It is a sad fact of online life that, for those of us with a WordPress Website, many don’t worry about its security until it’s too late!For most,managed WordPress security, regular backups and even website recovery are not always properly implemented.
We believe that the continual rise of online cyber-crime means that it really is a necessity to ensure that your website is as secure as possible. We are going to take a look then today at one of the world’s most popular website development platforms, WordPress, and the best security plug-ins available.
Any protection is better than none!
As a responsible Webmaster, you should always strive to reduce the chance of your website being hacked by criminals.
So let’s now take a look then at some of the best WordPress security plugins out there. There are many features that we should compare, but in the end they are all better than doing nothing, and some are even free!
The many WordPress Security Vulnerabilities
There are a great many potential security vulnerabilities to be faced by any WordPress website.Things likea variable login page and strong passwords are a good start, as is keeping WordPress plug-ins and core files up to date. There are though many more potential WordPress security vulnerabilities that must be considered and addressed. Here is a list of the major ones:
- WordPress Theme security
- WordPress Plug-in security
- Hosting Server vulnerabilities
- Secure WordPress Hosting
- File permissions
- Securing vital files such as wp-admin and wp-config
- Database security
- FTP vulnerabilities
- Encryption and SSL Certificates
It is plain to see then that there is much to consider!
With WordPress there is not a single plugin that can cover all security holes. Managed WordPress Security is of vital importance. Let’s now take a look at some of the security plug-ins that are available, in addition to Secure WordPress Hosting:
All in One WP Security
This is one of the most popular free WordPress security tools available. All in One WP Security uses a convenient grading system, making it fairly simple to identify the areas where your WordPress website security can be improved. It has a dashboard which ranks your current levels of security on a scale according to the security measures that are enabled.
There are three categories of changes, basic, intermediate and advanced. Basic features are relatively easy and safe to activate. The intermediate and advanced features do have the potential to break some of your website’s functionality so you should take care and have some proficiency in Website Development before using them. Themajor security features are contained in their own sub-menus, with detailed information regarding what you are changing. All in One WP Security has the following functionality:
- Prevention of Brute Force login attacks
- Firewall protection
- Manual approval of new user registrations
- Disable WP Meta information functionality
- User account monitoring
- A Database prefix management feature
- Specific named file protection
- Ability to edit PHP files from the dashboard
- Supports the black-listing of users based on their IP or range of IP addresses
- Facility to alter the login page URL
- Captchas and whitelists
- Cookie based logins
- General comment spam prevention
- This plug-in can disable the copying of text and use of your site in iFrame’s
- File change detection ability
All in all, it is all in one as much as possible!
This is another very popular WordPress security plugin. iThemes Security offers a free version with limited functionality and a paid for or premium version with full functionality. You pay your money and take your chance! This is what it can cover:
- Brute force login attack protection
- Two-Factor verification/identification.
- Automated logging of user actions.
- Monitoring of core files for changes
- Hides the login and admin pages if required
- Users entering their username or password incorrectly a certain number of times can be locked out
- Forces the use of secure passwords for specified user roles and for file permissions.
- Support available to all pro users via a ticket logging system.
As with many such plug-ins, there is the chance that some changes may actually break your site. Pay particular attention to database changes and changing file wp-content directory path. It is sensible to always back-up your website prior to activating the iThemes Security plugin. It is also sensible to perform a back-up prior to enabling any of its features.
Wordfence is a powerful and well-established WordPress security plug-in. As with iThemes Security, it also comes in both a free and paid version. The cost for the paid version depends on the number of individual licenses you are purchasing and the period they are valid for.
The Wordfence plug-in is more than just a standalone piece of software with round the clock back-up from the company to help you manage your websites security. The Wordfence servers can scan your site for any file changes, code injections, malware, or any known backdoors. Scans can be performed at quite periods with the premium paid version.
Wordfence offers the following and more:
- Two-factor authentication
- Country blocking
- Country redirects
- Scanning for file changes
- Scanning for code injection
- Malware detection
- Known backdoor mitigation
- Blocking IP addresses
- Custom alerts
Finally, compared with other plug-ins, very few instances of issues with broken sites are reported.
The Sucuri Security WordPress plug-in is a free plugin. It is very much like Sucuri’s free web-based scanning tool and it is designed primarily as a method of quickly alerting you to any potential security problems with your WordPress web-site.
This plug in can monitor and record all activity in your WordPress installation. Sucuri keeps a log of all activity
Sucuri Security also monitors your installations files, such as WP Themes, plug-ins and the WP core. As soon as this particular plug-in is activated it will record of all files present as a base point. Any future changes to the files, and the addition of new files, will then be notified to you directly.
Both malware and blacklist monitoring are also provided, using Sucuri’s free scanner. Your site will be monitored on the many blacklists on the internet.
- Sucuri in a nutshell then:
- File change alerts
- Malware scanning
- Blacklist monitoring
- Protecting your upload directory from browsing and nefarious PHP execution
- Restricts access to wp-content and wp-include files
- Removes your WordPress version information
- Verifying your security keys
- Restricting access to the file editor within your WordPress dashboard.
And so there you have it, several powerful Word Press Security Plug-ins worthy of your consideration, there is no overall winner because they are all good at different tasks.