Recommended security plugin for ClassicPress

Great!

1 for $12 or 10 for $120 doesn’t exactly encourage bulk buying. :slightly_smiling_face:

PS Nice to see you here again Viktor. Thanks for all the help with CC.

Thanks, I finally have more time now :slight_smile:

Yes, one reason I stopped buying licenses and waiting on the new pricing. Although I don’t think bulk pricing will include unlimited option like iThemes Security.

2 Likes

Re: import/export, for a (free) install that you have all setup just right, you could run a search for “icwp” in the options and postmeta tables… the resulting rows can be exported as SQL…which you can then run against another site’s database, thus exporting/importing the settings. :slight_smile:

1 Like

I prefer to keep sites inside a git repository, disallow ClassicPress from writing to anything outside of the uploads directories and perhaps other plugin-specific directories like caches, and review all code changes and plugin updates for potential security issues before deploying them.

I’m still working on an approach for security in the uploads directory, but blocking PHP files from being executed there is one step that can be taken.

It’s also a good idea to only allow known and trusted users to have any kind of login access to the site, limit this access as much as possible, and enforce strong passwords.

There is much more that can be done (mostly at the server level), but this will get you pretty far. With these measures successfully enforced I can’t think of a way for malware to get onto your site, or for it to pass undetected once it’s there.

1 Like

I’m not concerned about $12 or $120. I am happy to support development for independent plugin and theme developers.

I’m specifically looking for security plugins I can use for ClassicPress. What I need is a security plugin that will be reasonably straight-forward, and consistent to setup and use. WordFence (and the premium version) does that for our larger organization and corporate clients, and does it well for WordPress.

Right now, I think Shield is too complicated and problematic, to be viable for myself or clients. Too many complicated options = too many problems. So I will look for other options. If I find something, I’ll share with the community.

I see there are two other security plugins in Wade’s post “Must Have Plugins List.” Specifically, BulletProofSecurity 7 , GD Security Toolbox Pro 5.

Anyone try those on CP?

@anon71687268 and @ozfiddler, unfortunately the import/export is what caused issues. That completely locked me out, made plugins hidden, and other admin features non-accessible. Be damned if I could find where to disable it. That’s great protection, but also makes use non-usable. I’ll see what Paul suggests for that, and look at other options.

Thanx everyone, you have a supportive and great community here. :slight_smile:

Cheers
Avrom

3 Likes

Hmmm… and I thought you were on the side of the coder getting paid for their work. Shame on you! :grin:

I count you as part of it… so, I’d say we have a supportive and great community here. :slight_smile:

1 Like

I certainly can’t argue with that – and I did pay for a license. :slight_smile: What I described isn’t giving you a paid version of the plugin, it’s intended to make it a bit easier to keep using the free version (which is pretty chock-full of features) of the same plugin. I think Paul’s doing a great job with the plugin (and support) and my intent is not to subvert the paid model…it’s only to help you keep your sites secure. Reasoning: historically speaking, when a plugin becomes too hard to configure, some site owners will just stop using it. In the case of security, this can be dangerous. Also dangerous is using a security plugin not designed to protect the platform you’re using. But, I do take your point and, if you feel that my post was inappropriate, I am happy to remove it. :slight_smile:

1 Like

It doesn’t matter, I do this every-time. I am using a table maker plugin where I first design multiple tables on my local-server, I mark & export the specific rows, which I then import to my live DB server. No harm man!

If I have too many projects, then I might pay for a pro price, for now, I’ll stick to my cheap approach :wink:

@anon71687268 “Reasoning: historically speaking, when a plugin becomes too hard to configure, some site owners will just stop using it. In the case of security, this can be dangerous.”

Yup, I need something way easier to configure. Like I said way too confusing and way too many options. Can’t deal with needles in a hay-stack on multiple sites, running a business. Anytime I have to fight with my software it is time for an alternative. :wink:

I’d like to mention the Shield Security support issue is very good, so the back-end issue was solved (I never would have found that setting).

Paul also personally reached out, so that shows support above and beyond… Don’t know many other plugin developers that will do that! :+1:

Cheers
Avrom

3 Likes

I can also attest to this. The plugin feels very supported.

You can put Code Potent on that list. :wink:

2 Likes

@anon71687268 Thought of building a security plugin? I’ll do the UI. :slight_smile:

1 Like

Ha! I haven’t decided what my flagship offerings will be. I’ve narrowed it, but, security isn’t on the list. I want something unique, useful, and interesting… of course, I’ve been bogged down a bit writing a bunch of supplementary plugins just to ramp up the actual effort. :smiley:

2 Likes

No problem. It’s just that from our recent discussions elsewhere you got me thinking. I do like getting stuff for nothing, but I see now there is another side to the story. Coders need to eat!(especially potent coders).

2 Likes

What’s this eat thing of which you speak?! I’m happy If my IV drip of coffee is topped off from time to time.

:smiley:

I’m confident that a nice balance can be found, particularly when so many varied talents are taking part in the conversations. It really does help us to see more sides of the box and appreciate the struggles we all have.

2 Likes

Still running BPS Pro on all my ClassicPress (and Wordpress) sites with no problems (licence is relatively cheap one-off payment for unlimited sites).

An issue cropped up a year ago, but it proved to be on ClassicPress side and was resolved by James. BPS Pro author was happy to look at any issues cropping up with ClassicPress - see Topic: BPS Pro Compatibility with classicpress? | BulletProof Security Forum thread on their forums.

5 Likes

Thank you @robf!

3 Likes

@Paul - do you have any update on the bulk pricing changes? I’d happily get Pro Shield on all my sites if it was a bit more enticing for a quantity price (I currently have around 23 sites). :slightly_smiling_face:

2 Likes

@ozfiddler thanks for the question! We’re working on a new website to completely replace our current one. New pricing will go live with that. However, it’s unlikely that pricing will get much better than the current pricing which is already priced at a bargain of $12/site. Nothing is finalised as-yet though, but if you’re on our mailing list you’ll get advance notice of when the change is coming…
Cheers! :slight_smile:

6 Likes

Hi @Paul,

Could you possibly mention that Shield is compatible with ClassicPress on your wp.org readme and also on your website? I think that would be mutually beneficial.

4 Likes