As the most used website management platform globally, WordPress is also one of the most targeted by malicious actors. Keeping your WordPress site secure can quickly become challenging especially for small business owners who have 1,000 other things to do. Luckily, there are security plugins, that can be installed right from within WordPress, that can make the task easier for you and help you keep your website away from cyber attackers.
Some of the functionalities usually provided by site plugins include, among others:
->Web traffic monitoring
-Brute force attack protection
-Unusual login notification
We have reviewed the most used plugins in the community, and have come up with this list of three plugins which you can consider to add to your WordPress site. The first two are comprehensive security tools that offer a free (albeit limited) version. The third one is a backup tool that is very affordable. Make sure to choose one of them and take a few minutes to install it for your WordPress site.
Free version available: Yes
Paid version pricing: $119/year and up (compare versions)
-Very easy to use
-Built-in Web Application Firewall that blocks malicious traffic
-Malware scanning of files, plugins and themes before upload
-2FA and login limits to prevent brute force attacks
-Real time live traffic and analytics
-Over 4 millions downloads to date – one of the most popular WordPress security pluginsSome plugins would focus on one or two of these roles, while some are more comprehensive and include a wide range of security features.
#2: All in One Security (AIOS)
Free version available: Yes
Paid version pricing: $70/year (compare versions)
-Provides insights for best practices (such as renaming ‘admin” username)
-In-depth reports about website users and their activity
->Hides login page from bots
-Login lockout function to prevent brute force attacks or users with invalid usernames
-Configurable forced logouts to prvents users being logged in indefinitel
-Two Factor Authentication
-Password strength tool
#3 VaultPress Backup by JetPack
Free version available: No
Paid version pricing: $5.5/month or more
-Great for membership sites and Woocommerce stores
-Includes 10GB of cloud storage (get up to 1TB storage for double the price)
-30-day activity log archive
-Unlimited one-click restores from the last 30 days
We hope you have found the recommendations above useful. There are hundreds of other security tools available for WordPress, so it is worth to take the time to review some of them to find the one most suited for your needs. As we alway say, running a WordPress site is not do and forget thing. If you need help in keeping your site secure and want to outsource this function to a knowledgeable, trusted partner, while you focus on growing your business or magnifying the impact of your cause, please consider subscribing to one of our Web Defender packages today.
WordPress is by far the most used content management system and website builder globally. Millions of individual site owners, organizations and businesses take advantage of this easy to use platform to build their website or blog. In 2021, about 35% of the 1.3 Billion of active websites were estimated to be using WordPress. WordPress however is also, unfortunately, one of the most targeted platforms by hackers and other malicious actors. Launching a WordPress site without taking the necessary measures to keep it secure, is a disaster waiting to happen.
While the average site owner might not be a cyber security expert, understanding the basics of website security and taking a few actions can prevent your WordPress website from being hacked in 95% of cases. Here are 7 steps you can take to keep your WordPress site secure.
1) Keep your WordPress installation and plugins up to date
Most hacked websites happen due to the site owners not having updated WordPress to the latest version, or using an outdated plugin. WordPress is NOT a set up and forget it system. As a website owner, you need to make sure your WordPress installation and all plugins you use are always kept updated to the latest version.
2) Install a security plugin
There are various security plugins available from third-party providers, that can help improve the security of your WordPress site. Such plugins can help scan your website for vulnerabilities, block IP addresses where brute force attempts originate from, disable access for malicious visitors and bots, prevent your WordPress files from being modified among other features. Make sure to use one from a reputable vendor.
3) Change default settings
By default, WordPress comes with a default admin URL and a default admin user (“admin”). Obviously, these settings are known to threat actors and are the first ones to be used by malicious actors trying to hack your website using brute force or social engineering. Make sure to change those default settings when launching your WordPress site. You might even consider removing altogether your admin user after creating a new user to which you would have given admin privileges. Another default setting that is often targeted is the wp-config.php file which host key information about your installation. You need to take action to harden that file using the .htaccess file, and restrict its access to unauthorized parties.
4) Monitor your website
It is important to monitor your WordPress site for changes that may be indicative of malicious activity. This can be done using plugins, third party remote tools, or having a website security company handle that function for you. Samurai Defender offers. You can consider our Web Defender website security packages which include monitoring for uptime, online reputation, blacklists and more.
5) Choose a reputable web host
Not all web hosting companies are the same when it comes to maintaining a secured WordPress website. You need to choose a web host which provides WordPress hosting or is familiar with hosting WordPress sites, and maintain servers with secure software including up to date PHP and MySQL versions. If you are looking for a new host to your WordPress site, we recommend HostGamma.com
6) Install a SSL certificate
Enabling SSL/https ensure that traffic between your website’s visitors browser and your server is encrypted. Not having SSL enabled will have a warning on most major browser and Google next to your website, which has a negative impact on your website reputation. SSL with help with SEO, your visitors first impression, but also is an important component of your website security posture. Many hosts today offer SSL certificates for free. If not, look into purchasing one from your host or from a third party SSL provider. Samurai Defender does not sell SSL certificates as of now, however we can help install SSL for your site for just $29.
7) Backup your WordPress site
If all fail and your WordPress site happens to be hacked, the last thing you would like would be in a situation where you have no backup available to revert your site to. Even if your host offers automated backups, you cannot rely on those. We have seen so many cases where hosts backups failed, were corrupted, or just too old. Luckily, there are many options to backup your WordPress database or complete files to a remote location. You can also download manually a backup manually at regular periods, which is an option available from cPanel, Plesk and other major control panels today. Samurai Defender also offers a secure backup service for just $10/month
We hope you have found this article interesting. By implementing the above steps, you will strengthen the overall security of your WordPress website and make it more resilient to online malicious threat actors. If you need professional help in securing your WordPress website, you can check our WordPress hardening service. Alternatively, simply contact us to discuss your needs.