Security plays a vital role in keeping your website up and running round the clock. Along with monitoring the files, directories and database tables, it is equally important to take preventive measures like timely updating the passwords, changing the default settings, regular backups and so on. Here are 7 security plugins to help you safeguard your WordPress installation by fulfilling one or more of the aforesaid objectives.
- WP Security Scan: WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions like changing the passwords, setting the file permissions, suggestions for database security, hints on version hiding, steps for WordPress admin protection and removal of WP Generator META tag from core code.
- Login LockDown: Login LockDown comes in handy for limiting the number of login attempts from a given IP range within a certain time period. The plugin blocks the IP address for an hour after 3 failed login attempts within 5 minutes. This helps in preventing brute force password discovery. The administrator can however release locked out IP ranges and can also modify the default settings of the plugin via Options panel.
- Secure WordPress: Secure WordPress is a WordPress security plugin which automatically removes or hides sensitive information like wp-version and core update information. The plugin strengthens the security of your WordPress installation by removing error information on login pages, adding index.html to plugin directories, blocking any bad queries that could be harmful to your WordPress website and much more.
- AskApache Password Protect: This plugin adds crazy additional password protection and security to your blog. The power of this plugin is that it creates a virtual wall around your blog allowing it to stop attacks before they even reach your blog to deliver a malicious payload.This plugin doesn’t control WordPress or mess with your database, instead it utilizes built-in security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled hacking attempts to exploit vulnerabilities on your blog.
- BulletProof Security: BulletProof Security protects your website from XSS, CSRF, Base64_encode and SQL Injection hacking attempts. This one click security plugin adds .htaccess website security protection to your WordPress website. You can add .htaccess security protection directly from within the WP Dashboard. The security offered by this plugin protects the root website folder as well as wp-admin folder.
- Exploit Scanner: This plugin searches the files on your website including the posts and comments tables of your database for anything suspicious. It also examines the list of active plugins for unusual file-names. On the whole it scans all the files and database tables of your WordPress install to indicate if it has fallen victim to malicious hackers but doesn’t remove anything. This plugin is quite similar to WordPress File Monitor which monitors the files under your WordPress installation and notifies you via email in case of any change.
- WP Malware Removal: This is an awesome free plugin that checks your WordPress core files for integrity as well as runs them through the latest malware definitions. It’s lightweight and works like a charm.
- Better WP Security: Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site. It limits the login attempts to prevent brute force attacks (like login lockdown), removes sensitive data (like Secure WordPress) and strengthens .htaccess settings (like Bulletproof security).
Apart from installing the security plugins, it is also important to understand what to do if your WordPress website gets hacked.