02. März 2016

Bulletproof your WordPress Website with the Best WordPress Security Plugins

Have you ever gotten one of your sites hacked? If not, then just the idea of it happening is very terrifying. Believe me, we got around 10 websites hacked using WordPress on other servers from clients.

Don't get me wrong, WordPress is great and a very secure platform. But still you don't want to lose your WordPress site due to a security hole inside a theme or plugin. There are many ways your site can get hacked. SQL database injections and brute force logins are just some ways a hacker can enter your site to do harm.

Sadly, there is always going to be attackers that will try to hack your site. But don't worry, with the following tips you will get a better night sleep. Resting assured that your site is bulletproof.

Since WordPress is very popular, around 20% of the world websites are built with WordPress, is a great target for hackers. The WordPress core is very secure but still can be hacked.

That's why many great developers have built special plugins to secure WordPress against attacks.

Like other WordPress plugins, there free and paid options. But even using the free options you are going to get a tighter and more secure site.

 

Here is a list of the best WordPress security plugins to use:

iThemes Security

  iThemes sec1

iThemes Security, formerly known as Better WP Security, will hide essential files from your WordPress installation, prevent brute force attempts to enter your site and more.

This plugin will also make sure you are using a strong password for your administrator user roles. Insecure passwords are one of the first reasons a WordPress site gets hacked.

First, the plugin will ask you for some initial configuration. You can see the nice addition of One-Click Secure.

  iThemes sec2

It will also detect any suspicious changes done to the WordPress core files, prevent bad search bots from accessing your site. And also, run a scan to search for known malware.

The plugin is maintained by iThemes which is a brand known for making great WordPress plugins. And making quick updates to patch security holes.

iThemes security has both a Free and a Pro version. There Pro version will allow you to get more layers of protection:

  • Two-factor authentication
  • Geo-localized IP login (Ban countries from login page).
  • Generate strong passwords.
  • Malware scan and scheduling.
  • Track User Logins.
  • Set passwords expirations.
  • When a WordPress core file is changed it will do an online file comparison.
  • Google reCAPTCHA integration to protect your site against spammers.

 

Bulletproof Security
bulletproof sec1
This is a free plugin that has more than 100.000 active installs from the WordPress repository. One of the best features is it's One-Click Setup Wizard.

bulletproof sec2

This plugin makes fixes in the .htaccess file to protect important WordPress core files like php.ini and wp-config.php. Since the .htaccess file is processed by your server before any other code it will stop attackers from reaching the PHP code from your WordPress installation.

This plugin also helps you prevent SQL injection, which is used to add unwanted content to your website.

You will have an extra layer of security installing and configuring Bulletproof Security.

Similar to iThemes Security, BulletProof Security has both a free and Pro version. The Pro version will allow you to do:

  • One-click setup wizard.
  • Real-time file monitoring.
  • Database backups.
  • Database monitor.
  • Make a custom php.ini file for extra security.
  • Get error logs for PHP, HTTP and Database monitor.
  • Quarantine Intrusion Detection & Prevention System.

 

Plugin Vulnerabilities

vulnerabilities1

A plugin that hasn't been updated in a while could have been exposed to a vulnerability. This plugin scans all your plugin directory and compares it to a list of all known security vulnerabilities.

You will get an alert if it founds a match with a frequent security vulnerability.

vulnerabilities2

Keeping all your plugins up-to-date is a good call.

 

Login Lockdown

login lockdown1

One of my favorite security plugins and part of my essential plugins pack to install on a fresh WordPress site.

With this plugin you will be able to prevent brute force logins. The way it works is that it logs the IP from all failed logins to the site. If many failed logins happen in a determined amount of time the plugin will lock that IP, preventing further access.

This way the hackers can't use bots to guess your password.

 

All-in-One WP Security & Firewall

allinone1

All-in-One WP Security & Firewall is a nice and user-friendly security WordPress plugin. Once you install it will present you with a list of features you can implement.

You will get a separate panel to manage the following features:

  • User accounts security.
  • User registration.
  • Database security.
  • File system security.
  • Blacklist manager.
  • Firewall.
  • Brute force prevention.
  • Spam prevention.
  • File change detection scanner.


The plugin has a nice security strength meter to measure how good your security is. And what needs to be done to improve it.

allinone2

From the plugin's dashboard, you can check which critical features needs to be activated.

allinone3

All-in-One WP Security & Firewall gets updated very frequently which is essential for a security plugin. Also, the plugin is 100% free.

 

Wordfence

wordfence1

Wordfence is very popular in the WordPress repository, with more than 2.5 million downloads.   

Some of the features of this security plugin include:

  • Real-time blocking of known hackers.
  • Block malicious networks with advanced IP settings.
  • Two-factor security account login.
  • Block robots that attack your site.
  • Scan all WordPress essential core files.
  • Scan for all backdoors and security holes your site have.
  • Implement a firewall to prevent malicious attacks.

Wordfence will help you to know if your site has been hacked. The plugin does this by scanning your WordPress core files and comparing them to the official versions. You can detect most virus and malware this way.

wordfence2

wordfence3

With the premium version, you will be able to do scheduled scans, IP country blocking and get dedicated support. Wordfence Security is on our server a default installation.

 

Sucuri

scuri1

The main feature of Sucuri is to compare your files with original WordPress repository files to see if there is any unwanted change.

This plugin is not for beginners since it manages language made for advanced developers and site managers.

Some of the features include:

  • You can scan all your WordPress core files.
  • Get a log of all logins including IP's, time and dates.
  • If your site has been hacked, you can change all username and passwords for instant security.

With a subscription, you can make anti-virus and malware crawls in a determined amount of time.

scuri2

 

Bonus Plugin: Akismet

akismet1

While it's not exactly a security plugin, it works great preventing spam. Akismet will help you fight the spam your site receives from comments and contact forms. You only have to register on the site for a key and paste it on the plugin.

akismet2

Since it's free, it's worth having it on all your sites.

 

Additional Security Measures to Protect    
In addition to installing and configuring all these plugins, you still need to take some precautions. To protect your site further keep all your administrator, FTP and hosting passwords in a secure place.

But even with all the security plugins you install on your site, bad things could still occur. There is always going to be hackers that want to enter and play with your website. That's why you need to bulletproof the entrance to your site.
I recommend you to start making automatic daily backups of your site, that includes the database and all the content files. This is another layer of protection you can add to your site.

You can get the backups feature for free with many good hosting providers. I assure you that having daily backups will help you sleep better at night.

  • Keep your WordPress always up-to-date.
  • Update all your plugins frequently.
  • Don't use admin as your administrator username.
  • Daily backups of database and all WordPress installation folder.
  • Get a good hosting that cares about security.

 

Now you have the power to protect your WordPress site against hackers and intrusions.

On our WebHosting we provide you a secure WordPress Installation with daily backups, Wordfence Security installed, Akeeba Backup for manual Backups and of course always the latest release of WordPress. Feel free to ask us now.

 

Get a secure WordPress Hosting now





Schreibe einen Kommentar

Bitte achte darauf, alle Felder mit einem Stern (*) auszufüllen. HTML-Code ist nicht erlaubt.

team work2