Arian SimonWeb Designer - Business Owner - Entrepreneur who makes happy little mistakes.
Is your WordPress website secure? If you want to sleep well during night I strongly recommend you read this article. Because a small hole in your system might already cause huge chaos, financial disaster and legal issues. Gladly there are ways to prevent all this and protect you as strong as possible. I just want to be clear on one thing: there is no 100% security. So better get 99.9% now!
In this post I’ll suggest various options how you can secure your website.
Table of Contents
All in one security plugins are easy to setup and very convenient to use. They offer protection against a wide variety of threats.
Wordfence is my plugin of choice when it comes to security. It offers many options and really improves your site’s defenses. I especially love the login rules.
Other featuers are:
Sucuri is the authority when it comes to WordPress security. Each WordPress user should at least one time a day thank Sucuri for its efforts to make WordPress, its plugins and themes a safe environment to play in. It’s not only about their plugin. Sucuri also reports vulnerabilities to major WordPress extension providers to help them prevent possible exploits. Each time I read Themeforest messages warning of security holes I also stumble across the name Sucuri.
Their plugin offers following features:
iThemes Security is the successor of the prominent All in One WP Security plugin. iThemes is offered in as a free and paid version.
It offers various features like:
All in One security was the most prominent all in one security option for WordPress. However I don’t recommend using it anymore as other options are more viable now.
Another all in one solution is Bulletproof Security. They offer a free and a paid version.
The highlights of the free version are:
Don’t want any protection except an anti virus? There are also stand alone solutions available.
If you are looking for a dedicated WordPress Anti Virus solution, AntiVirus is one prominent example.
However I prefer the all in one solutions, as I’m a friend of less plugins with more effect. There are some more stand alone anti viruses.
Anti spam software extends your website with great value, except that it’s not directly security related. However it makes your life a lot easier. As soon as you get above 10 daily visitors you will most likely get your first spam comments.
Antispam Bee is my plugin of choice. It’s easy to set up and works like a charm. It’s also recommended by a lot of other users. The settings menu is very clean and its options useful.
The most important features are:
If you don’t like Antispam Bee for whatever reason you might want to check out GoodBye Captcha. Integrates with many different forms. Doesn’t slow down loading times according to its author.
Another trustworthy options is cleantalk’s anti spam plugin. It also integrates with many different forms and has a low false/positive rate according to its author.
One important security option are backups. Even better if they are automated. So in case something happens you can still restore your website as a recent version.
My plugin of choice for automatic WordPress backups. You can schedule database backups, file backups and complete backups. Typically you want to database backup your static websites and simple blogs daily. For eCommerce sites I suggest hourly backups at least. Your files are saved on your server in an archive. You can download them on your local computer via ftp. Your database can be restored via phpMyAdmin and the import function or via your MySql tool of choice.
If you buy the paid version you can also store your backups in your cloud solution like DropBox (and far more).
Another popular backup solution is provided by UpDraftPlus. The functions are similar to BackUpWordpress. Automatic backups, manual backups and more. Saves to cloud storages (Paid Version) as well as your website’s server.
If you don’t like above solutions for whatever reason you can also try BackWPup. They offer a free and premium version too.
There is one more security related plugin, which is a bit outdated but still should be mentioned on this list.
Snitch is a plugin to monitor your website traffic. Although you need to be an advanced user to really take action on this insight, it can be very handy to handle attacks.
If you are not one of these adrenalin junkies you should definitely care about your website’s protection. The plugins above provide you with a good start to fortify your WordPress. Additionally you should always keep your plugins up to date. If your site gets compromised seek professional help. To completely cure a once infected system is a damn hard task. Sometimes the only efficient option is a complete wipe. Hopefully you made a backup 😉