Security Plugins for WordPress on IIS Server

  • Hello All

    After having my site hacked twice in as many months I decided to search and install some security plugins but only to realise that many of the plugins write to the .htaccess file to secure the site but, because my WordPress site is running on IIS server this isn’t going to work in my case.

    My question is does anyone have any experience with this? Is there any security plugin out there for IIS based servers or any information that can help me protect my site?

    • This topic was modified 6 years, 10 months ago by Taner Temel.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator t-p

    (@t-p)

    You may want to implement some (if not all) of the recommended security measures.

    Security plugins should prevent a malicious request from completing regardless of there being a means of blocking the IP address. Pareto Security for example (my plugin) does this by default.

    • This reply was modified 6 years, 10 months ago by te_taipo.

    All the general good security practices apply – non-obvious admin name, strong password, keep everything updated, regular backups just in case. CloudFlare – even the free tier – offers some security benefits independent of hosting software. But … have ya considered moving to a LAMP stack or similar? WP will run on IIS, but my understanding is most plugins and themes are not tested on IIS. So, its gonna be hit and miss. Some stuff will work, some may not, some may seem to work but be glitchy. WP only really lives happily on LAMP or similar.

    Thread Starter Taner Temel

    (@clu55ter)

    Thank you all for your response, @te_taipo I install and activate Pareto Security seems to work without a problem but the message in Pareto Security dashboard says + Status: Standard Mode + Your .htaccess is configured correctly. But my understanding is that IIS does not utilise .htaccess file so is there any advantage of this plugin on IIS server?

    @acstudent is there any hard evidence of your statement or is it your opinion?

    Thanks again for your input!

    @clu55ter

    my understanding is that IIS does not utilise .htaccess file so is there any advantage of this plugin on IIS server?

    What Pareto Security does as a primary task is to detect attacks against the PHP code in WordPress and prevent these attacks from executing. Secondly it can add the ip address of the attacker to .htaccess block list thus frustrating a targeted attack.

    So its principle function is where it is most useful. Any security plugin should at its core do the same regardless of whether it adds the attackers IP address to a black list or not.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Security Plugins for WordPress on IIS Server’ is closed to new replies.

Tags