WordPress is a fantastic and versatile platform for just about any type of website you want to build. Everybody knows that. The problem, though, is that like with most open source software and platforms, WordPress is very vulnerable to attack. Every day hackers exploit weak points in the source code to get in to sites and hijack them. Last summer, for example, there was a spate of brute force attacks that targeted the XMLRPC.
There are a lot of things that you can do to make sure that your site stays as safe and secure as possible. Hosting with a secure server is a great start, says “WordPress Security: The Ultimate Guide.” It’s true that the security on the server side of your site can often create a fantastic barrier against the nefarious types who want to hijack your site. It is also true that your server can’t do everything. This is why there are so many different security plugins out there.
Before you download and install every last plugin you find, take a breath. It is incredibly important, says Joyce Grace, to understand exactly how a security plugin is programmed. This way you will better be able to evaluate what a plugin can and cannot do to keep your site secure.
It’s also important to understand that not all security plugins are created equal. Understanding how they work is important, but not everybody has the time to delve into the code for each plugin they want to use. If that rings true for you, don’t fret. Here are some of our favorite WordPress Security Plugins that you can use to help keep your site safe.
BulletProof Security Pro
We like this plugin because it focuses on protecting your site’s “points of origin” (aka your wp-admin folder and root folder). These are the two places from which a hacker can do the most damage and it is incredibly important to build the thickest brick wall possible around them. It also protects users against the different types of code injection hacking that are currently popular.
It’s also great because–and this isn’t really a security thing but is still really handy– it allows you to publish a 503 and work on your site “behind the scenes” (as opposed to being forced to publish every update like WordPress used to make its users do).
iThemes Security (Formerly Better WP Security)
This is a seriously robust security plugin. One of the best things about this plugin is that it is equipped with 2 Factor Authorization. WordPress has been really dragging its feet about coding in 2 Factor Authorization (in spite of huge user demand) and this plugin will help you bridge that gap. It also has built in Google ReCaptcha to help keep spammers from exploiting any existing comments sections or submission forms.
Perhaps the best thing about this plugin is that it has a lock-out feature that helps protect your site against the very typical brute force attacks that plague most WP users. After a certain number of failed login attempts, the IP is blocked so that you can go in and check things out and, more than likely, change you password just to be safe.
WP Optimix
This is one of the highest rated WP security plugins you can find. This plugin allows you to set up your own firewall, has a built in malware and reputation checker, a WordPress core scanner, the list just keeps going.
In addition to its security measures, this plugin also helps WP users tackle a bunch of their site optimization tasks in easy and straightforward ways. Why install two plugins, when one will do both jobs?
Obviously, as we’ve already mentioned, it is important to protect your WordPress site from the outside as well as from the inside. For example, Trend Micro recommends using a password manager to help keep your passwords protected from the prying eyes of hackers. It is not uncommon for WP hackers to use backdoors on your computer’s OS to guess your site password.
Do you have a favorite security plugin? Let us know!