In this blog post we will be looking at three of the best current WordPress plugins that can help keep your site more secure.
Related posts for you to consider include our WordPress Survival Guide that details some of the simple steps you can take to put hackers off from attacking your site, and should you encounter any problems installing any of these plugins, then you may find our guide to fixing the dreaded WordPress White Screen of Death useful also.
As with any plugin or theme that you add to your WordPress installation, please ensure that you have an up to date back up of your site before you begin, including the database.
It’s rare that something goes wrong, but it’s better to be safe than sorry!
All In One WP Security & Firewall
We selected this plugin back in 2016, primarily due to its ease of use and friendly interface. This plugin is particularly useful for users that don’t have a lot of experience with the more advanced security settings, and you should be able to find your way around the plugin without being intimidated by jargon and confusing settings.
The plugin includes a login lockdown option. This is triggered when someone has failed to login from a specific IP a number of times, and is handy for preventing brute force attacks. This is a common method that hackers use to access your site, they simply try a number of usernames and passwords until they are successful. Blocking this attack is a good way of getting rid of many of the low-level attacks on your site.
The plugin has some other handy features, including a script blocking firewall, a fake Googlebot blocker and the ability to stop people hotlinking to images on your site, which can cause issues with the amount of traffic and bandwidth your site uses.
With excellent documentation, this regularly updated plugin has very positive reviews and is well worth investigating if you are looking to improve the security of your site.
You can find out more and download the plugin over at the All In One WP Security & Firewall plugin page.
This well regarded plugin has a large amount of features in the free version, with an impressive number of professional features available in the paid for edition.
We’ll just be taking a look at the free version here, which contains many great features in its own right.
The one-click setup wizard that is used to install the plugin couldn’t be simpler, while advanced users can select a manual mode to tweak and adjust the settings.
Key areas of defence that this plugin provides are firewall protection, combined with both login and database security. A nice feature of this plugin is a .htaccess filter, which is designed to monitor and match nuisance attack patterns on your site. This can be a great help in keeping your site running smoothly and maintaining the integrity of your files.
You can find out more and download the plugin over at the Bulletproof Security plugin page.
This uses a process called two-factor authentication, sometimes referred to as two-step verification, when a user attempts to login.
Once installed and setup, your site will request a username and password from the user as usual, but it will then also require a secondary identification method before the login is granted. The secondary identification can be done by either entering a code that is sent via text, a mobile application, or a voice call. The plugin also has support for using a USB security key to confirm the id of the user.
The plugin can be set so that the second step is only required once per device, so once you have registered your device you won’t have to go through the whole process again.
You can find out more and download the plugin over at the Google Authenticator plugin page.