Blog

15 Dec 2016

10 Security Plugins for Protecting WordPress Websites

Tutorials / 18 Comments

Though WordPress is by far one of the most secure content management systems (CMS) around, it's popularity makes it vulnerable to attacks. In fact, each day Google blacklists approximately 10,000 websites for suspicious activity, and you had better believe numerous WordPress websites are included on these lists.

Despite the obvious risks, many WordPress website owners fail to worry about their own site's security until something terrible happens. They are then left to deal with the aftermath of a hack attack or malware infection.

Today, we are going to roundup some of the very best WordPress security plugins on the market so that you and your site can rest easy. With a little bit of configuration and some regular monitoring, you can protect your WordPress website from those trying to steal private information, use your website for illegal means, or undo all the hard work you put into your business.

1. AntiVirus

AntiVirus is a simple plugin that is self-explanatory. Hardening your website against attacks, malware, and spam injections, this security plugin automatically scans your website daily for problems. This includes a scan of both your theme files and database tables.

In the case that your WordPress website has experienced any suspicious activity, AntiVirus is set up to immediately send you a notification informing you of the suspicious activity. This way, you can take action quickly and resolve any potential problems.

Additional features of AntiVirus include:

• Virus alerts in the admin bar of your website
• Cleanup after plugin removal
• Translation ready
• Manual check of template files available
• Scheduled scans with prompt email notifications

PRICE – FREE

2. BBQ: Block Bad Queries

BBQ: Block Bad Queries is an advanced firewall plugin with multiple features for protecting your WordPress website. However, because BBQ deals solely with firewall protection, it is super lightweight and extremely fast.

To use BBQ, simply install and activate the plugin on your website and let it block your website from malicious URL requests. Checking all incoming traffic and quietly blocking bad requests, this powerful plugin is perfect for those who do not want the hassle of dealing with extensive plugin configurations.

Additional features of BBQ: Block Bad Queries include:

• Based on 5G/6G Firewall
• Scans all request types – GET, POST, PUT, DELETE, etc.
• Compatible with other security plugins
• Customize blocked strings
• No configuration necessary

PRICE - FREE

3. iThemes Security

iThemes Security has been a leading WordPress security plugin for some time now. With over thirty ways to secure and protect your website, this plugin works to lock down WordPress, fix common holes, stop automated attacks, and strengthen user credentials. For example, iThemes Security moves the default WordPress login page, enforces super-strong passwords, and blocks users after too many failed login attempts.

In addition, this plugin will monitor, detect, and report to you any changes in the filesystem and database that might indicate a compromise. There are plenty of reasons why this powerful plugin is one of the most widely used security plugins.

Additional features of iThemes Security include:

• Runs a scan for malware and blacklists on your website’s homepage
• Receive email notifications when a problem persists
• Hide common WordPress information to prevent information collection
• Regular website backup
• Ban those who have attempted other website hacks

PRICE – FREE

4. Sucuri Security

Sucuri Security is a globally recognized security plugin specializing in WordPress security. By automatically scanning your website for suspicious files and malware, this plugin goes one step further in comparing each scan to its original snapshot of your “good” website. Sucuri offers website owners an extensive monitoring log for viewing security breaches, and if something has been compromised, you can easily restore the files back to their original and non-infected state.

Designed as the ultimate security plugin, Sucuri boasts seven key security features: audit logging, file integrity monitoring, remote malware scanning, blacklist monitoring, security hardening, post-hack security actions, and security notifications. Altogether, these seven features are meant to protect your website to the fullest.

Additional features of Sucuri Security include:

• Removal of WordPress information
• Restriction of wp-content and wp-includes
• Verification of security keys
• Security logs maintained in Sucuri cloud
• Blocks user after multiple failed login attempts

PRICE - FREE

5. VaultPress

VaultPress is a premium security plugin designed by the talented team at Automattic. Secure, reliable, and extremely user-friendly, this plugin offers exceptional backup and security services to WordPress website owners. Scanning your site frequently for viruses and malware, VaultPress offers a one-click removal system once a compromise is discovered.

Moreover, you can schedule or conduct real-time backups of your website to easily restore it should your website become compromised beyond repair. The best thing about this feature is that you do not need the help of your host in order to restore your website when using VaultPress’ backup files, thus making the entire restoration process a lot easier.

Additional features of VaultPress include:

• Site migrations (transfers or duplicates) with one-click
• Automatic spam blocking
• Safekeeper Support for dealing with compromises
• Daily backups
• 30-day backup archives

PRICE – Starting at $99/year

6. Security Ninja

Security Ninja is a security plugin that literally kicks butt. Performing over forty security tests on your website with one click, this plugin identifies how secure your website is and then proceeds to implement protection measures where the weak spots exist.

Never relinquish control while securing your site with this plugin. Check for vulnerabilities on a regular basis and build your own preventative measures against discovered holes. Security Ninja performs tests such as version hiding, database configuration tests, file permissions, Apache and PHP related tests, and so much more. With this plugin, you can rest assured every aspect of your site is being scanned, monitored, and protected against hackers and malware.

Additional features of Security Ninja include:

• Prevent 0-day exploit attacks
• Proactively implement security measures
• Avoid script kiddie hacks
• Receive test explanations, documentation, and detailed solutions
• Test password strength

PRICE – FREE

7. Wordfence Security

Wordfence Security is a comprehensive WordPress security plugin offering website owners firewall protection, malware scans, blocking, live traffic monitoring, login security, and more. As the most downloaded WordPress security to date, this plugin will protect your site inside and out.

Powered by the constantly updated Threat Defense Feed, you can almost guarantee your site will never be hacked. However, if at all your site is compromised, you are immediately notified so you can resolve the issue quickly. In addition, Wordfence Security’s Live Traffic view gives you a glimpse into traffic and hack attempts on your website in real-time.

Additional features of Wordfence Security include:

• Identify and block malicious traffic before it hits your site
• Rate limit or block aggressive crawlers, scrapers, and bots during security scans
• Two-Factor Authentication capability
• Monitor disc space to prevent hidden DDoS attacks
• Compatible with major WordPress plugins like WooCommerce

PRICE – FREE

8. All In One WP Security & Firewall

All In One WP Security & Firewall is user-friendly and effective at protecting your website from security risks and vulnerabilities. For example, it provides you with a security point grading system to measure how well your site is being protected in that moment.

In addition, All in One WP Security & Firewall has three security rule levels – basic, intermediate, and advanced. This way, when you experience a compromise that needs fixing, you can apply the appropriate level of protection without sacrificing your website’s functionality and performance.

Additional features of All in One WP Security & Firewall include:

• Password strength tool
• Login Lockdown featured based on IP address or too many failed login attempts
• Manually approve all WordPress user accounts
• Backup original .htaccess and wp-config.php files
• Activate multiple firewall protections

PRICE – FREE

9. WP Security Audit Log

WP Security Audit Log keeps an audit trail of all changes made under the hood of your WordPress website. By tracking all of the activity that goes on, you are able to maximize productivity and avoid possible hacker attacks. In addition, identifying possible threats before they become a serious threat to your website can save you a lot of hassles in the long run.

Designed as a more hands on approach to website security, this plugin most notably tracks all of your website users. For example, monitoring user registrations, user roles, and edit attempts to published posts, you can spot security threats quickly and easily resolve them. Lastly, there are activities that will trigger a security alert in an attempt to fully protect your entire website.

Additional features of WP Security Audit Log include:

• Monitor user logins and logouts
• Watch those who publish a blog, page, or custom post
• Track those uploading or deleting files
• Investigate when posts or pages are trashed or permanently deleted
• Supervise where users are logging in from

PRICE – FREE

10. BulletProof Security

BulletProof Security offers a comprehensive approach to WordPress site security. For example, enjoy firewall security, login security and monitoring, database security and backup, and more. As a safe and reliable plugin, easily configure BulletProof Security on your website using the one-click setup wizard.

In addition, you can hide plugin folders, log all of your database backups, enjoy front-end and back-end maintenance modes, and even enable an idle session logout feature for those who are spending too much time on your site doing nothing. In the end, this simple but effective security plugin has the features needed to protect your site from unauthorized users.

Additional features of BulletProof Security include:

• HTTP Error logging
• UI theme skin changer (3 theme skins)
• Database backups (full, partial, manual, scheduled, email zip, or cron delete old backups)
• Auth Cookie Expiration (ACE)
• .htaccess Website Security Protection

PRICE – FREE

11.Pagely

As an added bonus, it is worth mentioning that some managed hosting providers include exhaustive security measures bundled into their hosting services.

Pagely is a managed WordPress hosting provider that takes website security seriously. In addition to the managed hosting services they provide all of their customers, they implement exclusive security procedures to ensure that your website remains uncompromised while under their care. Designed to harden and protect their networks, hardware, and software so your website doesn’t suffer because of attacks, Pagely's PressARMOR focuses on preventing all risks to their customers.

PressARMOR is Pagely's security measure that works to prevent and mitigate attacks against their customers using best security practices such as patching and firewalls. However, the team at Pagely doesn’t stop there. They also insist that all of their staff receive exceptional training and that they continually educate themselves about new security threats and emerging technology to combat such threats.

Additional features of PressARMOR include:

• Managed web application firewalls
• Brute force mitigation and rate limiting
• 2-factor authentication for core services
• Malware prevention and remediation
• System wide comment spam prevention

PRICE – Hosting services start at $99/month

Final Thoughts

In the end, taking any measures to protect your website from hackers, malware, and spammers will benefit you and your WordPress website. Do not rely on the security and stability of the WordPress platform to protect you from everything. No matter how strong WordPress is, there is always a chance your website can become compromised.

The damages incurred from failing to implement security measures onto your website are simply not worth it. With so many wonderful WordPress security plugins and services available for you to take advantage of, there really is no excuse for not protecting your hard work and private information.

Have you used any of the above mentioned WordPress security plugins to protect your WordPress website? What steps do you take to protect your WP site? Share with us in the comments what has best worked for you and your website's security.