Today I am doing a review of WP Site Guardian and a interview with the developer of this new WordPress plugin:
Ok lets be honest for a minute. Security is about as exciting as getting the oil changed in your car. Its also kind of the same sort of thing. Its preventative maintenance. Its something you do ahead of time in the hopes of avoiding a disaster later. In the case of an oil change you cars engine could blow. In the case of website security all sorts of bad things can happen. Once your site is compromised a visitor can steal your information, can use your hosting to send out spam emails, can track your visitors, can deface your site, can put malware on your site that automatically infects site visitors. All sorts of nasty things can happen. They can ruin your business, your domain name, and perhaps worse of all they can ruin your reputation.
WordPress, while definitely one of the most popular site management systems, and arguably one of the best, can unfortunately be particularly vulnerable to security issues. This is due to two specific things about WordPress. First of all it is an open source platform, which means that anyone can download the source code and search through it looking for vulnerabilities. Second is the fact that WordPress allows plugins. Something that its greatest strength and its greatest weakness. Unless your a professional developer, who personally checks every single line of code in every single plugin you install on your site, every time you install a plugin you may inadvertently creating a weakness in your site. You may be adding an opening, a backdoor, or a potential security hazard that may allow an hacker to take total control of your site.
WP Site Guardian is designed to protect against hackers in a way that other security plugins do not. While other plugins do standard things such as make sure someone does not try to ‘bruit force’ your account log in password, WP Site Guardian takes a more hands on approach. It monitors visitor and server activity and actively looks for suspicious behavior from any IP address or visitor that is accessing your website. When it notices suspicious behavior it logs it and continues to watch the IP address that its coming from. When a specific threshold is reached, that is when the plugin decides, based on your tolerance settings, that a specific user accessing your site is behaving a little to suspiciously it blocks that users IP address and locks them out.
Something that many people might not consider when selecting a security plugin is the fact that it is only as good as the developer who wrote it. WP Site Guardian was developed by Michael Thomas and I can say for sure that this guy knows his stuff when it comes to security. Given the fact that I have been a professional web developer for nearly 10 years now I tend to consider myself a fairly knowledgeable person. Despite this Michael has personally consulted me about security more than once. He has helped me by testing and helping me identify potential security issues (fortunately before there was an actual problem) on more than one of my systems. I’m not sure what better endorsement I can give the guy than to say that I use his services and expertise to make my own code and software more secure.
Using WP Site Guardian is a snap. If you really want to you can just install the plugin, activate it, leave its default settings as they are and your instantly protected. Of course if you like you can adjust its settings to your specific needs. Something I was pleased to see was that there are very clear and easy to follow tutorials built right into the plugin.
When I installed it on my site the plugin quickly found a couple of potential issues (from my theme) that I never knew about. It also tracked several hacking attempts and blocked one would be hacker who was tying to find a vulnerability on my site.
I did notice one error in my testing however. Which was related to the reporting graph. The graph shows the number of attacks, the total threat level of the attacks, and the number of IP addresses that the plugin blocked. Everything worked fine however it was showing the blocked IP address on the wrong date. I reported this to Michael and this is what happened:
Then a few hours later I got this message:
This is what happens when the vendor of a product is also the developer. You report a bug and there is no nonsense, no excuses, no waiting, just ‘thanks for the report’ then a few hours later ‘its fixed’. Very cool Michael.
So what do I think of WP Site Guardian over all? Well as I said: security is a preventative measure. Its something that most people don’t think of until after its to late. They wake up one morning and find their site is down, that their site is displaying crazy stuff, that they are locked out, or perhaps worse of all the see the ‘Google red malware detected’ screen and realize they where hacked weeks ago, have been unwittingly distributing malware to their visitors and Google has shut them down, and they wonder ‘how did this happen’? Well it happened be cause they did not worry about security until after they had an issue, and once they have an issue it can cost hundreds of dollars to recover from it, if they can at all.
I installed WP Site Guardian on my site for testing however after testing I can give it the best endorsement possible by honestly saying: this plugin is for sure staying on my site. As a well known software reviewer I got my copy for free, however if this was not the case I would have no problems buying it myself. Because of this its easy for me to rate WP Site Guardian as:
A quick note about the reviews on this site: I am an affiliate for every product I review. The vendors of these products give me them without charge in order for me to test them. However all my reviews are done as honestly as possible and I make no promises to the vendor prior to writing my review. Should you click a link on this site that takes you to a paid product this link will be an affiliate link and I will be paid a percentage of the sales price should you decide to purchase that product.