Most people do not care about the security of your website until it is too late. Avoiding potential problems until they have no solution is part of human nature, but in this post we want to encourage and convince you that by investing a small amount of time in the planning of your web security, you will reduce the risk.
To start the year well nothing better than knowing several ways to keep our WordPress safe. For this I have made a selection of plugins that will help to have a secure WordPress.
Before going into detail, always keep these basic recommendations in mind:
Keep WordPress updated to the latest version, the only guarantee of known vulnerability control.
Install only secure plugins, if possible from the official repository.
Only install secure themes, if possible from the official repository.
Check the security section of WordPress Help to verify that you have performed all necessary security actions.
In this post, we will share with you some of the best WordPress security tips and plugins we have found. Some of them have premium versions and more specific features, so before you make a decision make sure that they have the features you need to protect your website.
Security vulnerabilities in WordPress
The number of potential security vulnerabilities facing WordPress websites are far greater than most people think. You should not only have strong passwords and keep your theme up to date. In fact, those elements cover only a small percentage of total vulnerabilities. Other factors to consider include:
- The vulnerabilities of the server.
- Security of the theme.
- The security of the plugins.
- The security of specific files (such as wp-admin, wp-config and wp-includes).
- The security of the database.
- Computer vulnerabilities.
- FTP Vulnerabilities.
As you can see, the list is long and we have only scratched the surface. To complicate things further, you should know that there is not a single plugin that is really capable of covering all the security holes.
The best security plugins for WordPress
As we discussed at the beginning of the article, the vast majority of website owners do not think about the security of their business until it is too late. So knowing the basic safety tips like those offered in the 1and1 guide and having a good plugin will give you an edge over your competitors. But do not be fooled into thinking that you will be able to have a 100% safe website, as this will not be realistic. Instead, look at a more reasonable goal and focus on minimizing the risk against the most common threats.
Remember that protection against automated attacks will always be easier as they simply scan your web for the most common vulnerabilities. On the contrary, targeted attacks are much more difficult to protect since they are commanded by an expert hacker.
Now that you know a little better the risks that your web is facing we are going to present you 3 of the best security plugins for WordPress.
IThemes security is available in free and premium version and is one of the most popular security plugins for WordPress. It covers most of the most common security threats, including:
- Brute force attacks
- Monitor changes to files.
- Hides login and admin pages.
- Blocks users who incorrectly enter the user name or password several times.
- It has two-step identification.
- Logs user actions.
- Force the use of secure passwords for user-specific functions and file permissions.
- For premium users it has an online consultation system.
ITheme security protects your web in almost every aspect, but you must be careful if you install it in an existing website since some data could be lost. Therefore we recommend that you do a backup of your website first.
Wordfence also offers a free and a high quality version. In its free version the Wordfence servers will analyze your web to detect changes in files, insertion of code or malware. The premium option offers advanced scanning options so you can coordinate scans with low traffic periods. Wordfence specializes in the following tasks:
- Scan for file changes.
- Blocking IP addresses.
- Verification in two steps.
- Redirection blocking.
- Custom Alerts.
- All in one WordPress Security
With more than 200,000 installations, this plugin makes it relatively easy to detect areas where your web security needs to be improved. Your main dashboard has an indicator that ranks the current security level of your web between 0 and 470, depending on the number of features you have enabled.
With this plugin, there is also the risk of losing some data, so that to reduce the probability of this happening three categories of changes have been implemented: basic, intermediate and advanced. The basic features are relatively safe to activate, while intermediate and advanced changes are somewhat more risky so backup is recommended.
Your security options include:
- The ability to disable Meta WP information.
- Monitor user accounts for obvious vulnerabilities.
- Prevention of brute force attacks.
- Manually approve the registration of new users.
- Management of database indexes.
- Protection of specific files including the possibility to edit PHP files from the dashboard.
- Black lists of users based on their IP address or a range of IP addresses.
- Basic firewall protection.
- Prevention of spam comments.
- Detects modifications to files.
- Turn off text copying and use of your site in an iFrame.
There are many more high quality security plugins available that will make your website more secure. But remember that even if you have one of these plugins you should be alert to any unusual changes on your website that may indicate that you are being attacked.
Akismet: Anti-spam service, works great. It’s free for personal and paid sites for commercial sites (that generate income).
Anti-spam: A very effective and very elegant plugin, as it uses the hidden field method with CSS as a “trap” for spam robots. In short, it works very well and can be an excellent alternative or complement to Akismet.
BackWPup: Fantastic free plugin for automatic backup creation, the best we’ve tried, we like it for its configuration flexibility, its reliability and its integration with cloud services (in our case , The copies are saved in our SugarSync account).
UpdraftPlus Backup and Restoration for WordPress: A fantastic backup plugin that we have recently discovered and still have to try thoroughly, but seeing its features and community ratings will probably soon replace BackWPup as our reference recommendation.
Limit Login Attempts: This plugin limits attempts to access your WordPress account. Before a number of failed attempts, it blocks the access from that IP during a time that configures the user making attacks impossible by brute force. A very useful, simple and free plugin. 100% essential.
Wordfence: This plugin covers several aspects of security at the same time. It includes a firewall, malware scanning and a functionality similar to Limit Login Attempts (therefore, you can do without this plugin if you use Wordfence). In short, an excellent plugin.