LD Staff Writer
The first portion of this 2-part series explored some of the more obvious security points WordPress users can run into. Today, we’ll cover some of the most popular WordPress plugins for safety and security to patch up the problems. Check out some previous recommendations for backups here.
(These may be a great starting point, but things change quickly. Always check the most current reviews before changing your security setup.)
WordPress is the base of your site. Every plugin you add can also bring vulnerabilities with it. All the security plugins and practices in the world won’t mean a thing if your **FaNcY EmOjI COmMentS plugin FREE** is full of holes.
Your best practice is also the simplest – and often the most overlooked: update your installation and your plugins! At one point, it was estimated that 49 out of 50 WordPress sites were running outdated versions with known vulnerabilities. There’s no way around proper management… Make sure everything is up to date, and don’t use 5 overlapping plugins to accomplish the same task.
Manage WP
This isn’t a WordPress plugin, but can be a great tool if you manage multiple sites. Rather than bouncing from site to site, you can manage updates for themes, plugins, and WordPress itself through one location. It also has options for cloning and premium backups, advanced reporting, and more as paid add-ons. These add-ons can be chosen individually (maybe backups are more important than an uptime monitor), or bundled together to best suit your needs.
Akismet Anti-Spam
Akismet Anti-Spam is included with newer installations of WordPress. It works to prevent spam in your comments section. It doesn’t help deter people trying to break down the front door, but it can make a huge difference if you have a comments section on any of your pages. It’ll protect your customers from phishing scams, as well as inappropriate/spammy/vulgar posts that drive people away. It must be popular and work well – it’s one of only three WP plugins with more than 5 million installs.
Limit Login Attempts
Limit Login Attempts is an older plugin, but is still widely used. It’s designed to accomplish one task: if someone is sitting at your login page trying to guess your password, this will stop them. While it has a 4.5-star rating and over 2 million installs, it hasn’t been updated in five years. This is worth noting because it might turn up in your search results… And based on our earlier advice, you might want to skip past this one and take a look at Loginizer (listed below).
Wordfence Security
Wordfence provides many options with free and paid tiers. The free version will help protect against brute force attacks, watch for bots, keep an eye out for infecting software, and warn you about storage when you’re running low. The paid version increases its offerings with some more advanced auditing and scanning features. This paid option will run you $99/year per site, but the more sites you have and the longer you commit to your license, there are some pricing advantages available.
iThemes Security Pro
iThemes Security Pro is a paid suite of tools that covers a lot of bases. Their pricing is yearly, and starts by covering two sites (up to an unlimited number).
This plugin addresses a wide range of security concerns, including brute force password attacks (and blocking attackers from trying again), enforcing good password habits and multi-factor authentication, changing the standard login location, and monitoring how many times people hit a “page not found” (there’s a technique where bots scan your website looking for different kinds of pages, and this is one way to watch for those attacks). They can also send out email alerts if a large quantity of site files change suddenly (if you do a lot of updating at once, however, you can trigger your own alarm).
While backups aren’t specifically part of security, they’re absolutely necessary! iThemes Security Pro also has a secondary BackupBuddy plugin that will backup your sites before running any updates, just in case any of them break part of your site.
Loginizer
Loginizer does one thing, and does it very well. This plugin locks down your login page – that’s it. If you aren’t hosting customer data or financial info, and just want to lock the front door, this will keep everyone out but you. If you only need it for one site, it’s only about a quarter of the price of iThemes Security Pro (anything more, and iThemes will be a better deal).
With website security, there probably won’t ever be a one size fits all solution – which isn’t a bad thing! Based on cost and features, mixing and matching can lead to great control over the things that are most important to you. If you see something here that you need a hand implementing, let us know – we’re happy to help!
Want to learn more?
[su_button url=”https://longerdays.com/2018/01/01/take-a-tour-of-our-features/” target=”blank” style=”flat” background=”#2F6690″ size=”10″ center=”yes” radius=”6″]Take a tour of our features![/su_button]