As we’ve covered before on the blog, there are many steps you can take to keep your WordPress installation safe from hackers. Updating your core installation to the most recent WordPress version is, as always, the most important thing to do. Your web hosting company can assist with this. However, there are additional steps you can take beyond diligent updates to make sure your information and information that belongs to your customers remain secure and private. If your login page has been properly secured and your passwords are strong, it’s time to look into the next step of proper WordPress security management: plugins.
While keeping your current plugins up to date is part of the best security practices for WordPress, that’s not the whole story. There are actually plugins you can install that are developed for the purpose of keeping your overall WordPress installation more secure. Let’s take a look at some of the plugins other WordPress users are installing in order to up their security.
Wordfence has been making the rounds as one of the premier WordPress security plugins. Simliar to how JetPack is considered the name to beat in the WordPress analytics space, Wordfence has a similar reputation when it comes to security. Wordfence has many features wrapped into a single plugin. One feature is a built in WordPress-specific firewall. The firewall is self-updating so as new threats are documented, the software will patch itself to be prepared. Essentially, the firewall will identify malicious activity and block it before it can access your site. Wordfence also has a blocking feature. It is Wordfence network wide, which means if another site with Wordfence is attacked and the attempt is blocked, all sites using Wordfence will automatically block the offending IP address and domain name. The blocker will also root out “crawlers” or other kinds of bots that may look to scrape data from your site. There is also a login security feature which enables two-factor authentication to make it harder to forcibly enter the site by spamming login credentials. Much like with antivirus software, there is a scanning feature that will seek out any form of corruption in your themes, plugins, and core files. It’ll even monitor your DNS.
Here is another big name, trusted security plugin for WordPress with a list of features. Sucuri Security is the creation of the famed security company Sucuri. The plugin also provides constant monitoring and auditing to ensure your site is always guarded. It pulls in information to successfully blacklist suspect sources. You’ll recognize some of the names it aggregates information from, including Google, Norton, and McAfee. If a threat is recognized, the plugin will send you an email right away to notify you. The plugin will defend against many different categories of attacks. While developers will really be the ones that understand the nuances of each different kind of attack, take solace knowing you’ll be covered on multiple fronts. As a last ditch failsafe, Sucuri keeps your activity logs stored in the cloud so if a breach does occur, you can still recover everything.
BulletProof Security is an all-in-one package plugin as well that performs multiple functions. The hallmark of this plugin is the ease of use. It boasts a “four-click” set up that lets you set it and forget it. For users that aren’t interested in dabbling in the guts of a site, this is an attractive plugin. The plugin offers a firewall, login verification, database security, and more. If too many failed login attempts are made, the login functionality will be disabled. It also scans for spam traffic and scanners. Like with Wordfence, it will scan your site for core vulnerabilities. For more advanced users, there are plenty of more features that may interest them. Check out the documentation and see what they have to offer.
WordPress is the easiest CMS platform to use when creating a site. Unfortunately, because it’s so popular and supported, hackers know there may be value in trying to find openings in the core WordPress code. By practicing good security habits, such as constantly performing updates, and installing a security update, you should be able to rest easy knowing your site is safer.