WordPress Security Plugins

When you put up your WP site you want to make sure everyone knows about it. Unfortunately, that also means unsavory characters who want to either spam or attack your site. You must take security equally seriously as you do SEO. Popularity requires secure measures. Here are a few of the best available for WP sites.

WebsiteDefender WordPress Security Download
WP Security Scan and Secure WordPress plugins have been merged into one plugin. It not only deals with security issues, but also backs up your database in case a disaster strikes. In fact, it does not actually take care of the security issues. It merely identifies them and notifies you. In this way, it is a big let down. We do not need an adviser, we need a solution.

Features:

scanning of blog for discrepancies
strong password tool to guard against brute force intrusion
theme scanning for intrusions
removal of many tags and information that provide hackers opportunity

BulletProof Security Download
The main purpose of this plugin is to protect against injections. It alters the .htaccess file, but you do not have to know anything about how to do that. The plugin does it for you. This offers you a level of security outside of WordPress running. The more layers of security you can make for your blog the stronger it will be against attacks.

Features:

one-click security
.htaccess anti-injection security measures
backup and restore selected .htaccess files
website maintenance mode with a single click
turns off database error messages
fast and simple
works only on servers running Apache, namely Linux servers

NoSpamNX Download
This does not use any captcha or JavaScript. Nor does it depend on Sessions and cookies. It works based on additional fields added to your forms, which a user cannot see, but a spambot will automatically and stupidly fill in. So if these invisible fields are filled with something, that comment is marked as spam. This is a truly brilliant approach that surely puts an end to those programs that autofill the fields. However, there are legitimate programs, including plugins for browsers, that autofill fields for us. That is the weak point of this solution. You will kill legitimate users’ input.

Features:

simple installation and configuration
blacklist for phrases, ip ranges, and URL’s
no JS, cookies, sessions, nor captchas
database queries are kept to a minimum, almost none

Antivirus for WordPress Download
Every site needs an anti-virus program guarding it. This one checks your database tables and themes for injections daily.

Features:

admin bar alert for viruses found
many languages
email notification
daily scan
whitelist for false positives

Fast Secure Contact Form Download
Contact forms are necessary on every site and spam is ever present, ready to take advantage of those forms. This is a solution that depends on both CAPTCHA and Akismet. So I would not recommend it, since Akismet is a paid solution for e-commerce.

Features:

autoresponder
no templates
redirect to URL upon completion
block spam attacks
customize the CSS
offer meeting scheduling as well

TAC (Theme Authenticity Checker) Download
TAC checks your theme for authenticity. Every file in your theme is examined. Upon discovery of malicious injections it shows the path to the file and a piece of the code, along with the line number. Some are putting out free WP themes with malicious code embedded. This plugin is intended to locate such aberrations.

Features:

scans files for malicious code in your theme

Login LockDown Download
Put a cap on the number of times any given IP address can try logging in with failures. It puts a halt to brute force attacks. Once the number of failed login attempts has been reached, there is no login available from that IP for a designated period of time. You can customize this period.

Features:

lock out brute force attacks
set maximum logging failure
set time to wait until next log in possible

Wordfence Download, API Key
This is the only plugin you will need to protect against malicious scrapers, trojans, viruses, malware, and fake bots. It even makes a great defense against brute force attack. It can unbelievably repair the core WP files, theme files and plugins as well. The free version of the API Key does everything except scan and repair themes and plugins. So it is only partially free.

Features:

heals core files
repairs plugins and themes
scans comments, posts, pages for malware infected URL’s
reverse DNS on traffic (city level)

Chap Secure Login Download
If you do not have SSL, you can still secure your login process with this plugin. It uses the SHA-256 algorithm. Forget buying an SSL certificate just to secure a login.

Features:

secure login without SSL
SHA-256 algorithm

Bad Behavior Download
It works as a security solution against spammers along side other more traditional approaches. It catches the spammers before they have a chance to do anything. This is an amazing plugin and should be added to your tools.

Features:

identifies the software being used by the spammer and stops them
analyzes the delivery method of the spammer
reduces your site’s load
keeps our logs clean
stops DOS attacks before they happen

The Final Word
There are many ways to secure a WP website. When considering your security, you should look at many solutions and decide which combination gives you the broadest and strongest security. However, you should also remain mindful of how much these measures may slow down your site. A slower site means a higher risk that people will not wait for pages to load. They may abandon your site before seeing it. So weigh the costs and test the options until you find the right combination for you. Then be adamant about your security measures. Never compromise them or you will regret it.

You May Also Like:
Fatal error: Call to undefined function get_related_posts_thumbnails() in /home/ajeet/public_html/wp-content/themes/WhosWho/single.php on line 54