WordPress security is not good enough – what can you do?

12 Oct 2016

Paul Goodchild, founder of Fernleaf Systems. Image: Fernleaf Systems/TechWatch

WordPress security measures are notoriously dysfunctional, but luckily, Shield has arrived to make protecting your website a lot easier. Emily McDaid finds out more.

Although WordPress powers more than 25pc of all websites, WordPress security plug-ins are clunky and notorious for taking websites down.

Criminal and malicious hacking impacts 10m websites a year. Hackers will take sites over and mask them as phishing sites, embed spam links, or just cause destruction for the fun of it. What makes it easier for them is the fact that SMEs don’t typically have a strong grasp of security or why they need it.

Computer scientist and entrepreneur Paul Goodchild, from Belfast, is on a mission to fix this problem and make the world’s websites more secure and easier to manage.

Goodchild said, “Lacking robustness in their architecture, the WordPress plug-ins that companies use to protect their sites from malicious attacks can render their websites completely unusable. When this happens, someone with a lot of IT experience is required to fix it. My clients were coming to me with common breakages, so I decided to build a better security solution.”

Goodchild’s single-founder business, Fernleaf Systems, sells products with three functions for WordPress sites: a single control dashboard for managing multiple sites, a backup solution based on FTP that’s superior to typical WordPress backup, and his new security plug-in: Shield.

Shield is a completely free plug-in that anyone can download and use. It sufficiently impressed the judges of the Invent 2016 Awards, and was a worthy finalist in the Enterprise Software category.

Revenues have increased by 55pc in the past 12 months. Ranked 4.9 out of 5 stars by its users, it spiked at 12,000 downloads per day, with nearly 1m downloads in total.

Shield yourself from attack

Shield is based on a lightweight but robust security solution, making it simple to take back control of a site after an attack.

A full list of features of Shield are available online, but its strengths include a ‘Super Security Admin’ – whereby the plug-in protects itself against tampering either by other code or admins who don’t know how to use security plug-ins. It also offers IP black listing to block repeat offenders, protection against brute force login attacks, 100pc comment spam protection by automated bots, and no site lock-outs.

But the real potential of Shield could be its ability to protect more than one site at a time.

The future of Shield

Goodchild said, “My vision is to create the first scaled-up security plug-in for WordPress.”

The scaled-up version – while monetising the plug-in – would enable website managers to control security for several sites at once.

“It doesn’t make sense that the bots and the hackers are scaled, but security isn’t. A single security control is missing in the WordPress ecosystem – I want to change that,” said the entrepreneur.

Goodchild aims to have the first version ready this winter. “When we do seek funding it will probably be in the region of £250,000, to cover marketing and development costs,” he concluded.

By Emily McDaid, editor, TechWatch

A version of this article originally appeared on TechWatch

TechWatch by Catalyst covered tech developments in Northern Ireland

editorial@siliconrepublic.com