The perfect UX, speed and security are three pillars of a healthy WordPress website. In this post, we’ll be talking about one of them – security.
I believe I won’t exaggerate saying that you should be totally obsessed with the website security. In particular, if you accept online hotel booking payments, looking for the ways to improve the guest experience and, trivially, want to sleep easily at night, you should start taking care of the website security.
But if you don’t know where to start, start with a diagnostic test.
I’m going to tell you about Security Ninja by Web Factory Ltd – a free WordPress security scan plugin that runs security checks on your WordPress website. This handy utility can help you inspect your WordPress website and discover potential security issues automatically. It’s been around since 2011 serving thousands of WordPress websites of all sorts.
It’s important to understand that the plugin provides you with just suggestions on how to enhance your WordPress website security by pointing out to potential threats. Running checks with a free Security Ninja plugin, nothing is fixed automatically. Since it’s a reporting tool, you can assess each check and define whether it requires instant actions. It’s Yoast for security, if you will.
Technically, it saves you a lot of time learning all security measures you may put in place. Trust me, it’s impossible to learn all that stuff in a day.
Put simply, the goal of the plugin is to provide a deep website security analysis in seconds, not weeks. Moreover, shaping the results to your specific website.
Therefore, I think it sounds like a good solution to homeowners who build their websites without extra help and need to understand basic security measures.
Also, this plugin will show the most accurate results for public, production websites. So if you are still under the maintenance mode, it’s not recommended to use it since you may lose sight of the bigger picture.
Security Ninja plugin will work with any theme, including any WordPress rental property templates by MotoPress you may use.
Check out our guide on how to increase a vacation rental WordPress website traffic!
How to run Security Ninja plugin to scan WordPress for vulnerabilities
Once you’ve installed and activated the plugin, you are prompted with a quick guide on where to start: you can begin analyzing your website security right away by heading over to Tools > Security Ninja. That’s an awesome user experience that significantly speeds up your workflow since you don’t need to search the starting point through the entire WordPress dashboard. I’ve seen this forward-looking approach in several WordPress plugins from the Web Factory Ltd team.
Or, you can simply start analyzing your website from the Plugins > Security Ninja > Analyze website.
Once more, these checks are just the suggestions of the expert algorithm, which is based on the Web Factory’s own observations, research and analysis.
There are several important security angles you can take a look at with this plugin. However, the free version comes with basic security tests, whereas the Pro version enables you to go deeper into the whole bunch of security aspects.
I’m going to run ‘Security tests’ available in a free package and tell you more about the paid options later in this post.
From the starter screen, click on the ‘Analyze site’ button. It will take some time to generate a report.
Once checked, you’ll be presented with a comprehensive report.
It’s very straightforward and clearly systematized so that you can check each point bit by bit.
The main checks include installation parameters tests, file permissions and database configuration tests:
- Automatic WordPress core updates
- Plugin updates
- Deactivated plugins
- Theme updates
- Deactivated themes
- PHP version
- Password strength
- Failed login attempts
- Strength of WordPress database password
- Lots of database checks
- Server vulnerabilities, etc.
So far, there are 50+ checks you can perform and analyze. The results are focused on optimizing your database, preventing brute-force attacks and security vulnerabilities.
Each test comes with a title, status, result and, the most important thing, details you can expend and get a better idea of how to fix the problem.
For example, my test showed that there are at least 4 plugins that should be updated on my website. The ‘failed’ status next to this check hints that it’s not a good idea to ignore this fact. To find out more, click on the “Details” button and learn that:
“Keeping plugins up to date is one of the most important and easiest ways to keep your site secure. Since most plugins are free and therefore their code is available to anyone, having the latest version will ensure you’re not prone to attacks based on known vulnerabilities.”
It’s that simple – the Security Ninja plugin scans for vulnerabilities and presents solutions!
And such a detailed info is available for each test-run. You are also advised to use an auto fixer for each issue, but this is a paid module. However, I think you can get by without it since it’s a better option to take actions selectively, consciously (at least for parameters that don’t require technical knowledge).
I think even those more techy solutions are completely doable. In most cases, you’ll just need to replace, add or edit code snippets in the website files via FTP or child theme. Like in the following example:
Overall, if you need a quality free solution to scan your hotel website for vulnerabilities, give a shot to Security Ninja plugin by the team that learns the WordPress security for years. Pick their brain for free.
Security Ninja Pro
You are the only person who can pinpoint whether you need the all-inclusive from this plugin. So let’s dig deeper into all the extra tools and benefits the Pro version can yield.
- Core scanner – this module compares all your core WordPress files (over 1,200) with the secure master copy maintained by WordPress.org
- Cloud firewall is an extra security layer that automatically protects your website from banned IPs (there is a database of millions bad IPs) and from brute-force attacks.
- Auto fixer will help you fix the majority of issues automatically (not everything, because some problems are too complex), so that you don’t need to sacrifice your time on going through each manually.
- Database optimizer is designed to help you analyze and clean up garbage database data in order to speed up a website.
- Malware scanner will help highlight suspicious code. However, taking into account that it may be just the code that looks bad, it’s highly recommended to check the files manually after the scanning.
- Events Logger is the ultimate log reporting tool to help you track and record all actions on your WordPress website. You’ll be able to see all details like IP address, action description and more about all website interactions. I think it’s a foremost helpful thing for multi-user websites or WordPress Multisite networks.
All these modules are packed with all available Pro bundles, you can’t get them separately. If you have only one website and would like to employ the functionality from the vast majority of premium modules, there is a single site license you can grab for quite an affordable price of $29. One more privilege of a paid version is that you will get access to human support, which can be crucial in some decision-making situations.
There is no ultimate WordPress security plugin or measure you can put in place and secure your website once and for all, but each small step towards a higher security level should be part of your website maintenance routine.
If you are an absolute beginner and a solo manager of your rental property website, you can scan your site for vulnerabilities by running a simple and free Security Ninja WordPress plugin. The security report will help you identify potential threats specifically for your website, create a further website protection strategy and in some cases even prevent the most common security breaches.