WordPress Security Plugins

In this tutorial, we explore different types of WordPress security plugins that help to protect and keep your digital presence secure.

WordPress Security PluginsThis tutorial is part of our tutorial series on WordPress Security. Please also review our WordPress Security Guide For Beginners and our free WordPress Security Checklist.

***

WordPress Security Plugins

WordPress security plugins can perform a range of functions, including:

  • Preventing malicious and unauthorized users from gaining access to your site,
  • Scanning your files for signs of hacking and injections of malicious code,
  • Keeping your site protected and free from potentially harmful content,
  • Content theft protection,
  • and more.

In this tutorial, we explore different types of WordPress security plugins that help to protect and keep your digital presence secure.

Important

Note: Security plugins alone do not provide a complete website security solution. See the tutorials in the WordPress Security training module to gain a better understanding of how security plugins fit into your overall website security plan.

WordPress Security Solutions

Some plugins provide comprehensive WordPress security and protection against a range of malicious and potentially harmful activities. The plugins listed below fall into this category:

WP Site Guardian

WP Site Guardian - WordPress security plugin

(WP Site Guardian – WordPress security plugin)

WP Site Guardian is a ‘must-have’ security plugin for all WordPress users. It is a proactive anti-exploit plugin that monitors & blocks hackers based on behavior.

When any suspicious activity is detected the visitor IP is instantly blocked and the hacker is banned. This prevents the exploit from executing and also shuts down all further hacking attempts. By eliminating the exploit and the bad user, the risk of your site getting hacked is greatly reduced.

The plugin records and keeps a log of all attacks …

WP Site Guardian - Attack History

(WP Site Guardian – Attack History)

And emails you notifications about suspicious activities …

WP Site Guardian - Email Alerts

(WP Site Guardian – Email Alerts)

This is the only plugin on the market that offers active protection against current and future exploits as it looks at visitor behavior rather than the attack code and the only security tool for WordPress that provides real time intrusion detection, live exploit attack blocking and intruder attempt notifications.

WP Site Guardian blocks the 4 biggest attack vectors

(WP Site Guardian blocks the four biggest attack vectors)

This plugin blocks the four biggest attack vectors (Header injection, XSS injection, SQL injection, and Directory Traversal) and protects against most common hack types like:

  • EXPLOITS (92% of direct hack attacks) – Badly written plugins/themes allow a hacker to execute a command/script that gives them control of your site. Most popular security plugins & services don’t offer any protection against this.
  • BRUTE FORCE ATTACKS (8% of direct hack attacks) – Multiple attempts to guess your username/password & take control of your site. Most popular security plugins & services are good at blocking this attack but can’t deal with new amplified XMLRPC attacks.
  • DDOS – (Distributed Denial Of Service i.e. “break the site” hack attacks) – This is where hackers attempt to flood your site with too many requests so your server falls over. Plugins can’t deal with this attack … you would need to use a third party service like Cloudflare or bespoke hardware protection.

Michael Thomas & Chris Hitman, specialists in IT/security and the plugin developers found that some of the best security plugins were completely ineffective against exploits. In fact, they even managed to hack sites with Cloudflare & cache running and have posted a video on their website that shows this.

WP Site Guardian protects your site against most security exploits and attacks

(WP Site Guardian protects your site against most security exploits and attacks)

We highly recommend installing this security plugin on your WordPress site.

help To learn more about this plugin, visit the site below:

redarrow WP Site Guardian

WP Shields-Up

WP Shields Up - Stealth WordPress Security Plugin

(WP Shields-Up – Stealth WordPress Security Plugin)

Many newbie hackers use low sophisticated methods like scanning websites for vulnerabilities and deploying basic exploits to take control. many of these methods can be deployed as easily as looking through your site code to see what themes or plugins your website is running and downloading free scripts that can take advantage of known vulnerabilities and help them break into the website.

By default, this information about WordPress is available for anyone to see ...

(By default, this information about WordPress is available for anyone to see …)

WP Shields-Up is a ‘stealth’ security plugin that hides your WordPress site from hackers and bots by disguising information about WordPress that is normally visible to users, such as what WordPress themes and plugins are installed on your site, what version of WordPress you are using, etc.

WP Shields-Up hides WordPress information from online scanning tools!

(WP Shields-Up hides WordPress information from online scanning tools!)

Once installed, WP Shields-Up performs a number of security fixes on your site, including:

  • Blocks direct access to PHP Files
  • Disables Directory Browsing
  • Removes “Tell Tale” elements of WordPress
  • Moves and hides login areas
  • Hides information about WordPress plugins and themes
  • and more.

WP Shields-Up automatically performs a number of security fixes on your site

(WP Shields-Up automatically performs a number of security fixes on your site)

WP-Shields-Up performs one-click security fixes automatically and can be easily installed and enabled on your WordPress site.

help To learn more about this plugin, visit the site below:

redarrow WP Shields-Up

BulletProof Security

BulletProof Security Plugin For WordPress

(BulletProof Security WP Plugin)

BulletProof Security is designed to be a fast, simple and one-click security plugin that adds comprehensive website security protection for your WordPress site.

Tutorial

We have created a separate tutorial for this plugin.

help To learn how to install and use the BulletProof Security plugin, see the tutorial below:

redarrow BulletProof Security Plugin

SecureScanPro

SecureScanPro - WordPress Security Software

(SecureScanPro – WordPress Plugin)

Many WordPress plugins address some but not all areas of WordPress security. One WordPress security plugin that seems to do a comprehensive job of scanning, fixing and preventing issues that could lead to hackers accessing your site files and damaging your site is SecureScanPro.

SecureScanPro is easy to install and easy to use and does a great job of addressing most of the security areas and fixing the issues that WordPress users need to address.

help To learn more about this plugin, go here:

redarrow SecureScanPro

Ultimate Security Checker

Ultimate Security Checker WordPress Plugin

(Ultimate Security Checker Plugin For WordPress)

The Ultimate Security Checker plugin identifies security problems with your WordPress Installation. It scans your blog for hundreds of known threats, then gives you a security “grade” based on how well you have protected yourself.

tutorial

We have created a separate tutorial for this plugin.

help To learn more about this plugin, see this tutorial:

redarrow Ultimate Security Checker

Acunetix WP Security

Acunetix WP Security WP Plugin

(Acunetix WP Security)

The Acunetix WordPress Security plugin is a free and comprehensive security tool that scans your WordPress installation for vulnerabilities and suggests corrective measures for weak passwords, secure file permissions, database security, version hiding, WordPress admin protection and more.

help To learn more about this plugin, go here:

redarrow Acunetix WP Security

WordPress Brute-Force Attack Protection Plugins

Brute-force attacks on your site attempt to guess your login information by simply trying to log in over and over again. Since this is usually done by automated software, the attack can be very persistent and cause widespread damage …

WordPress Brute-Force Attack Protection

Protecting your WordPress site from brute-force attacks is one of the most important security precautions you can take.

tutorial

We have created a separate tutorial on plugins that prevent brute-force attacks and unauthorized users accessing your WordPress administration area.

help To learn how to protect your WordPress site from brute-force attacks using plugins, see the tutorial below:

redarrow WordPress Brute-Force Attack Protection Plugins

WordPress File Protection Logins

The plugins listed below will alert and notify you if any of your site’s files have been modified without permission or authorization:

WordPress File Monitor Plus

WordPress File Monitor Plus Plugin For WordPress

(WordPress File Monitor Plus WordPress Plugin)

This plugin monitors your WordPress installation for added, deleted, or changed files. When a change is detected an email alert can be sent to the email address you specify.

help To learn more about this plugin, go here:

redarrow WordPress File Monitor Plus

Exploit Scanner

Exploit Scanner Plugin For WordPress

(Exploit Scanner WordPress Plugin)

Exploit Scanner can help detect damage done to your site so that it can be cleaned up. This plugin searches the files on your website and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

Exploit Scanner does not remove anything from your site. It only presents the results so you can decide what action to take.

help To learn more about this plugin, visit the site below:

redarrow Exploit Scanner

Antivirus For WordPress

Antivirus - WordPress Plugin

(Antivirus Plugin For WordPress)

Antivirus protects your WordPress site against exploits and spam injections. It will scan your theme templates for malicious injections automatically, every day.

help To learn more about this plugin, go here:

redarrow Antivirus For WordPress

WordPress Content Protection Plugins

The plugins listed below will help to prevent and protect your web content from being stolen:

CopyFeed

Copyfeed Plugin

(Copyfeed Plugin)

This plugin helps to identify content theft from your site. It works by extending your content feed with unique identifiable content that automatically gets added to every post in your copyright notice. Additionally, you can add an identifiable “digital fingerprint” and the IP of the feed reader.

The plugin can then be configured to scan search engines in order to find possible content theft. The feed can be also be supplemented with comments and topic-relevant content.

help To learn more about this plugin, go here:

redarrow CopyFeed

WordPress Data Backup Plugins

Backing up your database and files on a regular basis is an important part of the process of keeping your WordPress site content protected.

tutorial

We have created a separate tutorial on WordPress plugins that automate WordPress data backups.

help To learn how to automate WordPress data backups, see the tutorial below:

redarrow WordPress Backup Plugins

WordPress Spam Protection Plugins

Spam has traditionally been viewed as more of an inconvenience than a security risk.

It can be argued, however, that spam does indeed pose a security risk for online users. For example, spam comments left on WordPress sites can send visitors to sites infected with malware. These sites can then use sophisticated ‘phishing’ methods to deceive users into downloading files containing viruses, worms and other malicious code that can turn their computers into ‘slave devices’ for hacker bots, which then multiply and increase the frequency of attacks and security exploits worldwide on websites.

Spam can thus be considered to be a security threat, and for this reason, we are including the anti-spam plugins below:

Akismet

Akismet WP Plugin

(Akismet WordPress Plugin)

Akismet is the anti-spam program that comes pre-installed with WordPress. All it requires is activation. To activate Akismet, you will need to get an API key, which is an access code you can download for free from WordPress.org.

Once activated, Akismet will filter out your spam comments and send them directly to the trash. This plugin is extremely effective at dealing with spam.

Note: Akismet is free for most users (sites that make less than $500/mo are considered “personal” use), but there’s a charge for high traffic profitable blogs (“business” use).

help To learn more about using Akismet to prevent spam in WordPress, see the tutorial below:

redarrow How To Prevent Spam In WordPress

Bad Behavior

Bad Behavior Plugin For WordPress

(Bad Behavior Plugin For WordPress)

Bad Behavior blocks link spam and the robots which deliver it.

Thousands of sites both large and small use Bad Behavior to help reduce incoming link spam and malicious activity.

Bad Behavior complements other link spam solutions by acting as a gatekeeper. Not only does it prevent spammers from delivering junk,  in many cases it even prevents them from ever reading your site, delivering instead an error message like the one shown below …

Bad Behavior - WordPress Security Plugin

(source: Bad Behavior plugin site)

In addition to offering the basic spam-blocking features, the Bad Behavior plugin also helps to improve your site’s load time, makes your site logs cleaner, and can help prevent denial of service conditions caused by spammers.

Bad Behavior also works differently than other link spam solutions. Instead of merely looking at the content of potential spam, Bad Behavior analyzes the delivery method as well as the software the spammer is using. In this way, Bad Behavior can stop many spam attacks coming from new spamming methods …

Bad Behavior

(source: Bad Behavior plugin site)

Bad Behavior is designed to work alongside existing spam prevention services to increase their effectiveness and efficiency. Whenever possible, you should run it in combination with a more traditional spam prevention service.

Installing and configuring Bad Behavior is very simple and takes only a few minutes. In most cases, no configuration at all is needed. You can simply install and activate the plugin, and you’re done. Bad Behavior will then automatically protect your posts, pages, and feeds from spam.

Plugin installation and usage documentation can be found here.

help To download this plugin, visit the site below:

redarrow Bad Behavior

Warning

Note: Because Bad Behavior blocks anything it suspects to be spam, the plugin has been known to create conflicts and issues with other plugins, and to block other sites that need to access your site (e.g. Google search engine spiders). Use this plugin with caution, and if you suspect it is causing issues for you, disable it and contact the plugin software developer.

Additional WordPress Security Plugins

You can search for more WordPress security plugins inside your WordPress dashboard (Plugins > Add New), or the WordPress Free Plugin Directory …

WordPress Plugin Search - Security

(WordPress Plugin Search – Security)

help Search the WordPress Plugin Directory for security plugins below:

redarrow WordPress Security Plugins

We hope that you have found this tutorial on WordPress security plugins useful. We suggest going through the individual plugin tutorials in this section and installing one or more plugins to keep your WordPress site secure and protected from a host of potentially harmful and malicious activities.

WordPress Security Plugins

(Source: Pixabay.com)

***

"Wow! I never knew there's so much to learn about WordPress! I bought one of the WordPress for Dummies three years ago, such authors need to be on this course!" - Rich Law, Create A Blog Now

Disclaimer: We have no direct association with WordPress, Automattic, or any products reviewed on this website. We may derive financial benefits from the purchase of any third-party products and/or services advertised on this site. All images remain the copyright of their respective owners and have been used only for illustrative or training purposes.

Landing Pages for WordPress

***

Did you enjoy this post? If so, please use the social buttons below and share this post with others who could benefit from WordPress.

Author: Martin Aranovitch

Martin Aranovitch is the founder of WPCompendium.org and has authored hundreds of FREE WordPress tutorials for beginners. WPCompendium.org provides detailed step-by-step tutorials that will teach you how to use WordPress with no coding skills required and at minimal cost!

Originally published as WordPress Security Plugins.