Top 5 security plugins
WordPress is the most popular blogging platform in the world. WordPress pushes updates to patch all the known vulnerabilities, but third party themes and plugins make WordPress vulnerable. Strong passwords and keeping WordPress core files up to date cover only a small percentage of the total vulnerabilities. Other things that need to be considered include:
- Server vulnerabilities
- Theme security
- Plugin security
- File permissions
- Database security
- FTP vulnerabilities (securing specific files like wp-admin, wp-config and wp-includes)
WordFence is one of the most popular WordPress security plugins. It continuously checks your website for file changes, code injections, malware or known backdoors by scanning all the files of your WordPress core, theme and plugins. If it finds any kind of infection, it will notify you. The premium option offers advanced scanning options so you can coordinate scans with low traffic periods. Wordfence specialises in two-factor authentication, blocking IP addresses and country blocking and redirects.
2. iThemes Security (formerly Better WP Security)
iThemes Security offers both a free and premium version which covers most of the common security threats including brute force protection, scanning for file changes, two-factor authentication, password expiration and ticketed support (pro users only). If you’re installing the plugin on an existing site, there is a possibility that some of the changes might break your site. Of particular concern are the changes made to the database and changing the path of your wp-content directory. Make sure you backup your website before activating the plugin or enabling any new features.
3. All In One WP Security & Firewall
This is widely considered to be the top free WordPress security tool. This plugin is easy to use and reduces the security risks by adding recommended security practices. Using a convenient grading system, the main dashboard has an indicator that ranks your current level of security depending upon how many features are currently enabled. It protects against brute force attack and monitors the account activity of all users and keeps track of username, IP and login date time.
As is the case with iThemes security, there is a risk that installation of this plugin could break your site. To reduce the likelihood of this happening they have implemented three categories of changes – basic, intermediate and advanced. The basic features are relatively safe to activate while the intermediate and advanced changes have the potential to break some of your website’s functionality.
4. BulletProof Security
BulletProof Security offers two versions of their plugin – free and premium. This plugin comes with a four click setup interface and it limits failed login attempts and blocks security scanners, fake traffic and IP blocking. It protects against brute force attack by scanning all the files of your WordPress core, theme and plugins. In case of any known infection, it notifies admin.
5. Sucuri Security
This plugin is designed primarily as a method of alerting you to potential problems with your site. It offers various security features like security activity auditing, file integrity monitoring, malware scanning, blacklist monitoring, and website firewall. If you are willing to pay, you can opt for the premium service. They are a well known web application security company so you can get better service and advice.
If you have concerns about the security of your wordpress site please contact me.Tags: Blog, Blogging, Plugins, Security, Small Business, Wordpress