrity against controls sum (hashes) included into plugin installation package and fulfill some heuristic tests against installed plugins and themes files. In my test in was needed just about a minute to check about 2000 files:
Results of heuristic control just a point to view and analyse. Final decision is for you or for your PHP code expert. In most cases in could be a legal code:
I don’t recommend you to rely on periodical remind about re-scan option. USC plugin has such at the “Settings” tab:
If you plan to use this plugin on a permanent base it’s quite more secure to re-install it from scratch (manually via FTP is better) every time before make new tests. Why it’s necessary? If blog is hacked, Ultimate Security Checker plugin could be hacked after that too. Thus, it could fake you and show ‘A’ grade in spite of real blog security state.
“Ultimate Security Checker” is a good helper to make your blog more secure. Special thanks to author for the detailed description of vulnerabilities which plugin can test and hints how to fix them.
The question I have after finish of testing this plugin, why not include to it the option to fix discovered vulnerabilities automatically? The possible answer is that this plugin is just promotion tool for ultimateblogsecurity.com service, which offers WordPress blogs security tests, fixes and even WordPress updates for the premium users on commercial base. In spite of some functionality limitation “Ultimate Security Checker” WordPress plugin is well done and easy to use. I recommend it as an important addition to the “must have” set of WordPress blog security enhancement tools.