WordPress is a very popular platform for websites and blogs, and this popularity makes it a big target for hackers and other attacks.
Previously we have talked about some of the steps you can take to make to harder for would be attackers to gain access to your site (read our WordPress Survival Guide!), and in this post we will be looking at some of the best WordPress security plugins that are available.
As always, before you install any new plugins, ensure you have a backup of your website installation in case anything goes wrong.
If you encounter the dreaded “white screen of death” then check out our WordPress “White Screen of Death” post on how to fix the error.
All In One WP Security & Firewall
This is an easy to use plugin with a nice user friendly interface If you don’t have a lot of experience with advanced security settings you’ll be able to find your way around this plugin without too much trouble.
It has a number of useful features, including a login lockdown that is triggered when an IP address is making a lot of failed login attempts. This is known as a brute force attack, and is a common way that hackers use to try and access your site.
Other features include a firewall that blocks malicious scripts, a block that prevents fake Googlebots crawling your site and an option to stop people hotlinking to images on your site.
This is a regularly updated and maintained plugin with strong reviews, you can read more about it on the All In One WP Security & Firewall plugin page.
WP Antivirus Site Protection
This plugin analyses all of your website files and performs deep scans to keep your WordPress installation secure.
It identifies and removes a number of threats, including hidden links, spyware, adware, fraudtools, worms, Trojans, rootkits and backdoors.
Any threats that are detected are alerted to you in the WordPress admin area, and you can also set the plugin to alert you by email.
The virus database that the plugin uses is updated daily, helping you to stay protected against the evolving threats to your site.
You can find out more on the WP Antivirus Site Protection plugin page.
Clef Two-Factor Authentication
This interesting plugin gives you an alternative, and very secure, way to login to your WordPress site.
Once installed on your site, you install the Clef app on your smartphone. On the login screen, you will see a pattern that you line up with the pattern on your phone. When the patterns align, the app will detect that you are the permitted user and log you in.
The app is available on iOS and Android, and provides you with a very secure way of logging in, and is ideal if you have trouble remembering your passwords.
You can read more, and watch the video, on the Clef Two-Factor Authentication plugin page.
This security plugin has an impressive number of features, strong reviews and is regularly updated.
It’s fast and easy to setup using the one-click setup wizard, and it also features a manual mode for more advanced users to tweak the settings.
The plugins major areas of defence are firewall, database and login security.
The plugin features a .htaccess security filter which is designed to match nuisance and malicious attack patterns, this is a great help with maintaining the integrity and speed of your site.
You can read more on the Bulletproof Security plugin page.
This plugin uses two-factor (also known as two-step) authentication when somebody attempts to login to your site.
Your site will ask you for a username and password as usual, and will then require a second method of authentication to confirm your identity. This can be done via text, a mobile app, a voice call and it also provides support for security keys plugged into your device by USB.
This second step is required once per device, so once you have registered the machine you are logging in to the site on you don’t need to repeat the step.
You can read more on the Google Authenticator plugin page.