Best Security Plugins For WordPress – Improve WordPress Security

Some of you may already know the importance of keeping your WordPress business site as secured as possible. Sadly there are many reasons why your site can get attacked and it could come from a simple “hacker” that just do it for the sheer fun or, those deliberate attacks that are aimed to do your site some harm.

Obviously, there is simply no way that you can “bulletproof” your WordPress sites security to 100%, nonetheless, the more “counter-measures” you have in place, the less likely you will have to deal with potential problems in the future. Just think about it. All your hard work down the drain and your online business shut down instantly. Won’t happen to you? Hopefully not, but if it does, be prepared. Its not pretty. I know, it already happened to some of my sites and yes, more than once.

[note]May 2013: The recent botnet attack on websites running WordPress hasn’t had much impact — yet, but its likely that these attacks will continue, as there are way too many vulnerable sites out there. If you have not yet taken steps to secure your site, now would be a good time as ever. Read below all of my recommendations and apply them. Better safe than sorry.[/note]

What I want to share with you today are some of those “counter-measures” and WordPress security plugins that can help you “make the job” of an attacker a bit more difficult. Hopefully, if they try to attack your site and find it too difficult to break-in, they will leave and find another that is more vulnerable.

Here we go.. simple steps that you can do now to increase your WordPress site’s security, in case you still don’t have anything in place.

Backup Your WordPress Site Regularly

For so many reasons, backing up your WordPress files should be done on a regular basis, and even more so, before making any changes, such as upgrading WordPress software, your theme, a plugin, etc..

– btw, you should always keep your software and plugins updated.

This is the best “security” that you can have, period. There are many ways you can do this and for the sake of keeping this short, just do a research and see what suits you best. In my case, I do a manual backup every 15 days. Yes, it is tedious, but it gives me a peace of mind. Just use an FTP program and copy the “entire” folder. If it is too big, perhaps, backup only the most important sections of your WordPress site (e.g. database, etc).

On a side note, find out if your hosting provider has some sort of “backup” facility. Most of them do and as an example, my web hosting company, among other things, provides me with a “full” backup and restore service for a mere $12 a year. They work well and I have used the service already to restore some sites that were hacked. Very valuable service if you ask me.

Create Strong Passwords

Oh yes, passwords. Make them as strong as possible. Combine letters (upper and lower cases), numbers, symbols and try to go over at least 12 characters. WordPress allows you to create a password up to 64 characters long (did you know that?). Anyway, here is an article I wrote sometime ago, but it is totally applicable up to today – How To Create Strong Passwords?

Scan Your Site For Malware, Out-Of-Date Software and More

Scanning for malware presence on your website among other things should be first on your list. Knowing upfront if your site has already bugs in them, would certainly make your job easier to fix the issues and protect yourself. One of the best web-based and free malware scan checks I know of is Sucuri SiteCheck. All you need to do is enter your URL and the Sucuri SiteCheck scanner will check your site for malware, blacklisting status, and out-of-date software.

Checked for iBlogZone and woohoo.. for now I am on the clear ๐Ÿ™‚

Securi Malware Site Checker

As you can see, Sucuri SiteChecker verifies your site for a lot of possible problems and know that it is clean and not blacklisted gives your site a boost in trust for your visitors. Sucuri has premium services where you can sit back and relax, if your site is hacked. They will do all the “hard stuff” (the cleaning) for you, and it is a good way to go if you are not comfortable with “messing” with your codes, htaccess, and all that tech stuff.

UPDATE 09/2012: Added VirusTotal. This free tool, recently acquired by Google may be of interest to you.

VirusTotal – is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware. Recently acquired by Google, this free tool can help you detect (if any), suspicious files may be affecting your site.

VirusTotal Security Scanner

Are You Using Free WordPress Themes and Plugins?

Yep, free WordPress Themes and plugins are great, but some may contain possible malicious codes and provide backdoors for potential exploits. WordPress plugins even if they are on the WP repository, may contain problems. This is particularly true for those that are not updated for a long time, so among other things, it is a good indication for you to avoid them. Look at the ratings, users feedback for possible problems.

In addition, many Themes and plugins (including premium) rely on the TimThumb script and this has been known to seriously hamper your WordPress security. Please read this article from JustAskKim to find out about the TimThumb vulnerability and how to fix it (very important).

For free WordPress themes, make sure you run TAC (theme authenticity checker – old but good) to scan for possible malicious codes and read – Free WordPress Themes, Facts You Need To Know.

You can also install the Ultimate Security Checker Plugin that will help you identify security problems with your WordPress installation. This plugin scans your WordPress site and gives a security grade based on passed tests.

OK, then. Now that you have some security stuff already in place, here are just three WordPress security plugins that I strongly recommend you to install. If you have one, good, if not, install it now.

Note: You may want to install only one of them. Choose which one works better for you. Login Lock is lightweight and does not hamper performance, while Better WP Security may be a bit advanced for some users. Powerful though, if you are really security conscious.

NOTE: Due to the increased attacks and the current state of vulnerable WordPress sites, a new premium plugin was launched by Jonathan Green (security expert). While his plugin is not free (as the other below), it covers and fixes all your vulnerabilities in virtually less than 5 minutes. OK, 10 mins depending on how fast your internet connection is. The single license is only $7 and if you feel that your site is not worth that money, then read on. If you are curious though, click here (aff) and decide. If you have a plugin that disables login attempts, please be aware that it is not enough as these recent attacks are being made via more than 90.000 rotating IPs.

WordPress Security Plugins

Better WP Security – Almost an “all-in-one” security plugin for WordPress. This plugin takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.

Better WordPress Security

Some Features (so many).

  • Scan your site to instantly tell where vulnerabilities are and fix them in seconds
  • Remove the meta “Generator” tag
  • Removes login error messages
  • Change the urls for backend functions including login, admin, and more
  • Create and email database backups on a schedule using wp-cron
  • Ban troublesome bots and other hosts
  • Completely turn off the ability to login for a given time period (away mode)
  • Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  • Display a random version number to non administrative users anywhere version is used (often attached to plugin resources such as scripts and style sheets)
  • Remove theme, plugin, and core update notifications from users who do not have permission to update them (useful on multisite installations)
  • Remove Windows Live Write header information
  • Enforce strong passwords for all accounts of a configurable minimum role
  • Detect attempts to attack your site
  • and, as I said, many more
6Scan Security (new kid on the block) – Provides automatic protection for your WordPress site against threats. The scanner goes beyond the rule-based protection of other WordPress security plugins, employing active penetration testing algorithms to find security vulnerabilities. These are then automatically fixed before hackers can exploit them.
6Scan Security WordPress Plugin
Main features:
  • SQL Injection
  • Cross-Site Scripting (XSS)
  • CSRF
  • Directory traversal
  • Remote file inclusion
  • Several DoS conditions
  • And many more, including all of the OWASP Top Ten security vulnerabilities.

[note]Update March 2013: Google has just released their “Help For Hacked Sites” section and it is really worth checking out, in case you need it (hopefully not). [/note]

Help for hacked sites: Overview

Login Lock (update 25/10/2012 – Plugin removed from WP repository) – Enforces strong password policies; provides emergency lockdown features; monitors login attempts; blocks hacker IP addresses; and logs out idle users. This plugin is very good and more so if you have multiple registered users on your site.

WordPress Security Login Lock

Main features include:

  • Enforces strong password selection policies.
  • Monitors login attempts.
  • Blocks IP addresses for too many failed login attempts.
  • Lets you manually unblock IP addresses at any time.
  • Lets you forcibly log out all users immediately and require that they all change their passwords before logging back in.
  • Lets you forcibly log out idle users after a configurable number of minutes.
  • and more…

One of the things I like best about this plugin is the “emergency lock down” feature. Login Lock provides an emergency “panic button” that, when used, immediately logs out all users, resets all user passwords to a random value, and sends each user an email message informing them that they must change their password before logging back in to your site. Cool and its 100% free via the WP repository (must have).

[note]Update June 2012: Login Lock is a great plugin, but under certain conditions it may cause a redirection loop, so if you are experiencing this problem, delete the plugin and install either Better WP Security or 6Scansecurity[/note]

That’s it! How well do you have your site secured? Do you even have something in place? Anything you feel that I missed? Please let me know.

Sucuri Security

Image credit: mashable.com

DiTesco

DiTesco is a Business and Inbound Marketing Consultant, and founder of iBlogzone.com. iBlogzone's main objective is to help startups and small business owners achieve success in their online ventures. | More About Me and my Digital Marketing Services in SP Brazil.

88 thoughts on “Best Security Plugins For WordPress – Improve WordPress Security

  • Hi Francisco,

    How important is to try to minimize the risks of faulty plugins, hacks and bad codes inserted under-covered.

    Still finding new plugins to explore just in case I need other options like Login Lock and Better WP Security. I’ll have in mind both.

    I use Limit Login Attempts, but I see is less complete than Login Lock. Anyway, is shocking to see how many attempts trying to enter through the front door.

    Not long ago my site was broken for a security plugin and more recently, apparently tweet old post and W3TC corrupted my theme, then I needed to start my layout again.

    I’d add to install a WordPress Firewall and again, every now and then, you see outrageous attempts to enter to site too.

    Great article, I’ll bookmark it for future reference on delicious and other bookmarking sites.

    Cheers,

    Gera

    • Hi Gera. I know what you mean when you say “too many attempts” via the front door ๐Ÿ™‚ Actually most of the time, some “smaller” type offenders does that and Login Lock should do the trick.

      As for the firewall, it was giving me too much problems with my own plugins and had serious compatibility issues so I had to take it down. CloudFlare does a pretty good job for boosting security and does serve as a “firewall” in itself. Thanks for leaving your thoughts.

    • This is a great list of things to do to secure your WordPress site…

      I recently had some security problems with my WordPress sites, and ended up doing a lot of research into securing WordPress sites…

      I have now written up my experiences in a WordPress Security Checklist which can be downloaded for free on http://www.wpsecuritychecklist.com.

      My checklist has a few more items and detailed steps for how to get the job done.

      Hopefully the checklist can help other people securing their WordPress sites…

      • Thanks Anders for the checklist. Just downloaded it and later today, I will be going over it. I’m sure there’s a lot of hidden gems in there ๐Ÿ™‚ BTW, just a heads up, I am not sure if it was your intention to “build a list” by providing that checklist. If that is the case, perhaps you can “create a thank you page” with the link to download it. Right now, anyone can download it without having to “optin”. I think that it is just reasonable to ask users to subscribe to your newsletter ๐Ÿ˜‰

        • Hi DiTesco – thanks for the list building tip… I will surely experiment with that… for now I just want to get the checklist out to as many people as possible ๐Ÿ™‚

  • I totally agree with you that you should really create strong passwords.
    WordPress is prone to hackers and website security breach.
    Passwords and other security plug-ins really help.

    Blessings!

    • Hi Jessica. Strong passwords really can make or break a hackers motivation when attempting to attack your site. This is why it is really important to not only have strong passwords (very strong actually) and whenever possible, changing it regularly. Thanks for stopping by and sorry for the late response

  • DiTesco recently all my blogs and book-marking sites were hacked with a malware. Luckily I backed up my data, that I could get my sites back up again. Love the post on security for blogs.

    • Hi Eddie. When something like that happens, it ain’t a good picture and I totally stressed out the first time t happened. Like you, fortunately I had a full backup and got the site up and running and no time. BTW, when that happened to you, what caused the trouble. Was it a plugin, the theme or was it just someone who managed to login your site or server?

  • Hi Francisco,

    Just spent the last 20 minutes installing Ultimate Security Checker and improving my security. Excellent plugin – thanks for sharing.

    Now going to use on clients sites as well.

    Andrew

    • HI Andrew. Yep, win/win. You get your clients sites a bit more secured and you get to minimize your own problems when having to deal with possible hacks from their sites. Maybe, you can “charge” a bit extra, or increase your relationship with them ๐Ÿ˜‰

      Anyway, glad you found UC helpful.

  • I find your post very useful Ditesco. Thanks for sharing this kind of security plugins. I also had a bad experience about hackers and I’m learning to it. Finding a good security plugins so that I may protect all my data. I do agree with the statement jessica about creating a strong password for our WordPress. We can’t deny it that this is prone to hackers. I will look forward to install this Ulitimate Securuty Checker.

    • Hi Farrel. Sorry for the late response. String passwords are among other things one of the best ways to protect your site. Sadly there are people who insists in using weak passwords and that can be a problem. UC is a great plugin and works well. Have you installed it yet? What do you think?

  • Thanks for sharing these, I’ve been looking to improve on security lately because I have more and more customers that need it and I’m trying to read up on as many options so I can know what I’m talking about when speaking with them.

    • Hi Jamie. These security measures and plugins can really help to “boost” just about any site that runs on WP. Hope you and your clients will find some of them useful. Thanks for stopping by

  • Couldn’t agree more that Better WP-Security is a really good plugin that has essential features.

    • Thanks Ricardus for your input. Better WP is actually one of my favorites ๐Ÿ™‚ Sorry for responding too late. All the best

      • No problem. Anyways do check out our domain promotion. I hope you won’t be too late to receive this news though.

  • These are great plugins and suggestions thank you. These things are always being updated and improved upon so it can be tough to keep up on the latest and greatest so thank you.

    • Thanks for stopping and you are welcome ๐Ÿ™‚

  • I prefer BulletProof Security as this plug-in is loaded with great features, but it is not for novices.

    • Hi Frank. I agree that BPS is a great plugin too and while it is free, you are right, I think that it is not for novices. Perhaps when a user is more familiar with htaccess, 64code, sql injections and all that tech holahbaloo, then this may be a good and more advanced alternative. Thanks and all the best

  • One of the most secured hosting sites for a websites is wordpress, it is proven and tested already because im a wordpress user since i was in college.

    • Hi Pepito. Yep, WordPress does a good job in providing some security but sadly it it is not enough and improving your sites security can avoid or at the very least discourage an attackers attempt.

  • I have been very surprised at how many “failed login attempts” have occurred since I installed a plugin to stop it. I thought I would receive enough traffic to have this happen, but it does almost daily.

    • Some people think that only “big” sites are prone to attack. Actually that is not the case as normally large websites has higher level of protection. They will probably be on a VPS or a dedicated server, have constant monitoring, etc. The fact that you have not noticed anything in traffic does noe mean that those bots are constantly trying to attack your site.

  • Hi DiTesco,

    Key to have the security side of things down, and you always do ๐Ÿ˜‰

    I am due for a back-up myself. Scheduling it makes all the difference in the world.

    Thanks for sharing with us!

    Ryan

    • No doubt Ryan. Security is something that most of us fail sometimes to give more attention to, but it is extremely important. As for your backups, well, time to go and do it, don’t leave it for later, because that in itself can already be too late ๐Ÿ˜‰

  • I have used the Login Lock plugin and I find it very handy. The best feature for me is the forced log out for idle users.

  • Hi Di,

    Thanks for posting this you remind me to back-up my stuff. lol because of laziness I stop back-upping my stuff.

  • These all are a great tips to protect our sites from hackers.we should make a strong password and regularly update our sites.

  • Great blog, this is really what people should read, there is millions of unuseful blogs about WordPress plug-ins shooting their advices and tips. Keep doing a awesome job.

  • Excellent posting but I already had Better WP Security and I still got screwed as my server got hacked so it is recommended to have the backup always. Indeed you can lower down the risk by implementing on these tips.

    Its better to have a plug-in who takes auto backup ? what do you guys think?

  • Since I am a newbie to wordpress, your security plugins and advice are very helpful to me. I installed Login lock to my wordpress blog.

    Thanks for sharing.

    • You are welcome and good luck with your site ๐Ÿ™‚

      • Thanks for Replying me. Now I am a regular reader of your blog.

  • WordPress security is really important, I use BackupBuddy to take my backups but some hosting provider do provide good rates on backup plan. I would still like to take these things in my hand…

    • Hi Sanjeev. You are so right. Making backups on your own is very important and highly recommended. Never know what could happen to those “automated” services, which for all purpose, while less likely, can also have problems..

  • Theme authenticity checker is a great plugin. I always use TAC to find hidden URLs and some risky scripts that always find with free themes..

    • That’s a wise thing to do Ramnadh. Free themes are great and they are all over the place. It is always good to check them first before using it. Always pays off

  • hello Mr. DiTesco,

    Happen to see your blog comment on the we blog better blog, and wanted to drop you a line. you have an awesome post here about [WordPress security plug-ins]. just wanted to give you a shout out and say “keep doing your thing in blogging”, because your blog posts are awesome. Shouts out to Mr. DiTesco, for being a helpful servant fellow bloggers and online marketers, by way of sharing good solid information in your blog posts. Keep up the good work and please know you are welcome anytime to stop by the site ๐Ÿ™‚

    • Thanks. It is people like you who keep me going… ๐Ÿ˜‰

  • I totally agree with you that you should really create strong passwords.
    And i would like to try Login Lock .
    Thanks for the nice list DiTesco.
    ~ Amit Shaw

    • Hi Amit. Yep, I won’t speculate on statistics here, but I am betting that a large % of hacked sites are due to weak and poor passwords. That is the very first thing that attackers attack ๐Ÿ™‚

      So, have you installed login lock yet? How it is going?

      • Yes you are right and this week almost 9 Sites got hacked not only sites Even Gmail Accounts also.
        I got the news from my Facebook Frnds. When i asked them that what about password.
        Reply is as same only Character :).

  • I tried to install ‘Better-WP-Security’ and it crashed my site. I don’t know if I did something wrong or not but I had to re-fresh my database and delete plug-in.

    Did anyone else have this problem?

    • Hi Tony. As far as I can tell, I have not yet heard from anyone that had similar problem. As a matter of fact I have a test site that uses all three plugins at the same time and it is working just fine. the only thing that I can think of is that there is some sort of incompatibility with your theme or some other plugin you have installed. I noticed that your login has a captcha code.. Did you disable that first? Maybe it is better to replace that with login lock?

  • Hi Francisco,

    Thanks for the information you’ve included in the post. I’ve been over and scanned my blog and got the all clear, which is excellent news ๐Ÿ™‚

    We can never be 100% secure but we sure should try to be as best we can. I’m forever checking mine just to be sure.

    I do have a few security plugins activated but haven’t tried the ones mentioned here yet.

    You make some very good points in the post. I use a free theme and when I installed it i noticed a foreign link at the bottom. Thinking I had been hacked I spent the best part of 2 days trying to resolve it with my hosting company assisting me.

    I emailed the theme creator but didn’t get a reply until i mentioned upgrading, at which point they made contact and confirmed the link was their link which they place on every free theme.

    Thanks again for an excellent post Francisco.

    Barry

    • Hi Barry. Got you got that “strange” link at your footer sorted out. Unfortunately, you got the developer attention only after you mentioned “upgrade”.. haha, magic word. It worked though and yes, most free themes do include those “credit” links. Often times they are OK, but you should be careful because there are links that sometimes point to “adult” related sites and you don’t want a link pointing to bad neighborhoods. Anyway, glad you found these plugins useful. Anyone in particular that you have already tried? How’s it going?

      • I did indeed mention the magic word that worked Francisco, ha ha ๐Ÿ˜‰

        I have the following security pugins that work really well, Limit Login Attempts, WordPress File Monitor, WordPress Firewall, WP Security Scan and to check my plugins are secure I use WP Plugin Security Check.

        The Limit Login Attempts has blocked hundreds of attempts so far, it really is fantastic ๐Ÿ˜€

  • Are you finding any issues with Login Lock. I noticed it has several broken reports and people commenting on issues. The alternatives however like Limit Login Attempts and Login Lockdown are out of date so not sure which is best.

    Also, have you used or heard anything about Website Defender’s security services (not their plugins)? I browsed through their website and it looks like they do a lot but it’s still in beta and it doesn’t look like they do clean up like Sucuri if you do get hacked.

    Speaking of Sucuri, how are they for preventative measures? I see that their service monitors your site and they also provide a premium plugin that has some features I don’t know about. If their preventative measures are on par with the competition that might be the way to go since they also handle cleanup if something does go wrong.

    Thanks, great post by the way…

    Shawn

    • Hi Shawn. I have Login Lock installed on all my sites and clients too, and so far I have not noticed any issues with the plugin. Since I installed it, I noticed that I have been receiving some notifications from “failed login” attempts. Guess it is doing what it says it does ๐Ÿ™‚

      As for Website Defender, I have not yet had the pleasure to test them out and as a preventive measure, I have been using Site Lock for some time now. It works well, specially when there is a “malicious” link left by a bot or spammer. Sucuri’s preventive measure is among other things the site scan. Scanning for your site regularly will ensure that you are clean…

      • Awesome, thanks for the tips. I noticed the same thing on my site with login lock. It seems almost everyday it blocks login attempts. I had no idea there were so many attacks going on, it’s kind of ridiculous really ๐Ÿ™

        Speaking of spam comments I also had the pleasure recently of encountering a comment on my site through disqus. I clicked on their username not knowing it was a live link to a website and my pc was infected with viruses. I then had $1,500 stolen from my bank account over the next 3 days…

        A couple questions about Site Lock

        1. Which package do your run?

        2. Do you know if Sitelock provides repair services as well in case something does happen, like Sucuri?

        Thanks!

        • Wow, I am so sorry to here that you have been a victim of a virus. Curious how it was setup, and via disqus… That’s really something I have not heard before. So to show you that SPAM comments could be “dangerous”.

          Anyway, the service I have with sitelock is basic. It monitors my site 24/24 and sends me notifications in case they identify a bug somewhere. Most of the time, all problems are easily fixed (malware links, redirects, etc.), so I do it myself. I do know that they can do it for you, but I have no idea if it is good or bad and how much it cost. I am sure that you can find more info on their site. Anyway, the notification service is good and it works well.

  • Protect your website by implementing simple but effective #WordPress security tips http://t.co/HWHfdUKj via @ditesco

  • Hi Francisco,

    Apart from the paid options, is there any free wp plugin that could do the job well (backup + restore) in an not so complicated way?

  • Best WordPress Security Plugins 2012, Protect Your Online Business: http://t.co/6UjRKg8n

  • Hey there, thanks for the tips, I’ve used a couple of others of yours when trying to get through the wordpress plugin and other issues.

    I’ve looked at some of these, especially the “Better WP Security”, and my concern is with the functioning of my website and all the plugins I have installed.

    WP Sec for example changes file urls, etc., so wouldn’t that effect my plugins that also use those files? For example, I have captcha and human checks, and white labeling, etc. type plugins working on those files, won’t this plugin cause those things to not work???

    Thoughts?

    • Hi. Better WP Sec does warn you that making changes may impact or cause some weird behavior on other plugins. This is why it is better to use it on new sites and/or make only changes that will not affect URLs. If you are concerned about it, which I think is wise, just use Login Lock or use only some specific features on Better WP Sec, like brute force attack.

      • Ya, that’s what I thought…. Thanks. Might have to just try it and hope for the best. ๐Ÿ™‚

  • I am having problem with my Hosting Company. They have a firewall on there server. For some reason there server has blocked my IP and i can’t able to work on my WordPress blog. I have contact them and they have replied me that answer.
    “You are using open source free application with free themes and plug-ins. Some of your plug-in or theme must be refreshed and triggered your website when you are using that’s why your IP has blocked again and again from server firewall. We can not make any changes in server firewall. You must need to investigate this issue from your end.”

    After couple of discussion we find that there is problem with my theme. Because i have switching to the Twenty Eleven theme by renaming my current theme’s folder inside wp-content/themes and adding “-old” to the end of the folder name and also resetting the plugins folder by FTP .
    But still the same problem. Finally I have to install the same theme again and its working fine.

    Know what security plugin do i need to download so this will not happens again.
    Oh yes i use PressPlay 2.1 theme for my blog.

    • Hi. Login lock may cause some redirection problem in your case. Perhaps “better WP security” is a better choice. Just be careful not to authorize the plugin to change the core files and select changes individually, like brute force attack.

  • Hi
    Sounds good and I will try the ones you recommend. Already using Better WP Security

    What about Bulletproof Security? I have had no problems since using it.
    Over 220,000 downloads with a 4.5 star rating based on 141 reviews sounds good to me. What do you think?
    See Specs below

    Version: .47.1
    Author: Edward Alexander
    Last Updated: 2 days ago
    Requires WordPress Version: 3.0 or higher
    Compatible up to: 3.4
    Downloaded: 222,315 times
    WordPress.org Plugin Page »

    Average Rating
    (based on 141 ratings)
    Charles

  • Anyway thanks buddy. The “better WP security “is too good, but it resulted in my wordpress admin area white screen error:-(

  • Nearly all of my sites are run by WP, hence, security is my topmost priority. These are not great sites, but took me months of hardwork and writing only to be defaced from the planet. Right now, I’m considering these pieces of advice on top of my xcloner plugin that regularly backups my site.

  • Great stuff! I will surely take this advice and install login lock. Thanks..

    • Hi Max. Good to see you here. Its good to have some added security measures and login lock thus provide a good defense from brute force attack. Better WP may be better, but it does require a bit of technical knowledge. Thanks for stopping by. How are things doing, btw?

  • do you have any idea what is this appearing on my posts? “www domainname com …T-aUdZHheqc”
    ( #.T-aUdZHheqc ) the last part of the url is keep on appearing on my sites. Yes sites… what do you think is this? some kind of injection, virus, wrong coding, plugins conflict, etc…any idea? please email email if you have any idea what is this? Homepage and pages are ok but all post seems getting different kind of alphanumeric something on the last part of my url. HOpe you can help.

    • Hi. I don’t see this issue when I visit your site. Can you give another example of another site? This looks like a tracking code of some kind.. email me if you want and we can discuss it.

  • WordPress is the safest blogging platform and very much secure by itself but there is never too much ascertainable. Installing WordPress Security Plugins is a good idea to make your blog safe from hacking attacks.

  • Online security is of utmost importance. Thanks for coming up with this checklist.

  • These are valid reminders that we should all look into to protect our sites. Thanks for sharing your tips.

  • I just wanna say thanks for the awesome Article…. I have been like totally paranoid about being hacked. And The best recommendation is on the one plugin that blocks IP Addresses. That you so very very much from The Oxygen Products Team in South Africa.

  • Thanks for the tip.
    I use Better WP Security , but for unexperienced this and plugin very much like this one may also harm you. If the setting is wrong your whole site may collapse mostly because of writing rules issue.
    If your site allows member to register, then be sure which setting to choose before doing anything with Better WP Security .

  • These great source and felt loss because late to read!
    However, many thanks!

    Deny

  • Valuable post you have there! I totally agree that you really have to backup your site regularly and make use of strong passwords to protect your WordPress site from hackers. Thanks for this.

  • Hi Francisco
    I just installed “Limit Login Attempts” a little while ago and have noticed how many failed login my blog has. Maybe I should try the “Better WP Security” plugin to minimize the risk.

    • Hi Thomas. You can try using Better WP Security, but the emails are “in principle” real attempts to login your site. It is scary sometimes, but it happens, and more reason to ensure that additional protection are to keep you as safe as possible

  • This was an awesome post. I recently shifted to WordPress from Blogger and was wandering around to find some good security plugins. Thanks man…Keep it up

  • Hi There,
    Something has gone drastically wrong on my website.
    I cant seem to login after some one tried to hack my website ….
    I eventually logged in through my Jigoshop…. but I can’t get into my backend.
    I used all the plugins you suggested and now I am some what in a tizz.
    When I go into my websites backend through FTP everything shows….
    Please tell me how to fix what went wrong.
    I dont know a thing about programming and I am still learning as I go along.

  • I just followed the link for Login Lock to the WordPress.org site and its not listed? Has the designer changed its name? Thanks for your research listed here!

    • Thanks for the heads up Lon. Indeed Login Lock has been removed from the repository. I’m guessing it was because it was generating some problems and the developer has not updated it. Updated this post to reflect that, thanks again

  • Hi DiTesco,
    Great and very informative post. What are your opinions concerning WordPress BulletProof Security Plugin?

    • Hi. Can’t tell as I have no experience with it. I heard it is also good…

      • Hi,
        I have been testing and learning BulletProof Security for almost a couple of weeks and it actually is a great security plugin, however we need to understand its various options by hit and trials as very basic FAQs have not been listed anywhere for this plugin for new users. I would actually prefer using this along with Better WP Security which is my favourite in terms of the protection and easy to understand data it produces, the best thing I liked about it is that it makes the default admin login page invisible so the basic level hacker will only keep thinking how to find the login page ๐Ÿ™‚ To Conclude, BulletProof Security and Better Wp Security make a deadly combination.

        Thanks

        Riz

  • Hi DiTesco, Great Tips to secure our blog. I am using some of the plugins which you have listed above. Thanks for Sharing!

  • Great post.. are they capable of handling malicous query also

Comments are closed.