Is your WordPress website secure? If you want to sleep well during night I strongly recommend you read this article. Because a small hole in your system might already cause huge chaos, financial disaster and legal issues. Gladly there are ways to prevent all this and protect you as strong as possible. I just want to be clear on one thing: there is no 100% security. So better get 99.9% now!
In this post I’ll suggest various options how you can secure your website.
WordPress Security All In One Plugins
All in one security plugins are easy to setup and very convenient to use. They offer protection against a wide variety of threats.
Wordfence is my plugin of choice when it comes to security. It offers many options and really improves your site’s defenses. I especially love the login rules.
Other featuers are:
- Security Scanning for malware
- A Firewall
- Multi Site Security
- And also the falcon cache to speed up your website if needed (I prefer W3 Total Cache thought)
Sucuri is the authority when it comes to WordPress security. Each WordPress user should at least one time a day thank Sucuri for its efforts to make WordPress, its plugins and themes a safe environment to play in. It’s not only about their plugin. Sucuri also reports vulnerabilities to major WordPress extension providers to help them prevent possible exploits. Each time I read Themeforest messages warning of security holes I also stumble across the name Sucuri.
Their plugin offers following features:
- Security Related Activity Auditing
- File Integrity Scanning
- Malware Scanning
- Blacklist Matching
- Security Boost
- Post-Hack Security Options
- Website Firewall as AddOn
iThemes Security is the successor of the prominent All in One WP Security plugin. iThemes is offered in as a free and paid version.
It offers various features like:
- Brute Force Protection Network: IPs that try to breach your defenses are sent to the iThemes network. Similarly you get the IPs who tried to breach other WordPress sites defended by iThemes security.
- Obscure and Protection Measures: iThemes will obscure your website, block bad users and increase your passwords strength.
- Scans for vulnerabilities and file changes
- Automated database backup and restore functionality
All in One security was the most prominent all in one security option for WordPress. However I don’t recommend using it anymore as other options are more viable now.
Another all in one solution is Bulletproof Security. They offer a free and a paid version.
The highlights of the free version are:
- Ready to rock One-Click Setup
- Login Security & Monitoring
- Idle Session Logout (ISL)
- Auth Cookie Expiration (ACE)
- Database Backup Functionality
- Security Logs
- HTTP Error Logs
- Maintenance Mode Feature
Don’t want any protection except an anti virus? There are also stand alone solutions available.
If you are looking for a dedicated WordPress Anti Virus solution, AntiVirus is one prominent example.
- Virus alerts in your dashboard
- Clean up after you removed plugins
- Scan schedules
- Email notifications
- Theme and database scans
- A whitelist to mark suspected files as “good”
- Manual scan option
- Available in many different languages
However I prefer the all in one solutions, as I’m a friend of less plugins with more effect. There are some more stand alone anti viruses.
WordPress Anti Spam
Anti spam software extends your website with great value, except that it’s not directly security related. However it makes your life a lot easier. As soon as you get above 10 daily visitors you will most likely get your first spam comments.
Antispam Bee is my plugin of choice. It’s easy to set up and works like a charm. It’s also recommended by a lot of other users. The settings menu is very clean and its options useful.
The most important features are:
- Remember approved commenters
- Trust Gravatar user
- IP validation
- Your own local spam database
- A public spam database to verify comments
- Automatically delete existing spam schedule
- Comment time consideration
- Exclude trackbacks and pingbacks from spam detection
- Spam statistics directly onto your dashboard
If you don’t like Antispam Bee for whatever reason you might want to check out GoodBye Captcha. Integrates with many different forms. Doesn’t slow down loading times according to its author.
Another trustworthy options is cleantalk’s anti spam plugin. It also integrates with many different forms and has a low false/positive rate according to its author.
One important security option are backups. Even better if they are automated. So in case something happens you can still restore your website as a recent version.
My plugin of choice for automatic WordPress backups. You can schedule database backups, file backups and complete backups. Typically you want to database backup your static websites and simple blogs daily. For eCommerce sites I suggest hourly backups at least. Your files are saved on your server in an archive. You can download them on your local computer via ftp. Your database can be restored via phpMyAdmin and the import function or via your MySql tool of choice.
If you buy the paid version you can also store your backups in your cloud solution like DropBox (and far more).
Another popular backup solution is provided by UpDraftPlus. The functions are similar to BackUpWordpress. Automatic backups, manual backups and more. Saves to cloud storages (Paid Version) as well as your website’s server.
If you don’t like above solutions for whatever reason you can also try BackWPup. They offer a free and premium version too.
Other Useful Plugins
There is one more security related plugin, which is a bit outdated but still should be mentioned on this list.
Snitch is a plugin to monitor your website traffic. Although you need to be an advanced user to really take action on this insight, it can be very handy to handle attacks.
If you are not one of these adrenalin junkies you should definitely care about your website’s protection. The plugins above provide you with a good start to fortify your WordPress. Additionally you should always keep your plugins up to date. If your site gets compromised seek professional help. To completely cure a once infected system is a damn hard task. Sometimes the only efficient option is a complete wipe. Hopefully you made a backup 😉