From last couple of weeks, I’ve been trying to ensure that how WordPress can be secured enough to avoid any kind of malware attack. In the course, I found lot of new information about securing web applications and realized that how small and little settings can make and break things. While my struggle to know more about security was going on, I came across the launch post of VaultPress, a blog backup and protection service from Automattic.
Please note that the service has been announced in beta and is available for only few users. One can apply for the invite over here. It’ll be a premium service and while signing up you can also mention that how much are you comfortable in paying for this kind of a service. If I were to decide the price, I would keep it around $10/month. I’ve not tested the service myself, however we could gather all the information about VaultPress from the coverage it has received from the biggies like TechCrunch, ReadWriteWeb, Silicon Alley Insider, VaultPress blog and finally my favorite WordPress Tavern.
Features of VaultPress
1. Focused on WordPress.org users – WordPress.com is one of the most powerful and secure blog services around. However, same can’t be said for the users who use self hosted WordPress version on their own servers. There have been many horror stories in the past where many self hosted WordPress installs got infected from malware and much hoopla was created. VaultPress has been designed to work with self hosted WordPress to ensure that they can also get the quality backup and security service to avoid any mishap.
2. Real Time & Complete Backups – VaultPress is an all-in-one backup package. It will backup posts, categories, tags and rest of the data along with themes, files etc. Jeff @ WordPress Tavern reckons that VaultPress will face stiff competition from Backupify, BackupBuddy and other backup plugins. According to Matt, founder of WordPress, VaultPress will be able to make the backup instantly as soon as one would publish the changes on the blog or website.
3. Safeguards against Zero-Day Attacks – This is one feature that I would be most interested in as this is one feature that no one else is offering. VaultPress will be able to safeguard your blog against the Zero-Day Attacks focused towards WordPress. It will also monitor your site to alert you against any suspicious or hacking activity.
Well, keeping these features in mind. We can install few plugins that can help us achieve similar level of protection and that too free of cost. We just need to ensure that we configure the plugins in the right manner. Here’s the guide …
Get VaultPress Security Features Before Hand!
1. Automatic WordPress Backup – This little plugin saves all the important files including themes, plugins and database on Amazon S3. The plugin allows you to schedule the backup of the database or just files or if you want you can ask for the complete backup as well. The plugin will send you the confirmation messages over the email, so you will constantly be aware of the happenings. Amazon S3 can be used as a backup service for your blog’s important files and believe me in most of the cases this will not cost you more than $5/month. Only in case of large publishers this cost can be more than $15/month i.e. the indicative price of VaultPress. By the way, Amazon S3 can help you in improving the site load time as well, don’t forget to check our guide on how to optimize the WordPress blogs.
2. WordPress Firewall – This nifty plugin monitors changes in the files, attacks based on various Zero-day patterns. Of course, this is not the ultimate solution however, our experience has been pretty neat with this plugin. It did alert me whenever I tried to make any change in the theme files or plugin files. It didn’t allow the change until and unless I approved the change. Make sure that if you are planning to install this, then you may get lot of notifications. So keep the settings appropriate or use GMail filters for ease!
3. OSSEC – OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response. Of course, this is something which will not be as easy as installing WordPress plugins, however investing a little time on this can ensure that you’ll have real peace of mind in future!! There is enough documentation available for avoiding initial hiccups!
Of course, the first two plugins won’t ensure that you are getting instant and real time backups. However, a regular and weekly backup will ensure that you’ll be able to bring your blog back from a situation where nothing will look nice in the world. I hope you understand the point that i’m trying to make here! If you install OSSEC then I’m sure one could easily compare this setup with something that VaultPress will offer in future!
Isn’t it neat that you can enjoy the VaultPress like features even before you can get a hand on it or if VaultPress looks out of budget!
The success of VaultPress will depend on the following factors; 1) what will be the cost involved for end users and 2) how effective its monitoring system will be. I’m sure the takers of this service will be much more than any other similar service as it directly comes out from the makers of WordPress. However, personally I’ll be willing to test other services if they offer similar features at a competitive price. What are your initial thoughts on VaultPress.