5 of The best WordPress Security Plugins in 2015
-
Upload
chrisvarnomcom -
Category
Software
-
view
16 -
download
2
Transcript of 5 of The best WordPress Security Plugins in 2015
http://chrisvarnom.com/5-of-the-best-wordpress-security-plugins-in-2015/
5 of the best WordPress Security Plugins Author - Chris Varnom at chrisvarnom.com
WordPress as a platform is very secure straight out of the box, however, you will have heard of
WordPress sites getting hacked. I know, because one of my sites was hacked. It wasn’t
chrisvarnom.com it was one of my other sites that forms part of my core business. Luckily, I perform
a full backup everyday of every site so it was back up and running in no time. I will be reviewing
WordPress backup plugins in a later post, so watch out for that one.
To be notified of my latest posts please subscribe to my newsletter and to receive free stuff at
http://chrisvarnom.com/newsletter/
Generally the reasons for the security breaches is lax administration, weak user passwords,
vulnerabilities in plugins or themes and not keeping everything updated as soon as an update is
available.
But pay a thought to the Apple’s and Sony’s of the world, if these blue chip companies are getting
hacked then nothing is totally 100% secure.
I have put together an article that covers 5 of the best WordPress Security Plugins.
Please note there are no affiliate links in this document.
Click the links in the following list to jump to the associated page.
iThemes Security
All in One WP Security & Firewall
Sucuri Security
Wordfence
BulletProof Security
iThemes Security Pro
https://wordpress.org/plugins/better-wp-security/
https://ithemes.com/security/
Now then, we may as well start with one of the most popular security plugins out there.
iThemes Security Pro plugin is one of the easiest security plugins to use thanks to the simple
interface that makes it so easy for even a novice to use.
Once you have installed the plugin it will initially do a scan of your WordPress installation and record
everything into its database. Once you open the iThemes security plugin you are presented with a
list of tasks that need to be performed in priority order. And, nothing could be simpler. Just click the
fix it button against the issue that needs to be resolved and job done.
The plugin offers many features such as
Brute Force Protection Limit the number of failed login attempts allowed per user. If someone is trying to guess your password, they'll get locked out after a few tries. You can even whitelist your own IP, so you're allowed more login attempts
Strong Password Enforcement Set which level of users on your site (admins, editors, users, etc.) need to have strong passwords. This is one of the best ways to secure your site.
Hide Login & Admin Change the default URL of your WordPress login area so attackers won't know where to look. This feature is also great to help clients remember their login link.
File Change Detection If someone manages to get into your site, they'll probably add, remove or change a file. Get email alerts showing any file changes so you know if you've been hacked.
Lock Out Bad Users Keep bad users away from your site if they have too many failed login attempts, a lot of 404 errors or if they're on a bot blacklist.
Database Backups Schedule database backups and have them emailed to you. Or you can get BackupBuddy to step up your backup game. Make complete backups and send them to off-site storage destinations.
404 Detection If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. iThemes Security will lock out that IP after the limit you set (20 errors in 5 minutes by default).
Away Mode Not making changes to your site 24 hours a day? Make the admin area inaccessible during specific hours so no one else can sneak in.
Email Notifications Get email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.
Dashboard Widget Get a quick view of important security stats for your site and easily perform security actions like temporarily whitelisting your IP — without having to navigate to the plugin’s settings.
Online File Comparisons iThemes Security Pro compares changes made to any WordPress core file on your system with the version on WordPress.org to determine if the change was malicious. Plus over 30+ other ways iThemes Security protects your site.
Costs Personal - 2 Licenses - $80 Business - 10 Licenses - $100 Developer - Unlimited Licenses - $150 And then there is the Plugin Suite option that provides you with developer licensing for all of iThemes 20 plugins - $247
All in One WP Security & Firewall https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin One WP Security & Firewall offers similar features to iThemes Security Pro and once again provides an easy interface for novice users to get to grips with things. After installation and jumping into the dashboard you will be presented with a Security Strength Meter and Pie Chart that provide you with a visual indication of how good the security of your WordPress site currently is. Scrolling down you will see a couple of status indicator tables, Critical Feature Status and Maintenance Mode Status which feature toggle switches for each option, list of Locked IP Addresses. To the right there are 2 tables of Last 5 Logins and Current Logged in Users. Other configuration options include:
User Accounts Allows you to change the password, nickname etc. It will also check the strength of your current password and provide you with an option to change it.
User Login This option allows you to control a number of login features such as Enabling Login Lockdown, Max. Login Attempts, Login Retry Period, Length of Lockout etc.
User Registration Allows you to approve new user registrations
Database Security Allows you to change the Database prefix from the default wp_
File System Security Allows you to change the permissions of the folders in your WordPress installation
WHOIS Lookup Provides the ability to do a WHOIS lookup from within the plugin
Blacklist Manager Allows you to blacklist IP Addresses and User Agents
Firewall Provides the ability to enable firewall and Pingback protection
Brute Force Allows you to change the login URL on your WP installation
SPAM Prevention This option allows you to enable a Captcha option on comment forms and Block Spambots from posting comments
Scanner Provides the option to enable real time file change detection
Maintenance Provides the ability to enable the Maintenance facility should you wish to perform any WordPress installation maintenance
Miscellaneous Allows you to disable the "Right Click", "Text Selection" and "Copy" options from your WordPress front end.
Costs FREE
Sucuri Security
https://wordpress.org/plugins/sucuri-scanner/ - Free Version
https://sucuri.net/ - Premium Version Sucuri Security provides complete site security utilising some very unique features. They are one of the best security experts in the field and in addition to their premium services provide a free security plugin. The plugin offers loads of security features Repairing Dirty BlackHat SEO, Distributed Denial of Service (DDoS) Migration, Malware Prevention, Performance Optimization, Malware Scanning and Detection, Website Blacklist Removal and Repair, Security Monitoring, Stop Website Attacks and Hacks, Zero Day Response Mechanism and Platform Agnostic Simple Configuration.
A few features that the Sucuri plugin offers Professional Security Analysts - Employs a team of security analysts around the world to provide you with 24 hours a day, 7 days a week, 365 days a year support Malware Cleanup - If a member of the Sucuri security team finds any malware in your WordPress installation they will remove it and notify you. The plugin also incorporates a number of blacklist engines including Google Safe Browsing, Sucuri, Norton and McAfee Site Advisors and more to monitor your site. If there are any issues you will be notified by email.
Costs There is the free plugin option but if you can afford it and want to secure your WordPress site then I would recommend coughing up for the Sucuri premium service as you receive the following
Basic $199 per year
Pro $299 per year
Business $499 per year
Malware Removal & Clean Up Unlimited Pages
within 12 hours Within 6 hours Within 4 hours
Automatic Scans for Malware & Hacks
Every 12 hours Every 6 hours Every 30 minutes
Blacklist Scanning & Monitoring
Every 12 hours Every 6 hours Every 30 minutes
Block Hackers with Website Firewall
Immediately Every 30 minutes Every 30 minutes
Advanced Denial of Service (DDoS) Protection
Layer 7 Only Layer 7 Only Layers 3, 4 and 7
SSL & PCI Compliance N/A HTTP and HTTPS HTTP and HTTPS
Wordfence https://wordpress.org/plugins/wordfence/ - Free Version http://www.wordfence.com/ - Premium Version Wordfence is one of the most popular WordPress Security Plugins available, not because it is Free but probably because it’s darn good at what it does. Considering it’s free, Wordfence has some really cool features. Example, if one WordPress site running Wordfence is attacked, the attacker is blocked and all other sites also running Wordfence block that attacker. Wordfence is the only WordPress security plugin that provides this kind of real-time distributed protection as it learns from other sites that are attacked.
Wordfence provides a Complete Anti-Virus and Firewall Package for your WordPress Website including Two Factor Authentication, a Firewall incorporating Machine Learning and Tools to help recover from a Hack There is also a premium option which provides additional protection such as Two Factor Authentication, Advanced Comment Spam Filtering, Remote Scans, Country Blocking, Scheduled Scans and Premium Support plus a few others. To find out more go to the Wordfence site and check them out.
Costs The premium option costs $3.90 a month or $39 annually but this buys you some seriously unique
features.
BulletProof Security https://wordpress.org/plugins/bulletproof-security/ - Free Version
http://www.ait-pro.com/ - Premium Version
Finally we have BulletProof Security, a comprehensive security plugin that provides Firewall Security,
Database Security and Login Security through a one click interface.
BulletProof Security limits failed login attempts and blocks security scanners, fake traffic, IP blocking
and code scanners. The plugin constantly checks the code of WordPress core files, themes and
plugins I real-time. Should a detection be found it sends a notification to the admin user. Another
option in its arsenal is a caching feature which optimizes the performance of your website.
The security features also protects your WordPress installation against various vulnerabilities
including XSS, RFI, CRLF, CSRF, Base64, Code Injection, SQL Injection and many others. It also comes
with a built-in file manager for htaccess.
This plugin keeps itself updated with regular updates of new vulnerabilities to keep your website
protected.
Other features include:-
One-Click Setup Wizard - Fast, Simple - One-Click Installation
AutoRestore (IDPS) - Automatic File Restore
Quarantine (IDPS) - Automatic File Quarantine
Real-time File Monitor (IDPS) - Email & Dashboard Alerts
DB Monitor (IDS) - Monitors Database for Changes Email & Dashboard Alerts
DB Diff Tool - Compares DB Backups to Current DB Tables for Differences
DB Backup - Manual and Scheduled DB Backup Hourly, Daily, Weekly, Monthly
Plugin Firewall (IP Firewall) - Protects the WP Plugins Folder, IP Address Updated in Real
Time and Automated Whitelisting in Real Time
Login Security & Monitoring
Brute Force Login Attack Protection
DB Table Prefix Changer
Plus much more, too much to be honest to be covered in this overview.
The plugin keeps itself automatically updated to keep your website protected.
BulletProof Security Setup & Overview Video Tutorial
Cost There are 2 options, free and premium. It costs $59 for the premium version but with this you get
unlimited installs.
How do you keep your site secure? Do you have any tips, plugins, or services you use to keep your WordPress website secure? If you do,
please share them in the comments below.