73 million websites are built using WordPress and this number is growing exponentially every day. Hence, today it’s pretty important to be aware of the excellent WordPress Security Plugins available for use.
WordPress has matured into far more than the Blogging system it set out to be. Today it is the most commonly used content management system for building websites, which also have the capability of delivering Blog posts to a site visitor. With this in mind ensuring that your WordPress driven website is kept safe and secure, by installing and configuring one of the excellent WordPress Security Plugins available, is a very sensible thing to do.
While the WordPress core is very secure, regretfully this security level can be seriously degraded due not keeping the WordPress core up to date, installing a nasty plugin or a bad theme or both.
If you’re running your website on an old version of WordPress, for whatever reasons, or if you’ve installed a bad plugin or theme, then your WordPress driven site is truly vulnerable to hackers, who unfortunately enjoy infecting, misusing and/or defacing websites just for the perverse pleasure it brings them.
If you have a WordPress driven website then I strongly recommend that you install and configure a WordPress security plugin to harden your site against all but the most determined hackers.
Here’s a list of 6 excellent security plugins that can help make your WordPress website pretty secure.
NOTE: Having said that, do register that nothing makes your WordPress 100% secure, but using a security plugin really makes a hacker work very hard to gain control of your website hence the chances are they will just leave your site alone and move on to easier pickings.
iTheme security, was formerly known as Better WP security is a popular WordPress security plugin. This plugin provides 30+ ways to protect the WordPress website from malicious attacks.
It strengthens user credentials by fixing common loop holes and automated attacks. The plugin is available in both free and premium versions. Both have same feature but premium version include few more features like two-factor authentication, Geo ID banning and user action logging.
- Creates a backup of Database files before securing your site
- Prevent brute force attacks by locking up all the users who are trying to access your website with invalid login attempts
- Monitors your site and records all the changes that are made in database and file system
- Block all the users who add malicious code to your site or try to access your site. It allows only admin to access the website multiple times
The all in one WP Security and Firewall is a comprehensive WordPress security plugin. This plugin protects your website by checking vulnerabilities and implementing the latest security techniques to help take care of the vulnerabilities it identifies as far as is possible.
Provides three security levels – basic, intermediate and advanced.
If you’re using basic security then you’re secure and the plugin does not break your site’s functionality.
NOTE: If you’re using intermediate and advanced security level, the plugin may break the site’s functionality depending on its set-up.
Prevents Brute Force login attack by locking out any user who is trying to access your website’s Admin dashboard via multiple invalid login attempts. The plugin displays a list of all the locked out users.
The plugin has security strength meter. This helps keep you informed of the current level of your website security. The plugin alerts you if any of the WordPress files are changed. This can be blocked immediately using a single mouse click.
My choice for great WordPress security is Wordfence.
This is a WordPress security plugin with over 2.5 million downloads. That speaks well of the utility of the plugin. The plugin scans for hacked files and monitors the access of visitors to your blog. It includes a firewall, virus scanning and new cache engine that secure your blog from malicious attacks.
Wordfence, monitors robots who are trying to affect your blog. It scans your blog once every hour.
It has the ability to recover the WordPress core files of your Blogsite just in case these have been infected due to one reason or the other. This feature is available in both free and premium version.
Wordfence scans WordPress posts, comments and malicious URLs.
You do not need to enter an API key in free version.
If you want to secure your website with some more features then you can also try the premium version of this plugin. The premium version of this plugin includes two-step authentication, country blocking, scheduled scanning and more.
BulletProof Security is another popular WordPress security plugin. This plugin provides 1-click security solution. The plugin allows you to protect the wp-admin folder of your WordPress website. This plugin secures your website against RFI, CRLF, XSS, Code injection and SQL injection hackings.
- The plugin uses .htaccess security protection that protects key file such as wp-config.php, php.ini and many other WordPress files
- Records and displays the number of WP admin dashboard login attempts
- It readily provides information to your visitors if your site is in maintenance mode
- It alerts you via Email when it detects any malicious activity occurring on your WordPress driven site
Author: Henrik Schack
Google Authenticator is a very popular security plugin for WordPress. It offers you two-step authentication using the Google Authenticator app for iPhone, Blackberry and Android.
Enable 2-step authentication.
Generate new secret key every time to avoid risks.
Allow you to set any name that you want to appear in Google Authenticator app.
Once you’ve installed and configured this plugin on your WordPress blog, you can set a QR code with the secret key.
Next, download Google Authenticator app on your smartphone or any other mobile device and enter that QR code. Once you enter a QP code your smartphone it will link your WordPress blog with your mobile app.
When you login into your WordPress Admin Panel (Dashboard), you have to open Google Authenticator app in your smartphone.
It will generate an ID code that you have to enter in the Google Authenticator field whenever you try to login into your WordPress Admin dashboard.
That way WordPress knows that its really you trying to access the Admin Dashboard.
Author: Daniel Cid
- Allows you to scan all WordPress core files
- It detects changes in WordPress core files and informs you
- Offer a last login feature, which allows you to see last logged in user specifying login time, date and user’s IP address
- Provides a post-hack option that allows you to change all usernames, passwords if ever your site was hacked into, which is a big help in securing your site
Need Help Using Any Of The Above Plugins?
If you ever need any help in installing and configuring any of the above WordPress security plugins on your website, use the – Contact Us – page to get in touch, I will be glad to try and do this for you completely free of charge. Let’s try and make our WordPress driven websites as secure as is possible one site at a time.
If you use some other WordPress security plugin, or if you’re using some other WordPress security process altogether, please share this information in the comments section below. This will be of enormous help to all the readers of my Blog posts. We will all be very appreciative and grateful, thanks.