Top 5 WordPress Security Plugins
To give you an quick overview to malware attacks those hackers that attack WordPress websites tend to find one security leak which will allow them to run scripts and hack your website. These hacks can often cause great issues for website owners as they rely on their websites to earn a living.
Tips to assess a WordPress Plugin
Before we continue with the top 3 WordPress Security Plugins I would like to give you insight into how I assess how to choose the right plugin.
Firstly, I focus on the last updated, number of downloads, WordPress compatibility and ratings.
In this example the latest update was one month ago (at the time of this post), it currently has over 5 million downloads and an average rating of 4.2 out of 5. Seems we are onto a winner.
I then take a read of the support forums. I look for two things. The first is to see if the plugin developer replies frequently to support requests and then take a look at the different requests.
Generally I don’t get too bogged down in this section. However, it can give you insight into any other plugins that may be suitable with.
Just to summarise, if I notice that a plugin hasn’t been updated for more than 6-12 months and doesn’t have more that 5,000 users I will tend not to install the plugin.
Why install a WordPress Security Plugin?
The out of the box installation of WordPress is the same across all WordPress sites if you haven’t manipulated the structure. Which of course, you would most likely need to have some development skills to do. The reason for this is that the open source files are all structured in the way which essentially makes up WordPress. This isn’t uncommon practice for Open Source software.
Security plugins are a great way to lock down your WordPress site. This means we are going to alter a few off the shelf structures by simply installing and activating a security plugin.
According to a Forbes article 30,000 websites are being hacked a day. The also go on to say…
Another widely held web threat misconception is that cyber criminals only go after large enterprises or government organisations.
With this in mind it’s an absolute necessity to take some measures to defend your WordPress site.
Acunetix WP Security
The Acunetix WP Security Plugin is a security tool that will help you secure your WordPress website by manipulating the WordPress installation and give some great suggestions and measures to correct the vulnerabilities. The website secures file permissions, updates the database, hides the version of WordPress, protects WP-Admin and a lot more cool features.
I highly recommend following their Facebook Page as they part with some great insights and really make you understand the vulnerabilities of WordPress.
This plugin wouldn’t be my first choice. But definitely better then not having any security!
Better WP Security
The Better WP Security WordPress Plugin has been touted as the simplest way to secure your WordPress site. It’s security features will remove certain elements of the WordPress code which removes sensitive information about your WordPress installation that attackers can learn from your website. It manipulates the admin login, changes the URL structure for the WordPress dashboard and also puts a time limit in which you can login. As an example if you know you only login first thing in the morning 9am-12pm, then anyone that tries to login after those hours will not be granted entry to the dashboard.
Another great way (and I might get technical here) is to change the database structure. Although we talk a lot about file structures the database is installed with a prefix of wp_ and has the same table structure. If we change that prefix to something random, then it will prevent scripts from attacking the database.
This plugin has a huge 1.7 million downloads and is frequently updated by the team at iThemes, a very reputable theme and plugin building team.
It must be noted that the author of the plugin has a big warning which you must read before installing;
Please read the installation instructions and FAQ before installing this plugin. It makes some significant changes to your database and other site files which, without a proper backup, can cause problems if something goes wrong. While problems are rare, most (not all) support requests I get for this plugin involve the users failure to make a proper backup before installing.
If you are building a new site from the ground up, this plugin won’t cause you many issues. However, if your website has been running for some time, then maybe this plugin might not be right for you.
Sucuri Security – SiteCheck Malware Scanner
Sucuri is a great Malware Removal Service that will monitor your site as frequent as every 3 hours giving you round the clock protection that your site needs. Although, this may be overkill for some of the standard bloggers if you are an Enterprise company this could be the perfect system.
The SecuriCheck app will scan your site for malware, spam, Google, Yahoo, Bing, MaCaffee and other blacklistings. The plugin will scan your files and database looking for issues that can be in your .htaccess file, any hidden code and much more.
Although Sucuri charge for their service as discussed earlier, this plugin is absolutely free!
However, this is only for site checks. When you pay for the premium Sucuri account you are also privy to another plugin that will lock down your WordPress.
The BulletProof Security plugin is plug and play. Essentially you install the plugin, no configuration is required. The plugin will add .htaccess, wp-admin security protection to your WordPress blog. Another great feature of BulletProof is that you won’t need to access the Website files via FTP or your CPANEL/Plesk web host control. Another great feature is when the site is in Maintenance Mode it will only grant access to specific IP addresses.
Other Security Plugins
- Security Ninja
- AntiVirus For WordPress
- WP Security Scan
- AskApache Password Protect
In review, if you have the right web developer that sets up the website properly from scratch then you shouldn’t run into needing these plugins. However, for piece of mind it can help. If you are a small site with traffic of less than 1,000 visits per month I would recommend the Sucuri Scanner. If you are a bigger site with 5,000+ visits per month and your business is reliant on your website then paying for a web developer to maintain your website with backups, malware scan, consistently updating WordPress and plugin updates. My Site Got Hacked can offer this service. Please get in contact with us.