Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

WordPress website security

Which plugins do you use to secure your WordPress website, and what are your essential steps to make it as less vulnerable as possible?
WordFence. I use the free version for every one of my blogs. It's quite a heavy plugin, but I think worth having. What I also like about WordFence it has a blog and notifications pointing out all of the challenges one should look out for at the time they are happening - they are specialists in WordPress security for sure.

I also load "Limit login attempts" for all of my blogs. I usually make the number higher just to make sure I don't get locked out myself. But it's good for many things too like whitelisting or blacklisting IP numbers. You can read more about it here:

Then there are common sense security for WordPress, like having all themes and plugins as well as WordPress script completely up to date all of the time. To ensure the passwords one uses are complicated ones, and to change them regularly. To regularly check up on the blog, particularly if one has comments turned on. To use spam software for controlling the comments, preferably have a system where comments have to be approved by the owner first. I have all of my comments turned off.

Thank you for the fast response! I didn't try the plugin before, I surely give it a try now, though. I also will try to build my first blog on this new account. To learn something new daily has no end.
I think the Wordfence Security security plugin is one of the best WordPress extensions that will give you many different options to increase the level of security in WordPress. The plug-in has managed to allocate more than 2 million active installations to your server, which you can use on your WordPress site using WordFence Security plug-ins. 
  • Protect site against attacks.
  • Possibility of two-step verification to enter the WordPress counter.
  • Force to use strong passwords in WordPress for all users.
  • Scan the site and detect infected files in the WordPress plugin or format.
  • Protect against Brute Force attacks.
  • Scan the site and identify the infected plugins and place these plug-ins in the plugin's kernel list to enhance overall security on other sites that use the plugin.
  • View offline traffic and WordPress statistics.
  • Prevent DDOS attacks.
  • Possibility to use in WordPress MultiSite or WordPress Network.
  • Ability to use and adapt to popular plugins such as WordPress.
Plugins themselves are the major factors in the security breach in WordPress so whichever plugins you are using make sure to update them timely, remove the plugins that are not in use, change your WordPress login URL, etc.
In my opinion the best way to be secure is to install only as many plugins as needed and only install plugins that are maintained because there are many old plugins out there which are a security risk. Additionally you can add a reCaptcha to your login form, to fight against brute force. But you will of course never reach 100% security and that's why I would not install 5 more plugins for security because every plugin can cause a security risk.
[-] The following 1 user Likes frischid's post:
  • Genesis

Users browsing this thread:
1 Guest(s)

WordPress website security49