TimThumb 2.0 – Use it to avoid your WordPress from getting hacked

WordPress has been long criticized for security issues although by just applying certain steps one can make it secure and with proper regular backup policy, one need not worry at all.  You must be wondering that why am I talking about security suddenly – well, TimThumb one of the popular library that is used in various WordPress themes has serious security flaws that can be compromised to hack the servers. The flaw was found by Mark Maunder and has started working with the Ben Gillbanks, original developer to come up with TimThumb 2.0. Here’s what Matt has to say about the whole issue around it and how following standards can make life easy in the eco-system -

Because the code is commonly embedded in themes it’s not easy to discretely update like it would be if the code were a plugin, and even when a theme is updated people are hesitant to update because they often customize theme code rather than making child themes, so if they were to overwrite their theme with a new version they’d lose their modifications. That, combined with the severity of the flaw, means that this is one of the more serious issues in the WordPress ecosystem in a while, even more than normal because it wasn’t in core.

Not that it was Ben’s fault – he never would have imagined that TimThumb would grow to such a level and that most of the theme developers  would start using it instead of WordPress API. I’m not the coder kinds, however according to Ashish Saini, WordPress can generate multiple size of the uploaded images, so if one sticks to the WordPress coding standards then this issue is not an issue for them. We ourselves have been using TimThumb and didn’t realize that it had such a serious flaw [our bad]. We’ll be reaching our clients and will apply TimThumb 2.0 on their WordPess setups to avoid such an issue.

Akismet further becomes de-facto as Anti-blogspam!

HubSpot, internet marketing company has announced the integration of Akismet in their blog platform. I wouldn’t say that it was an expected move, however looking at how blog spam has increased it has become really important for blog platform providers to come up with strong anti-spam solutions. Here’s what Hubspot had to say -

Akismet is the best-in-class comment filtering system available today, one that monitors millions of blogs and forums and keeps up to date on the methods and tricks used by spammers in real time. Akismet has prevented over 30 billion spam comments from appearing on websites over the years, and now HubSpot is also offering you this same high level of protection.

Now there are few services like Akismet, although Akismet seems to be the most effective till this point of time. Although, it’ll be fun to test these services at a bigger level. Here’s the list of anti-blogspam services -

Till this time, I’m kind of sold for Akismet & Defensio – do let us know what you think about them.

Varnish + Apache = Is it better than Nginx?

Well, that’s one question whose answer is yet to be figured. I recently managed to setup a VPS of 512 MB RAM with NGINX, PHP, MySQL, APC along with WordPress Multisite + Custom domain mapping and it all works great! The server is running without any issues and handling decent amount of traffic. The setup doesn’t have WP Super Cache, however I reckon that if I throw WP Super Cache in it then it’ll become one ultimate server setup for hosting WordPress sites.

Although I’m wondering if the whole setup can be just be replaced by Varnish + Apache and the reason, it got me thinking was because I recently stumbled across the article by Donncha, Developer of WP Super Cache. He recently installed Varnish along with Apache and has seen good results. Here’s why Donncha did this setup even though he was on NGINX setup a while back -

I have tried Nginx in the past but could not getting it working without causing huge CPU spikes as PHP went a little mad. In comparison, Varnish was simple to install and set up.

One of the reasons, why a developer will prefer this setup over Nginx setup is because Apache has better support available on the internet and works flawlessly with WordPress. Anyway, if you are the one who loves to play around with servers, are using Apache and want to please your server by removing the load on it then follow this article.

I hope you’ll enjoy this roundup. I’ll continue with these kind of roundups from now on to keep you all up to date with the best links and articles from the WordPress community.

Bookmark and Share

We all saw that how Osama’s death video malware was spreading on Facebook recently and created lot of trouble for the social network users. It’s sad to see that how anti-social elements are trying to socialize in their own manner! Anyway, I’m fully aware of such nasty tricks, so thankfully I didn’t become a victim, moreover, I keep myself safe with the help of fantastic software utilities by some fantastic individuals & companies! Let me share that how I keep myself safe from malicious websites and then I’ll share that how as a blogger/webmaster you should take the responsibility to keep your visitors safe.

Tools to keep yourself safe from malicious websites

1. Internet security softwares – There are some amazing internet security software both paid & free that are doing a fantastic job in keeping the users safe. I personally use Comodo’s free internet security software – even though it’s free – it’s got much more features and has better detection rate than even most popular paid internet security softwares! It’s got antivirus, antimalware, firewall, sandbox technology and what not, I recommend it to everyone.

2. Secure DNS solutionsOpenDNS, Comodo’s secure DNS are some of those services that deserve all the respect in the world! By just making small changes in your internet connection’s DNS settings, you can do tons of good to yourself! These services have a database of malicious and phishing websites and will automatically block them even if you happen to click on a dangerous link. I prefer Comodo’s secure DNS.

3. Web of TrustWeb of Trust is another such service that alerts you about the site’s reputation and the dangers associated with it. Facebook partnered with them, to alert it’s users for bad & dangerous links after it was raided by “social anti-social elements”. They have a plugin for major browsers which alerts users for bad links. It’s a must have for everyone!

4. McAfee SiteAdvisor – I’d be honest, I used to love Siteadvisor like anything, I still love it as it saves me from going to unreliable links and even shows the website’s reputation in search engine and thus allowing me to avoid possibly dangerous websites (It’s very much similar to Web Of Trust). However, now McAfee also install it’s toolbar and changes the search engine – that’s something it didn’t do earlier and I loved that way. Anyway, you can disable those things – so it still has my respect. It integrates well with major browsers and can be a great savior as you can see that which link can be dangerous even before you click it.

5. Sandboxie – Even though Comodo offers sandbox technology, I prefer to use Sandboxie. It’s a free tool that runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. Check out the Sandboxie’s website to know more about this fantastic concept! Again, it’s a must have!

These tools keep my pretty much safe from most of the threats and I’m thankful to the wonderful developers who’ve made them.

Be a responsible blogger and secure your WordPress now!

As a user, I was safe however as a webmaster, the incident got me thinking that how blogs and websites can also be targeted by malware & virus makers, not that they haven’t done in the past, however – this is where I see it growing even more and a much faster rate! There is a flurry of automated comment submitting softwares in the market, any malware maker can host the malware on a website and then submit the comments with that malicious link on thousands of blogs in a matter of minutes and an ignorant blogger/webmaster can approve the comment which may result in the following -

  • Infect website/blog readers’ computers.
  • Reduce site’s ranking in Google – Google doesn’t like site that promote malware!
  • Bad reputation of website amongst visitors.

These are some points that no blogger would like to see happening to them. I certainly wouldn’t want this happening to me either. So, I decided to find a tool that would alert me of a malicious link before I approve any comment or which scans the links in the comments & posts and gives a report so that I can take corrective measures against those links. Unfortunately, I couldn’t find one!

Then it hit me that why are security companies not making such a tool? Tools like Web of Trust, Siteadvisor, OpenDNS, Comodo’s secure DNS depend a lot on community’s feedback, they certainly are useful and keep people safe, however it takes some time before the community gets to know of a newly created malicious website, what if you visit those sites before they are marked as unsafe? Wouldn’t it be cool if the security companies made a tool, that integrates with famous content management systems like WordPress & Drupal and shows the reputation of outgoing links to the visitor before hand? Not only this will be a win-win situation for bloggers, webmasters & readers; it’ll be a win-win situation for the antivirus company as well -

  • Tons of free data about links. This will only strengthen their commercial offerings! They can directly block dangerous links for their software users.
  • Free marketing – If not for the data, they can at least get the free marketing about their company! If they’ll show reputation of the link then they can always show the following message below it – “Link’s safety checked by XYZ Security Tool“. As a webmaster, I wouldn’t mind such a message, as it’ll strengthen my reputation amongst my readers that I care for them!

I’d given up looking for the tool and had started hoping that some security company will come up with such a tool that’ll show me link security report and will also show the reputation of out going links to my readers. And well, then I came across BitDefender’s Antispam! It’s almost the tool that I was expecting and that too from a popular and reputed security company!

Why Bitdefender Antispam when I’ve got Akismet?

That’s the first question that came in mind when I read the plugin’s name, however I was super happy to find out that it’s almost doing the same thing that I was thinking about, it’s just that it doesn’t take the advantage of free marketing & doesn’t scan the links in the posts. Bitdefender has made this essentially an anti-spam plugin, however I think it’ll gain the edge over Akismet as it will also check if the links are malicious or are phishing sites. The plugin is in beta and doesn’t appeal in terms of usability at all, however I’m still running it for few weeks to see how well it performs in terms of detecting the spam! Of course, I’ll be sharing my experience in the next blog post. Installation instructions for Bitdefender Antispam. Will I suggest the plugin now? Like other security tools that I’ve recommended, I won’t recommend this for now – it certainly needs a face-lift! However, I’m sure by the time it’ll be out of Beta, it should be one of your anti-spam solutions.

Secure WordPress to avoid stupid hacks & avoid becoming owner of a malicious website!

There have been lot of posts written about as to how one can secure WordPress, I’ve covered this topic as much as I could. The guides that we’ve included will not be the ultimate solution for making the site un-hackable, however by following them you’ll save yourself from automated attacks and newbie hackers who try and hack websites for fun. Please follow these links to make your WordPress secure -

I hope that other security companies take inspiration from Bitdefender and well my marketing tip and come up with such powerful tools for webmasters. This way together we’ll be able to make internet a bit safe! After all, we’ll be able to block them at source itself! And I hope that if you’ve not taken steps to secure your WordPress installation, then you would do them right after you share this post on social networks ;)

Bookmark and Share

WordPress as we all know is the most fantastic blogging software and is turning in a great CMS. There are number of themes and plug-ins available on the internet and as its popularity is growing, many more designers and programmers are jumping in WordPress Design & Development. There are various cheat sheets and presentations available that are pretty useful in WordPress design & plug-in development, so we thought of listing most useful of the lot over here -

1. The WordPress Help Sheet

wphelpsheet

This wonderful Help Sheet contains information for the people starting with WordPress design and development. It contains commonly used simple php snippets for template files, header files and some more useful stuff. The document was created by WPCandy along with Liquidcity. However, the download link on WPCandy wasn’t working, so I’ve uploaded it on Scribd.

read full article →

Bookmark and Share

WordPress For Windows

Microsoft has always been criticized for not adhering to Open standards and not being active in Open-source community. However, it looks like Microsoft has tried a fair bit of things to ensure that their products work well with popular web applications. I personally believe that Microsoft’s web servers aren’t good enough for PHP/MySQL driven websites and moreover, the security concern is one of the biggest factors to avoid Microsoft Windows. When Linux servers aren’t safe then no doubt, it’ll be a bigger pain to manage Windows Servers for security.

Security is another topic, coming back to the point of Microsoft & WordPress, I was a bit surprised to see how Microsoft has bundled WordPress in Web Platform Installer along with various other popular web applications like Drupal, Joomla etc. Check out the list of application in the gallery. Although, I was happy to see that Microsoft has made this move, this should give confidence to those who find working with Linux web servers and web applications a bit difficult.

Microsoft & WordPress technologies shake hands!

1. WordPress on SQL Server : With the help of IIS 7, SQL Server Express and WordPress on SQL Server distribution, its possible to run WordPress easily on Windows Vista, Windows 7 etc. It’s not the simplest way to install it, however this great guide by Zach Skyles Ownes should take you home.

2. SilverLight Gallery Plugin – Microsoft has been trying hard to make SilverLight popular among developers and end users. This plugin can surely help them achieve this goal. If this plugin gets adopted by bloggers, then the end users will have to install SilverLight in order to ensure that they can view the image gallery on their browsers.

3. SilverLight Bing Maps – This plugin integrates SilverLight & Bing Maps with WordPress. This plugin lets bloggers to put their location with interactive maps like Google Maps on their blog.

4. Windows Azure Storage for WordPress – This plugin lets WordPress users to store their media files and static files on Windows Azure platform whose more popular alternatives are Amazon Web Services or Rackspace Cloud Files.

Why is Microsoft doing this?

The first question that comes in mind that why is Microsoft trying to make its technologies work with WordPress, Drupal or other PHP/MySQL driven web applications. Well, Zach has already answered this question -

I’m a PHP-bred Technical Evangelist at Microsoft, and I love the fact that PHP now runs great on Windows, SQL Server, Windows Azure and SQL Azure.  It’s exciting to see how Microsoft technology can light up WordPress, whether it’s through Silverlight image gallery plugins, Bing Maps integration or future opportunities with technologies like our information service, Dallas.

Business sense says that Microsoft is using these popular web applications to make its existing or new technologies popular amongst end users, bloggers and developers. However, the interesting part will be to see that how many bloggers & developers [the ones not sold to Microsoft's technology] will be keen in adopting these? I personally welcome this move by Microsoft, although practically I doubt that I would use any of these technologies as I’m already comfortable with the setup that I currently have. What do you think about this move from Microsoft?

Bookmark and Share

I’ve written a fair bit on the topic of securing WordPress based sites and blogs however, it seems that no matter how much I write, it still is less. There is hardly any week that goes by where I don’t hear about the horror stories from our clients and various other friends in the trade whose sites get infected with malware. After handling lot of such cases and doing some research about it, I found out that one of the major reasons why the sites get infected is because its webmaster’s own computer was infected with a malware.

I’ll be also listing various resources that can be used to further strengthen the security however, firstly I would like to put forth my views on the topic of why web-masters should use Mac or Linux. I would only list those points that are logical and none of them are influenced by any sorts. So here’s why I suggest so and how its easy to switch too -

1. To keep yourself safe from viruses :  I’ve used all three OSes and I’ve personally experienced that Mac & Linux aren’t prone to viruses as Windows is and the simple fact is that the market share of Windows is more than 90% and thats why almost every virus is targeted towards Windows Users. So, if you are using any of those two OSes you’d be safe from viruses and thus you reduce the chances of getting your website hacked.

2. For keeping others safe : As I’ve said that majority of cases that I’ve dealt are those where the webmaster’s computer was compromised. Moreover, once the sites are infected, they infect those computer who visit that site and that’s how they spread so quickly! Now, if at the first place the webmaster would have been using linux or mac, it would have ensured that at least they are not making the situation worse.

3. Switching is pretty easy – Most of the users give a reason that they won’t be able to switch because of the incompatibility issue and that they think that it would be pain to switch the platforms because of unavailability of ssoftware. I agree at one time it would have been difficult for most of the people, however web-masters specifically won’t find any issues in choosing these two platforms as most of their tasks are done online, else most of the software required have either a worthy alternative or if you are an open-source fan then you’d surely find most of them available for all three platforms. Here are some of the resources -

Try a gradual switch and start using these OSes and if you really want to run a windows software then you can try WineHQ or CrossOver (commercial) and most likely the software will work fine for you. If the software still doesn’t work and you don’t find any alternative then you can simply use VirtualBox or Parallels to run Windows inside Linux or Mac.

So when we know that for web-masters it can be easy to switch to Mac or Linux then why not use either of those two operating systems and keep yourself and the world safe from those malware? Anyway, enough of ranting – as I said that during my research, I did read quite a bit about security websites, so I would like to share that with you :

How to strengthen the security of your WordPress blog?

  1. Don’t forget to read my articles that I wrote a while back on the topic of securing wordpress.
  2. If possible switch your OS as soon as possible – Don’t think it as a stupid suggestion. Consider this one for sure!
  3. Restrict WordPress admin use by IP Address.
  4. Learn to restrict the FTP server access for specific IPs using VSFTPD – I know that not everyone gets a static IP address from their internet service providers, however use of VPN can certainly [I use StrongVPN] help you get over that problem.
  5. More security steps that can be done through htaccess file, here are some 11 more steps that you can use.
  6. Jeff Starr has created wonderful instructions for securing servers via htaccess and blocking the know malware techniques.
  7. Blocking spam is equally important – Chances are that some spam comment will have the URL to a site that is infected, so its important to ensure that no spam comment passes through.

What else can be done other than IP address, Htaccess tricks?

Some of WordPress’ cool features come from allowing some files to be writable by web server. However, letting an application have write access to your files is a dangerous thing, particularly in a public environment. It is best, from a security perspective, to lock down your file permissions as much as possible and to loosen those restrictions on the occasions that you need to allow write access, or to create special folders with more lax restrictions for the purpose of doing things like uploading images. In short we are talking about CHMOD settings of the server.

All files should be owned by your user account, and should be writable by you and any file that needs write access from WordPress should be group-owned by the user account used by the webserver. Of course, learning this can surely take some time, but if you really want to secure your server, then this is one thing you should focus on!

  • / — the root WordPress directory: all files should be writable only by your user account.
    • EXCEPT .htaccess if you want WordPress to automatically generate rewrite rules for you
  • /wp-admin/ — the WordPress administration area: all files should be writable only by your user account.
  • /wp-includes/ — the bulk of WordPress application logic: all files should be writable only by your user account.
  • /wp-images/ — image files used by WordPress: all files should be writable only by your user account.
  • /wp-content/ — variable user-supplied content: intended by Developers to be completely writable by all (owner/user, group, and public).
    • /wp-content/themes/ — theme files. If you want to use the built-in theme editor, all files need to be group writable. If you do not want to use the built-in theme editor, all files can be writable only by your user account
    • /wp-content/plugins/ — plugin files: all files should be writable only by your user account.
    • other directories under /wp-content/ should be documented by whatever plugin / theme requires them. Permissions may vary.

Plugins that I prefer for securing WordPress

1. WordPress File Monitor - Think of it as a watch dog! It monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address. So even if you add files using FTP, it will let you know. This is a fantastic way to ensure that no compromised file will go on server without going through its nose.

2. WordPress Firewall – I personally love this plugin. Of course, using this plugin means that you’d lose out on WordPress theme/plugin editing capabilities and few things here and there, however this plugin will ensure that everything will be super secure.

3. Block Bad Queries – Another gem from Jeff Starr. This plugin will ensure that your WordPress site will be safe from known vulnerabilities.

Well there have been countless number of posts on the topic of security and the worst part is that things aren’t improving a little bit. Its important to choose the right web-hosts as well. If this post of mine was a request towards web-masters, Mark Jaquith has asked web hosts to become more secure and to help web-masters in understanding the security of blogs/websites. It is one interesting read, so even if you are not a web host,  I would suggest you to read it.

What are your thoughts about changing the OS for ensuring safe and secure website? Do you think that one should go ahead and change their OS to ensure that their site will remain secure from malware to a large extent? Please share your thoughts in comments.

Bookmark and Share

Nearly a month is left before long awaited and much talked about WordPress 3.0 comes out. However, we are seeing a flurry posts on WordPress 3.0. Most of the bloggers are writing about this upcoming master piece, so I thought that I should write something about WordPress 3.0 too as Beta 1 has already been released. There are lot of new features in this release and I thought a small walkthrough won’t be bad!

Video for the Lazy Fellows!

Highlight Features of WordPress 3.0

  • New menu management feature – This feature will let users to build custom menus with ease. This feature was released as a plugin by WooThemes guys for their own framework, however after Automattic approached them, they allowed them to integrate this feature in WordPress 3.0. Isn’t that generous?
  • Improved custom post types, custom taxonomies including hierarchical support – As WordPress becomes the top choice in CMSes, it is getting lot of features that are focused towards easier and better management of content. Custom Post types and custom taxonomies will make things easier for WordPress consultants to customize the websites easily. Learn more about Custom Post Types in WordPress 3.0 over here.
  • Focus on Themes – New theme “Twenty Ten” will be the only default theme in WordPress. Kubrick & Classic themes will be removed although they’ll be available in the WordPress themes extend. Other than the shuffle of the themes, coders can also rejoice as they’ll get improved child theme support and a feature where bloggers and web admins will be able to update all the themes in one go. We
  • Standalone WordPress and WPMU code merged – So if you want multiple blogs on a single WordPress installation then it surely won’t be problem. You can configure WordPress 3.0 to host multiple blogs as sub-directory or sub-domain. If you are interested in using multiple domains on single WordPress installation then don’t forget to check out Domain Mapping Plugin by Donncha, lead WPMU developer. There is much more comprehensive guide on how to create blog network with WordPress 3.0 over here.

I’m sure now you’ll be convinced that you’d want to upgrade to WordPress 3.0 right away, however it won’t be available till next month i.e. May 2010. Although there are few other things that have changed in WordPress 3.0 and lets have a look at them -

Other Important Features in WordPress 3.0

1. Choose username & password at installation – As we have already discussed that keeping “admin” as the username is not cool but it makes life easier for hackers. To avoid this, WordPress 3.0 will let you choose your desired username during installation itself! Thanks WP Cookies for the image.

custom-username-password.jpg

2. Custom Backgrounds made easy – WordPress 3.0 will support custom background for themes. By adding only 1 line of code in functions.php of the theme, users will be able to change the background of the blog with lot of ease! This means that any user will be able to literally change the look of their blog in couple of clicks.

3. Introducing Super Admin – Till now, “Administrator” role was the top user and it was able to do all the tasks. However, now there is a new user role i.e. “Super Administrator”. This new user role will be able to manage everything from individual blog features to multi-site features.

Well, there are hell lot of new additions or changes that anyone would love to list in a blog post, however its practically impossible to do so. Some are even way too difficult to explain – however those who are interested in the nitty gritty of the development can head over here and check out the current development process.

I must say that I’m UBER EXCITED about the release of WordPress 3.0. One of the key reason is that WordPress 3.0 will help theme & plugin developers a lot. Its shaping up as a mature CMS and it certainly helps us in faster development. You won’t believe, I literally wish every day that it gets released ASAP! What are your thoughts about WordPress 3.0? Will it be able to compete with Drupal anytime in near future?

Bookmark and Share

vaultpress.jpg

From last couple of weeks, I’ve been trying to ensure that how WordPress can be secured enough to avoid any kind of malware attack. In the course, I found lot of new information about securing web applications and realized that how small and little settings can make and break things. While my struggle to know more about security was going on, I came across the launch post of VaultPress, a blog backup and protection service from Automattic.

Please note that the service has been announced in beta and is available for only few users. One can apply for the invite over here. It’ll be a premium service and while signing up you can also mention that how much are you comfortable in paying for this kind of a service. If I were to decide the price, I would keep it around $10/month. I’ve not tested the service myself, however we could gather all the information about VaultPress from the coverage it has received from the biggies like TechCrunch, ReadWriteWeb, Silicon Alley Insider, VaultPress blog and finally my favorite WordPress Tavern.

Features of VaultPress

1. Focused on WordPress.org users – WordPress.com is one of the most powerful and secure blog services around. However, same can’t be said for the users who use self hosted WordPress version on their own servers. There have been many horror stories in the past where many self hosted WordPress installs got infected from malware and much hoopla was created. VaultPress has been designed to work with self hosted WordPress to ensure that they can also get the quality backup and security service to avoid any mishap.

2. Real Time & Complete Backups – VaultPress is an all-in-one backup package. It will backup posts, categories, tags and rest of the data along with themes, files etc. Jeff @ WordPress Tavern reckons that VaultPress will face stiff competition from Backupify, BackupBuddy and other backup plugins. According to Matt, founder of WordPress, VaultPress will be able to make the backup instantly as soon as one would publish the changes on the blog or website.

3. Safeguards against Zero-Day Attacks – This is one feature that I would be most interested in as this is one feature that no one else is offering. VaultPress will be able to safeguard your blog against the Zero-Day Attacks focused towards WordPress. It will also monitor your site to alert you against any suspicious or hacking activity.

Well, keeping these features in mind. We can install few plugins that can help us achieve similar level of protection and that too free of cost. We just need to ensure that we configure the plugins in the right manner. Here’s the guide …

Get VaultPress Security Features Before Hand!

wordpress-backup.jpg

1. Automatic WordPress BackupThis little plugin saves all the important files including themes, plugins and database on Amazon S3. The plugin allows you to schedule the backup of the database or just files or if you want you can ask for the complete backup as well. The plugin will send you the confirmation messages over the email, so you will constantly be aware of the happenings. Amazon S3 can be used as a backup service for your blog’s important files and believe me in most of the cases this will not cost you more than $5/month. Only in case of large publishers this cost can be more than $15/month i.e. the indicative price of VaultPress. By the way, Amazon S3 can help you in improving the site load time as well, don’t forget to check our guide on how to optimize the WordPress blogs.

2. WordPress Firewall – This nifty plugin monitors changes in the files, attacks based on various Zero-day patterns. Of course, this is not the ultimate solution however, our experience has been pretty neat with this plugin. It did alert me whenever I tried to make any change in the theme files or plugin files. It didn’t allow the change until and unless I approved the change. Make sure that if you are planning to install this, then you may get lot of notifications. So keep the settings appropriate or use GMail filters for ease!

3. OSSECossec-security.jpgOSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. Of course, this is something which will not be as easy as installing WordPress plugins, however investing a little time on this can ensure that you’ll have real peace of mind in future!! There is enough documentation available for avoiding initial hiccups!

Of course, the first two plugins won’t ensure that you are getting instant and real time backups. However, a regular and weekly backup will ensure that you’ll be able to bring your blog back from a situation where nothing will look nice in the world. I hope you understand the point that i’m trying to make here! If you install OSSEC then I’m sure one could easily compare this setup with something that VaultPress will offer in future!

Isn’t it neat that you can enjoy the VaultPress like features even before you can get a hand on it or if VaultPress looks out of budget!

The success of VaultPress will depend on the following factors; 1) what will be the cost involved for end users and 2) how effective its monitoring system will be. I’m sure the takers of this service will be much more than any other similar service as it directly comes out from the makers of WordPress. However, personally I’ll be willing to test other services if they offer similar features at a competitive price. What are your initial thoughts on VaultPress.

Bookmark and Share