Image sourced from PluginsWP
Picture this – you have been working hard on publishing high quality content on your blog, and you are getting rave reviews about it. You are enjoying your new-found fame, and are steadily growing an online community based around your blog . They think of you as a God for providing them the most useful content – which will have got them unstuck in many situations.
Now picture this – you wake up one morning to see your WordPress-powered content machine defaced with viagra spam and fake anti-malware ads. You naturally panic and try to figure out how this happened – you then find out more bad news when you see your server has also being compromised. You also discover that all your work has been lost or severely corrupted…
This is why every WordPress blog author needs to be extra vigilant about the security of their blog – thousands of hacker attacks are being carried out every day. The costs of such hacking attempts can be ridiculously obscene, especially when you realize there are many (often free) WordPress security plugins you can use to thwart the hackers attempts. These plugins are often easy to implement, while some demand more technical nous; however, regardless of this, implementing one of the WordPress security plugins will save you many (potential) security-related headaches later on. You can also download regular backups of your databases via cPanel, if your hosting provider uses it.
Since you are very eager to find out about some WordPress security plugins, I will begin my review now…
I have been using the Bulletproof Security WordPress plugin for nearly three years, and have not noticed any unusual activity since. This plugin is one of the well-known WordPress security plugins out there, with features that are second to none. This plugin is very versatile, and offers a comprehensive set of features (in both the free and paid versions). Some of these features are listed below:
- One-click .htaccess website security protection from within the WP Dashboard.
- .htaccess security protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.
- TimThumb Vulnerability/Exploit .htaccess coding.
- wp-config.php and bb-config.php files protected with .htaccess security protection.
- php.ini and php5.ini files protected with .htaccess security protection.
- File and Folder Permission Checking – CGI / DSO SAPI check / display.
- Website Developer Maintenance Mode (503 website open to Developer / Site Owner ONLY).
- Log in / out of your website while in Maintenance Mode.
- Customizable 503 Website Under Maintenance page.
The above list is just a small sample of Bulletproof Security’s plugin features. The developer of Bulletproof Security updates this plugin on a frequent basis, so you can be assured that with this plugin, you are getting the premium protection you deserve.
Wordfence Security is one of the most top notch WordPress security plugins for your WordPress blog. For a no-cost security plugin, the amount of features provided with this plugin is a pleasant surprise – just have a look for yourself below:
- A built in firewall.
- Automatic and manual anti-virus scanning.
- Malicious URL scanning.
- Real-time traffic tracking, with geo-location features.
- Scans core files, themes and plugins against WordPress.org repository versions to check their integrity.
- Scans for many well-known backdoor expoits, such as: C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, and many more.
- Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
You can see more of their powerful features by visiting their download page on WordPress.org. If you need stronger protection against the rogue hackers out there, you can make use of their paid A.P.I – which allows you to block certain countries and automate scans more often.
iThemes Security (formerly Better WP Security)
Want a light-weight plugin that is packed full of “life-saving” security features? If so, then the iThemes Security plugin will satisfy your security needs. With most of the attacks that are carried out on self-hosted WordPress blogs, they tend to exploit vulnerabilities in plugin, weak passwords, and obsolete software. iThemes Security will provide a formidable barrier to hackers, when they try to access known vulnerable places – and also force SSL on admin pages and posts (on supporting servers).
Here is a small sample of features that the Better WP Security plugin offers:
- Prevent brute force attacks by banning hosts and users with too many invalid login attempts.
- Detect bots and other attempts to search for vulnerabilities.
- Strengthen server security.
- Detect bots and other attempts to search for vulnerabilities.
- Scan your site to instantly tell where vulnerabilities are and fix them in seconds.
You are able to view a more comprehensive list of features by visiting the Better WP Security download page.
Sucuri WordPress Plugin
Do you need more top end WordPress security plugins for your enterprise WordPress blog? If so, then the Sucuri WordPress plugin is your best bet. Even though a payment is required for this plugin, the unique and well-constructed features make this plugin worth every penny. The Web Application Firewall feature utilizes cloud-based services to protect your sites from brute-force attacks, like dictionary attacks and other similar access attempts. Want to see why this plugin is worth every one of your pennies? Have a look at some key features below:
- Web Application Firewall.
- Integrity Monitoring.
- Audit Logs.
- Activity Reporting.
- 1-click Hardening.
The official website for the Sucuri WordPress plugin will give you a more descriptive overview of the above features. Once you see the features in more detail, you will be able to see why spending your hard earned money on this plugin is worth it.
Total Security is another one of the lightweight WordPress security plugins that analyzes your WordPress installation for any security holes. The plugin works it’s magic by scanning for unsafe files that might exist, vulnerabilities in the core installation files, and fixes altered file permissions. This plugin is packed full of features that will guard your blog against the most hardiest of attacks – some of these features are listed below:
- Scan WP core files with one click.
- Fix broken WP auto-updates.
- Check your site for security vulnerabilities and holes.
- Apache and PHP related tests.
- Removing exploits and fixing accidental file edits/deletes.
If you want to see all the features that this plugin offers, visit the plugin download page on WordPress.org.
Have you had any positive (or negative) experiences with any of these security plugins which you want to share? Feel free to leave a comment below. If you know of some other quality WordPress security plugins, also leave a comment below – I will be sure to look into them.
Here is a list of some interesting WordPress security links you might also like to have a look at: