Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

WordPress website security

#1
Which plugins do you use to secure your WordPress website, and what are your essential steps to make it as less vulnerable as possible?
#2
WordFence. I use the free version for every one of my blogs. It's quite a heavy plugin, but I think worth having. What I also like about WordFence it has a blog and notifications pointing out all of the challenges one should look out for at the time they are happening - they are specialists in WordPress security for sure.
https://wordpress.org/plugins/wordfence/

I also load "Limit login attempts" for all of my blogs. I usually make the number higher just to make sure I don't get locked out myself. But it's good for many things too like whitelisting or blacklisting IP numbers. You can read more about it here:
https://wordpress.org/plugins/limit-logi...-reloaded/

Then there are common sense security for WordPress, like having all themes and plugins as well as WordPress script completely up to date all of the time. To ensure the passwords one uses are complicated ones, and to change them regularly. To regularly check up on the blog, particularly if one has comments turned on. To use spam software for controlling the comments, preferably have a system where comments have to be approved by the owner first. I have all of my comments turned off.

#3
Thank you for the fast response! I didn't try the plugin before, I surely give it a try now, though. I also will try to build my first blog on this new account. To learn something new daily has no end.
#4
I think the Wordfence Security security plugin is one of the best WordPress extensions that will give you many different options to increase the level of security in WordPress. The plug-in has managed to allocate more than 2 million active installations to your server, which you can use on your WordPress site using WordFence Security plug-ins. 
  • Protect site against attacks.
  • Possibility of two-step verification to enter the WordPress counter.
  • Force to use strong passwords in WordPress for all users.
  • Scan the site and detect infected files in the WordPress plugin or format.
  • Protect against Brute Force attacks.
  • Scan the site and identify the infected plugins and place these plug-ins in the plugin's kernel list to enhance overall security on other sites that use the plugin.
  • View offline traffic and WordPress statistics.
  • Prevent DDOS attacks.
  • Possibility to use in WordPress MultiSite or WordPress Network.
  • Ability to use and adapt to popular plugins such as WordPress.
#5
Plugins themselves are the major factors in the security breach in WordPress so whichever plugins you are using make sure to update them timely, remove the plugins that are not in use, change your WordPress login URL, etc.
[-] The following 1 user Likes Freya009's post:
  • Swaahili M
#6
In my opinion the best way to be secure is to install only as many plugins as needed and only install plugins that are maintained because there are many old plugins out there which are a security risk. Additionally you can add a reCaptcha to your login form, to fight against brute force. But you will of course never reach 100% security and that's why I would not install 5 more plugins for security because every plugin can cause a security risk.
[-] The following 1 user Likes frischid's post:
  • Genesis
#7
Use a complex username (never use admin), and use a very strong password, customize the wp-admin/wp-login URL by using a plugin like WPS Hide Login and limit the login attempts by using a plugin like WPS Limit Login, and then make sure to have a good backup solution running just in case an attack still happens.
#8
(04-03-2019, 11:40 PM)Genesis Wrote: WordFence. I use the free version for every one of my blogs. It's quite a heavy plugin, but I think worth having. What I also like about WordFence it has a blog and notifications pointing out all of the challenges one should look out for at the time they are happening - they are specialists in WordPress security for sure.
https://wordpress.org/plugins/wordfence/

I also load "Limit login attempts" for all of my blogs. I usually make the number higher just to make sure I don't get locked out myself. But it's good for many things too like whitelisting or blacklisting IP numbers. You can read more about it here:
https://wordpress.org/plugins/limit-logi...-reloaded/

Then there are common sense security for WordPress, like having all themes and plugins as well as WordPress script completely up to date all of the time. To ensure the passwords one uses are complicated ones, and to change them regularly. To regularly check up on the blog, particularly if one has comments turned on. To use spam software for controlling the comments, preferably have a system where comments have to be approved by the owner first. I have all of my comments turned off.

Wordfence is very good, but as you said its very heavy on resources..

Have anyone used these plugins
https://wordpress.org/plugins/block-bad-queries/
https://wordpress.org/plugins/all-in-one...-firewall/
https://wordpress.org/plugins/better-wp-security/
https://wordpress.org/plugins/wp-malware-removal/
#9
Second that, while it important to have a security plugin, you need to also have backups as a second line of defence. 
If its fits your budget, definitely give MalCare a try. Some of its plans include premium incremental backups and free staging as well. This is super helpful when you're running a fresh site where you'd be experimenting a lot! There's a free trial too. 

For a non-paid option : MalCare also has a free version that scans your site for malware and offers firewall protection - its available on the repo. You can use that, coupled with Updraftplus free backups. 

There are also multiple other things you should do to secure your site.

- Remove WordPress version info 
- Install an SSL Certificate - there are free tools for this 
- Duh, Use Strong Passwords but also set expiration date for your password 
- Change your Admin’s Page URL
- Keep your Core, Plugins and Themes updated always

Good luck man!  Good
#10
For security plugins I've used is wp hide & security enhancer, wordfence premium. For the plugins I've been using so far no problem.

You can try the free plugins first. I hope this helps.
  




Users browsing this thread:
1 Guest(s)

WordPress website security510