NOTE: This plugin is not currently being maintained
At Sqreen, our mission is to democratize security. To me, that means making security accessible to everyone. We’re often thinking about different ways to do that, so today I wanted to share a bit about a project I’ve been working on that can make application security available for more people.
The project is a WordPress security plugin that leverages Sqreen security features to protect your favorite CMS.
WordPress is easy to install and deploy. That’s why it is the go-to CMS for many organizations, from small businesses to large media companies. This popularity makes it an appealing target for attackers. They will usually try to distribute malware or ransomware, insert spam links, steal data or launch distributed attacks.
Automattic – the company behind WordPress – is doing a great job to improve the security of its software. You can now keep your WordPress patched with automatic updates, for example. This will protect you from recently discovered vulnerabilities.
There are also plenty of security plugins that will help you tackle specific security problems, including stopping spam, backing up data, blocking some basic attacks, or improving your security settings. In addition to these solutions, Sqreen can provide more visibility into user activity and advanced levels of monitoring and protection.
Protect your WordPress website with Sqreen
Prior to this plugin, you could already protect PHP applications such as WordPress with Sqreen. But for many WordPress users, setting up Sqreen is outside of their jurisdiction. Installing the agent requires sysadmin rights, and WordPress admins sometimes don’t have those or are in situations with shared hosting. For them, I set out to build a WordPress plugin that will give them access to some of the best Sqreen features without the need for sysadmin rights.
The plugin can be installed like any other WordPress plugin. No sysadmin skills required. Once installed, the plugin will start monitoring your traffic and user activity. This data, combined with the power of Sqreen infrastructure, will let you:
- Monitor user activity automatically (such as logins and signups)
- Track custom events with the provided SDK function
- Use this data in built-in playbooks or create your own playbooks to define security rules
- Receive alerts on things like ATOs
- Ultimately, block attackers
The plugin is currently available for beta testers only.
Sqreen WordPress security plugin beta available now
As mentioned before, the Sqreen WordPress security plugin is still in private beta. To apply for the beta, send us a message and we’ll get you set up. After the beta period, the plugin will be available in the WordPress repository for everyone to install.
Finally, if you want to use the full power of Sqreen, I strongly encourage you to look at the Sqreen PHP Agent. It can monitor and protect your WordPress website and any other PHP applications. The full version of Sqreen unlocks traffic monitoring, alerts for vulnerable packages, protection modules, and many more features.
If you are looking for more security best practices, check out our Resources section.