http://chrisvarnom.com/5-of-the-best-wordpress-security-plugins-in-2015/

5 of the best WordPress Security Plugins Author - Chris Varnom at chrisvarnom.com

WordPress as a platform is very secure straight out of the box, however, you will have heard of

WordPress sites getting hacked. I know, because one of my sites was hacked. It wasn’t

chrisvarnom.com it was one of my other sites that forms part of my core business. Luckily, I perform

a full backup everyday of every site so it was back up and running in no time. I will be reviewing

WordPress backup plugins in a later post, so watch out for that one.

To be notified of my latest posts please subscribe to my newsletter and to receive free stuff at

http://chrisvarnom.com/newsletter/

Generally the reasons for the security breaches is lax administration, weak user passwords,

vulnerabilities in plugins or themes and not keeping everything updated as soon as an update is

available.

But pay a thought to the Apple’s and Sony’s of the world, if these blue chip companies are getting

hacked then nothing is totally 100% secure.

I have put together an article that covers 5 of the best WordPress Security Plugins.

Please note there are no affiliate links in this document.

Click the links in the following list to jump to the associated page.

iThemes Security

All in One WP Security & Firewall

Sucuri Security

Wordfence

BulletProof Security

iThemes Security Pro

https://wordpress.org/plugins/better-wp-security/

https://ithemes.com/security/

Now then, we may as well start with one of the most popular security plugins out there.

iThemes Security Pro plugin is one of the easiest security plugins to use thanks to the simple

interface that makes it so easy for even a novice to use.

Once you have installed the plugin it will initially do a scan of your WordPress installation and record

everything into its database. Once you open the iThemes security plugin you are presented with a

list of tasks that need to be performed in priority order. And, nothing could be simpler. Just click the

fix it button against the issue that needs to be resolved and job done.

The plugin offers many features such as

Brute Force Protection Limit the number of failed login attempts allowed per user. If someone is trying to guess your password, they'll get locked out after a few tries. You can even whitelist your own IP, so you're allowed more login attempts

Strong Password Enforcement Set which level of users on your site (admins, editors, users, etc.) need to have strong passwords. This is one of the best ways to secure your site.

Hide Login & Admin Change the default URL of your WordPress login area so attackers won't know where to look. This feature is also great to help clients remember their login link.

File Change Detection If someone manages to get into your site, they'll probably add, remove or change a file. Get email alerts showing any file changes so you know if you've been hacked.

Lock Out Bad Users Keep bad users away from your site if they have too many failed login attempts, a lot of 404 errors or if they're on a bot blacklist.

Database Backups Schedule database backups and have them emailed to you. Or you can get BackupBuddy to step up your backup game. Make complete backups and send them to off-site storage destinations.

404 Detection If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. iThemes Security will lock out that IP after the limit you set (20 errors in 5 minutes by default).

Away Mode Not making changes to your site 24 hours a day? Make the admin area inaccessible during specific hours so no one else can sneak in.

Email Notifications Get email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.

Dashboard Widget Get a quick view of important security stats for your site and easily perform security actions like temporarily whitelisting your IP — without having to navigate to the plugin’s settings.

Online File Comparisons iThemes Security Pro compares changes made to any WordPress core file on your system with the version on WordPress.org to determine if the change was malicious. Plus over 30+ other ways iThemes Security protects your site.

Costs Personal - 2 Licenses - $80 Business - 10 Licenses - $100 Developer - Unlimited Licenses - $150 And then there is the Plugin Suite option that provides you with developer licensing for all of iThemes 20 plugins - $247

All in One WP Security & Firewall https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/ https://www.tipsandtricks-hq.com/wordpress-security-and-firewall-plugin One WP Security & Firewall offers similar features to iThemes Security Pro and once again provides an easy interface for novice users to get to grips with things. After installation and jumping into the dashboard you will be presented with a Security Strength Meter and Pie Chart that provide you with a visual indication of how good the security of your WordPress site currently is. Scrolling down you will see a couple of status indicator tables, Critical Feature Status and Maintenance Mode Status which feature toggle switches for each option, list of Locked IP Addresses. To the right there are 2 tables of Last 5 Logins and Current Logged in Users. Other configuration options include:

User Accounts Allows you to change the password, nickname etc. It will also check the strength of your current password and provide you with an option to change it.

User Login This option allows you to control a number of login features such as Enabling Login Lockdown, Max. Login Attempts, Login Retry Period, Length of Lockout etc.

User Registration Allows you to approve new user registrations

Database Security Allows you to change the Database prefix from the default wp_

File System Security Allows you to change the permissions of the folders in your WordPress installation

WHOIS Lookup Provides the ability to do a WHOIS lookup from within the plugin

Blacklist Manager Allows you to blacklist IP Addresses and User Agents

Firewall Provides the ability to enable firewall and Pingback protection

Brute Force Allows you to change the login URL on your WP installation

SPAM Prevention This option allows you to enable a Captcha option on comment forms and Block Spambots from posting comments

Scanner Provides the option to enable real time file change detection

Maintenance Provides the ability to enable the Maintenance facility should you wish to perform any WordPress installation maintenance

Miscellaneous Allows you to disable the "Right Click", "Text Selection" and "Copy" options from your WordPress front end.

Costs FREE

Sucuri Security

https://wordpress.org/plugins/sucuri-scanner/ - Free Version

https://sucuri.net/ - Premium Version Sucuri Security provides complete site security utilising some very unique features. They are one of the best security experts in the field and in addition to their premium services provide a free security plugin. The plugin offers loads of security features Repairing Dirty BlackHat SEO, Distributed Denial of Service (DDoS) Migration, Malware Prevention, Performance Optimization, Malware Scanning and Detection, Website Blacklist Removal and Repair, Security Monitoring, Stop Website Attacks and Hacks, Zero Day Response Mechanism and Platform Agnostic Simple Configuration.

A few features that the Sucuri plugin offers Professional Security Analysts - Employs a team of security analysts around the world to provide you with 24 hours a day, 7 days a week, 365 days a year support Malware Cleanup - If a member of the Sucuri security team finds any malware in your WordPress installation they will remove it and notify you. The plugin also incorporates a number of blacklist engines including Google Safe Browsing, Sucuri, Norton and McAfee Site Advisors and more to monitor your site. If there are any issues you will be notified by email.

Costs There is the free plugin option but if you can afford it and want to secure your WordPress site then I would recommend coughing up for the Sucuri premium service as you receive the following

Basic $199 per year

Pro $299 per year

Business $499 per year

Malware Removal & Clean Up Unlimited Pages

within 12 hours Within 6 hours Within 4 hours

Automatic Scans for Malware & Hacks

Every 12 hours Every 6 hours Every 30 minutes

Blacklist Scanning & Monitoring

Every 12 hours Every 6 hours Every 30 minutes

Block Hackers with Website Firewall

Immediately Every 30 minutes Every 30 minutes

Advanced Denial of Service (DDoS) Protection

Layer 7 Only Layer 7 Only Layers 3, 4 and 7

SSL & PCI Compliance N/A HTTP and HTTPS HTTP and HTTPS

Wordfence https://wordpress.org/plugins/wordfence/ - Free Version http://www.wordfence.com/ - Premium Version Wordfence is one of the most popular WordPress Security Plugins available, not because it is Free but probably because it’s darn good at what it does. Considering it’s free, Wordfence has some really cool features. Example, if one WordPress site running Wordfence is attacked, the attacker is blocked and all other sites also running Wordfence block that attacker. Wordfence is the only WordPress security plugin that provides this kind of real-time distributed protection as it learns from other sites that are attacked.

Wordfence provides a Complete Anti-Virus and Firewall Package for your WordPress Website including Two Factor Authentication, a Firewall incorporating Machine Learning and Tools to help recover from a Hack There is also a premium option which provides additional protection such as Two Factor Authentication, Advanced Comment Spam Filtering, Remote Scans, Country Blocking, Scheduled Scans and Premium Support plus a few others. To find out more go to the Wordfence site and check them out.

Costs The premium option costs $3.90 a month or $39 annually but this buys you some seriously unique

features.

BulletProof Security https://wordpress.org/plugins/bulletproof-security/ - Free Version

http://www.ait-pro.com/ - Premium Version

Finally we have BulletProof Security, a comprehensive security plugin that provides Firewall Security,

Database Security and Login Security through a one click interface.

BulletProof Security limits failed login attempts and blocks security scanners, fake traffic, IP blocking

and code scanners. The plugin constantly checks the code of WordPress core files, themes and

plugins I real-time. Should a detection be found it sends a notification to the admin user. Another

option in its arsenal is a caching feature which optimizes the performance of your website.

The security features also protects your WordPress installation against various vulnerabilities

including XSS, RFI, CRLF, CSRF, Base64, Code Injection, SQL Injection and many others. It also comes

with a built-in file manager for htaccess.

This plugin keeps itself updated with regular updates of new vulnerabilities to keep your website

protected.

Other features include:-

One-Click Setup Wizard - Fast, Simple - One-Click Installation

AutoRestore (IDPS) - Automatic File Restore

Quarantine (IDPS) - Automatic File Quarantine

Real-time File Monitor (IDPS) - Email & Dashboard Alerts

DB Monitor (IDS) - Monitors Database for Changes Email & Dashboard Alerts

DB Diff Tool - Compares DB Backups to Current DB Tables for Differences

DB Backup - Manual and Scheduled DB Backup Hourly, Daily, Weekly, Monthly

Plugin Firewall (IP Firewall) - Protects the WP Plugins Folder, IP Address Updated in Real

Time and Automated Whitelisting in Real Time

Login Security & Monitoring

Brute Force Login Attack Protection

DB Table Prefix Changer

Plus much more, too much to be honest to be covered in this overview.

The plugin keeps itself automatically updated to keep your website protected.

BulletProof Security Setup & Overview Video Tutorial

Cost There are 2 options, free and premium. It costs $59 for the premium version but with this you get

unlimited installs.

How do you keep your site secure? Do you have any tips, plugins, or services you use to keep your WordPress website secure? If you do,

please share them in the comments below.