Few problems hold the collective imaginations of WordPress bloggers in the fearful grips of panic more than site security. We work hard on our content, and safeguarding it is vital to both fiscal and emotional well-being.
The sad truth about the state of human affairs is the same as it’s been for the entirety of our existence: some of us a jerks. If a few have the power, knowledge, and wherewithal to dominate, destroy, or even slightly irritate others for no other reason than personal enjoyment, more than just a few will act on it.
Yes, I’m comparing your average hacker/troll to Genghis Khan when you get right down to it. Instead of raping and subjugating Asia, they’re busy with drive by downloads and pharma hacks. Thus we need a great wall to keep the Mongol hordes from invading our WordPress sites.
Enter security plugins.
WordPress is a massive application, and because they’re so extensive, security is a top concern. Therefore, an entire industry has grown out of providing security measures to individual WordPress themes and templates. The device of choice for individual site owners with which to safeguard their content? Security Plugins.
Some of course, are better than others, and it’s difficult for the not-so-technically-inclined to make out the method in the madness. Luckily for the laymen, there’s a market for curators looking to collect and distribute such useful information as which plugins best suit a standard WordPress site’s security needs. In this case, the method of delivery is a handy list, numbered talismanically in 7 parts to add a little karmic flavor to your ongoing protection.
So read on, and be ever vigilant against the monstrous, malicious, malware-ian, malcontents who would co-opt your content to sell Viagra, or another, seedier prescription of penile enhancement.
Let’s start off with a heavy hitter. Wordfence is somewhat of a gold standard in the world of security plugins. It safeguards against:
- Slowed performance
- Malicious IP addresses
It’s notable that Wordfence doesn’t always detect backdoor threats, but for the average user it’s more than adequate to protect against most of the common problems associated with site security. It has its own highly touted “Falcon” caching engine which allows it to avoid conflicts between security and caching processes, and it can scan as well as repair your WordPress’ source code, testing it against the sanctioned WordPress repository.
Another good name for this plugin might be idiot proof. The emphasis being on usability as well as outstanding security protection. Bulletproof security plugin allows for a quick setup and all the customization that you could want.
It takes a dynamic approach to blocking malicious actions against your WordPress, as it blanket blocks the actions themselves rather than the agents performing them. So if a hacker is running a SQL attack on your site, all such attacks are blocked rather than the hacker’s IP address. This can be very helpful as it won’t negatively impact your site’s performance.
iThemes Security is a powerful turnkey plugin which covers every security issue imaginable. Itscans malware on a schedule, ensuring you a regular update of your site’s security measures, issues, and fixes. It also obscures the presence of the backdoors hackers often use to penetrate your sites defenses. For example it will alter the URLs for access to your WordPress dashboard areas. That includes the login and admin areas.
iThemes can even preventbrute forceattacks by banning users after too many failed login attempts. iThemes can detects and blocks a multitude of attack methods on both your filesystem and database, while simultaneously watching your WordPress and relayingdeviationsin your filesystem and database that foreshadow a security failure in real-time. On top of all that, the plugin formerly known as Better WP, will perform regular backups on all of your data.
All In One is indeed fairly comprehensive. It keeps many outside threats under wraps through the use of its firewall, and is continuously keeping track of the latest WP updates, implementing them automatically. One cool feature is the Whois lookup which All In One runs to identify potentially malicious users or hosts trying to inject scripts into your source code. With this you can actually learn who your attackers are, before they even hit your site.
All in one even safeguards your comment section, preventing spam comments which crowd the bottoms of all your blog posts. If you’re looking for a simple and inclusive security solution, with stellar reviews all around, then All In One is probably your best bet.
MalCare is a complete WordPress Security Solution that comes with many impressive features. It’s quick to install and starts scanning your site as soon as you add the plugin.
It takes a comprehensive approach to security and offers a complete set of security features. There is a powerful scanner that detects new and complex malware and a unique automatic malware cleaner that enables users to clean their hacked site instantly. All brute force attacks and bad traffic are blocked by the web application firewall. It also facilitates implementation of WordPress security best practices via website hardening. There is an intuitive site management module that lets you manage your themes, plugins, WordPress core and site users. If you run an agency, then MalCare’s white labeling and client reporting features are going to be handy.
Security Ninja is a premium paid plugin that performs more than 35 security tests each time it scans through your WordPress site. Not only that, but each test comes with a detailed description of what it’s testing for, why it’s necessary, and instructions on how to avoid recurring issues. Unlike many security plugins, the Ninja won’t slow your site’s performance because it doesn’t offer any actual fixes. It just reports the problems and tells you how to apply the solutions. It’s a site security DIY enthusiast’s best friend.
Securi is another threat detection plugin rather than an all in one solution. And like Security Ninja, because the plugin’s purpose is more focused, it does a better job than some of the more comprehensive solutions on this list. For example, Securi can be set to run a scan much more frequently, every three hours in fact. The scan checks that your site is clean as expected, but it also looks out to confirm if you’re being blacklisted by any major services such as Google, AVG, Opera, or Norton.
Perhaps Securi’s most attractive feature for WordPress users is its Audit log, which audits each change on you site, making sure that no event goes unchecked as your site’s content expands. And if ever there is a problem with your site, you can respond quickly because of alerts you can receive via twitter, email, RSS, SMS, or even via instant message. And if you pay for the Securi service, any of the threats that the plugin detects can be cleaned up as part of the bargain.
Whatever security solution you decide upon, make sure that it enables you to protect your most precious resource: your content. Without your content offerings your web presence is just a name and banner. You have to offer your visitors useful, helpful, and entertaining material to earn their loyalty, and that means securing your offerings as well. If your site spreads malware along with your product, service, or information then that domain will be on the blacklist of public opinion. Arguably, a much worse blacklist to be on.
Which plugins for site security do you prefer? Voice your thoughts in the comments.
If you enjoyed this post, make sure to subscribe to WP Mayor’s RSS feed.