As a follow-up to my previous post about tracking down a WordPress hack that plagued a site, the next step was to be proactive in making sure these hacks did not occur again. There were also some site optimizations that needed to go into place, since the load time was extremely slow.
Again, Ill admit that Im no WordPress guru, but I knew the mechanics of the web, and I knew what was needed to get a page to load fast. That said, here are the plug-ins I wound up installing on the Evangelical Outpost site that has really improved things:
On the security front
SI CAPTCHA Anti-Spam
Are you getting too many messages clogging up your posts? This typically occurs by scripts or bots that can easily walk in, fill out the comment fields, and move on to your next post. What CAPTCHA does is provide some obfuscated text that a robot cannot read, and requires some form of intervention to interact with before the commented it submitted.
WordPress Exploit Scanner
This plug-in can be run from the admin panel and will look over all your files and folders for folder permission issues and other items that can open security holes in your site. Dont run this during the middle of the day, since this scanner will take up a bit of time and resources.
On the performance front
W3 Total Cache
Add Meta Tags
This plug-in is a simple tag that allows you to insert the proper meta tags into the head of your front page and/or post pages. There are no frills to it, but if you need to put a tracking code in and not worry about doing it across themes, this plug-in works great.
The default robots.txt file does not help at all for getting your search engine details in place. It also was causing a few problems during our spam problems because the cached content was getting consumed by GoogleBot as well. Since the file is dynamically generated by WordPress, this plug-in allows you to configure what your robots.txt file will look like to the crawlers to your site. You can read up on various configurations for your robots.txt file and configure yours accordingly.
Google XML Sitemaps
Having a sitemap file that Google reads does wonders to your site. It helps with your search results, and it also helps generate site links that appear right below your main site link to help users dig deeper into your site. Unless you have your own complete site map or index generator, odds are your older posts will slowly get lost within your site, and only a rare search will pull it up again into the Google cache. This plug-in will generate a compressed sitemap file that includes ALL of your posts and topics, plus it includes the proper refresh keywords to make sure things are updated within Google frequently. Our previous sitemap was only grabbing about 20 items. Setting up this plug-in submitted all 3000+ articles for indexing/caching on Google.
All of these plug-ins installed quickly and most required little to no configuration details to get running. Having these items installed has helped both our security and performance on the site. I hope they help you as well.
Have you found any plug-ins that are helping performance/security on your WordPress install? Im always looking for new ones, so let me know!