Disclosure: We are a professional review site that receives compensation from the companies whose products we review. We test each product thoroughly and give high marks to only the very best. We are independently owned and the opinions expressed here are our own.
The one thing I see a lot of WordPress users doing is ignoring the security of their sites. I believe, security is as important as the valuable content you create for yours. If you ignore the security on your site, then someone can take control of your site, delete your content, or even lock you out of your site just for fun. – Image Source: Flickr
Security Measures
Let face it, built in security for WordPress isn’t the best. There are a few things you can do to change that.
First, you can you create strong passwords and have a unique password for each of your sites. Never have one generic password for sites. This is also a very good practice when it comes to securing your computer and other sites you log into.
Second, you can can make some changes to your web host, database files and add some code to help block unwanted guests from browser your backend files. There will be a post over this topic in the near future.
Third, you can install WordPress plugins that can help protect your system from internet threats.
WordPress Security Plugins
Below is a list of regularly updated security plugins for wordpress. Most plugins have been updated in the last few months, if one is needed.
Some of these plugins have features that do the same things. So make sure to download the plugins you like the best and research one to make sure they won’t interfere with the other security plugins you have installed.
1. AntiVirus
“AntiVirus for WordPress is a easy and safe tool to protect your blog install against exploits, malware and spam injections. Scan your templates now!” Some of the features include virus alert in the admin bar, clean up after plugin removal, daily scan, and more.
2. WP Security Scan
“WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions.” The scanner will check your passwords, file permissions database security and more.
3. Better WP Security
“Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.” This plugin checks for vulnerabilities, weak passwords, and obsolete software.
4. 6Scan Security
“6Scan Security is the most comprehensive automatic protection your WordPress site can get against hackers. Our security scanner goes beyond the rule-based protection of other WordPress security plugins, employing active penetration testing algorithms to find security vulnerabilities. These are then automatically fixed before hackers can exploit them. Our team of website security experts ensures your protection is always up-to-date and airtight.” Scan Security automatically scans and protect against SQL injection, cross-site scripting, CSRF, directory traversal, and more.
5. BulletProof Security
“WordPress Website Security Protection: BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. One-click Website Maintenance Mode (HTTP 503). Additional website security checks: DB errors off, file and folder permissions check… System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload… Built-in .htaccess file editing, uploading and downloading.”
6. WordPress Security
“Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.” WordPress is a free plugin, but it does offer a premium version can block countries and schedule scans at specific times.
7. More Secure Login
“This kind of authencation is called “Strong Authentication”, strong authentication is associated with at least two-factor authentication. Your usual password is the first and only factor, this plugin adds an external factor : a MSL Secure Card. Now, you have 2 secure factors to log in.” More Secure Login is plugin you might one to look at if you need extra security on your site.
8. WordPress File Monitor Plus
“Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address.” WordPress File Monitor Plus is a great plugin for monitoring your site. Whenever there is a change, the Monitor will send you an email.
9. Exploit Scanner
“This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.” Exploit Scanner is a popular security tool for wordpress.
10. CommentLuv Premium
CommentLuv Premium is a premium plugin designed to give your readers away to get more traffic from their comments. With the premium version, comes with a beefed up version of GASP –spam protection plugin. I use this plugin on my site and have seen a huge cut in bot and human spam. Check out my review and see what this great plugin is all about.
Hey, i just saw a tweet about this post, #security, #WordPress, #plugin, i’m interested.
So i visit this post and … o_O i’m in ? I’m very happy to be here. We never met (or support forum !? maybe) and my plugin is here.
Thank you very much for this and for the rest of the list of course 😉
ps : mine is More Secure Login