You might have heard that WordPress site is good when it comes to customization, SEO, usability and speed, but not so good when we talk about security. Many WP sites get hacked daily, and most of them are hacked by people “just for fun”. The worst part is, when you search for tips about securing WordPress, you get a long list of complex stuff, which includes editing your site’s .htaccess file, playing with database and a lot of coding – Not everyone is good with this thing. Therefore, I’m providing you a list of best WordPress plugins for security (almost everyone know how to install a plugin and configure it), which will help you to secure your site without doing any ‘complicated’ stuff plus they are “free of cost”. You may think that only 5 plugins for this purpose? There are articles all around the web, which mention at least 10, 20, 30 or even 50 instead of just “five”. Let me clarify:
1. The more plugins you install, load on server will increase and site’s performance will decrease.
2. Why do you need 10 or 20 when just 5 can do the complete job?
3. Less in number – easier to manage.
4. They are FREE and used by most of the WP users.
[image credit: wordcastnet.com]
Best WordPress Security Plugins:
You may wonder why did I mention it this list? It does not protect your site from getting “hacked”, but it does protect your site from spammers! Akismet is the most popular plugin to filter spam comments and ping-backs on blogs. To use this plugin, you will need to sign-up for your API key and paste it on the configuration page of your admin panel. It will then take care of the spammers – even when you’re not logged in.
Sometimes you may see that it’s putting non-spam comments in spam box. To correct it, just mark those comments as “not spam” manually and Akismet will understand that these type of comments are clean. – Intelligent, right?
2. BulletProof Security:
Personally, I highly recommend this plugin for your site’s security. It basically creates a secure .htaccess file, which contains everything to protect your site from code injection and SQL injection (most common hacking attempt). It also protects wp-config.php and other important files of your website from unauthorized access. It’s highly recommended for your site, especially for WordPress eCommerce Blogs, product/service website and related WP based sites for protection from hackers. Other features include .htaccess file backup/restore, custom code to permanently include in .htaccess, readme.html and install.php protection, default admin username check, file and folder permission check, etc.
You May Also Like: Move WordPress Site To A New Server Without Downtime
3. Login LockDown:
Login LockDown is helpful to block unauthorized access to your admin panel. After a specific number of incorrect login attempts, it automatically blocks the user or IP of the user. You can specify the maximum login retries, retry time period restriction, lockout length and you can also mention if you want to hide the errors on the login screen. The negative part of login screen is that, if you enter correct username and incorrect password it shows “Incorrect password” as an error. This error gives a wrong signal, because the hacker can say that he got half of the thing right, now he only needs the password. With Login LockDown you can hide these errors.
4. Secure WordPress:
This plugin does most of the job in one click, which people do manually and take hours. It hides the plugin directory from being visible for everyone out there by adding a virtual index.php file in your “/wp-content/plugins/” folder. It removes the version of your installation (except in the admin panel). Also, it hides plugin/theme/core update notification for non-admins and blocks any queries that may hard your site.
You may think that this is used to make a backup the database not to secure anything! Tell me, taking a backup of something doesn’t also secure it? You can never say that your site is 100% protected – It’s the harsh truth. It’s always recommended to keep a backup of your website, just in case you need it – sometimes the case may be some error or misconfiguration. Database is dynamic so you need to take a backup every now and then, and doing it manually is nothing but wastage of time and efforts. You probably don’t change website’s files that frequently, so you can do that manually in case of files. I recommend this plugin for database backup mainly because you can schedule the interval and it’ll automatically email you the zipped file on your email address.
What are your best WordPress plugins for security? Do you recommend free or paid ones? Tell us in your comments.