WordPress website security

F

Franz

New member
[font=Calibri,sans-serif]Which plugins do you use to secure your WordPress website, and what are your essential steps to make it as less vulnerable as possible?[/font]
 
Genesis

Genesis

Administrator
Staff member
WordFence. I use the free version for every one of my blogs. It's quite a heavy plugin, but I think worth having. What I also like about WordFence it has a blog and notifications pointing out all of the challenges one should look out for at the time they are happening - they are specialists in WordPress security for sure.
https://wordpress.org/plugins/wordfence/

I also load "Limit login attempts" for all of my blogs. I usually make the number higher just to make sure I don't get locked out myself. But it's good for many things too like whitelisting or blacklisting IP numbers. You can read more about it here:
https://wordpress.org/plugins/limit-login-attempts-reloaded/

Then there are common sense security for WordPress, like having all themes and plugins as well as WordPress script completely up to date all of the time. To ensure the passwords one uses are complicated ones, and to change them regularly. To regularly check up on the blog, particularly if one has comments turned on. To use spam software for controlling the comments, preferably have a system where comments have to be approved by the owner first. I have all of my comments turned off.
 
F

Franz

New member
Thank you for the fast response! I didn't try the plugin before, I surely give it a try now, though. I also will try to build my first blog on this new account. To learn something new daily has no end.
 
F

farhang321

New member
  • Protect site against attacks.
  • Possibility of two-step verification to enter the WordPress counter.
  • Force to use strong passwords in WordPress for all users.
  • Scan the site and detect infected files in the WordPress plugin or format.
  • Protect against Brute Force attacks.
  • Scan the site and identify the infected plugins and place these plug-ins in the plugin's kernel list to enhance overall security on other sites that use the plugin.
  • View offline traffic and WordPress statistics.
  • Prevent DDOS attacks.
  • Possibility to use in WordPress MultiSite or WordPress Network.
  • Ability to use and adapt to popular plugins such as WordPress.
 
F

Freya009

New member
Plugins themselves are the major factors in the security breach in WordPress so whichever plugins you are using make sure to update them timely, remove the plugins that are not in use, change your WordPress login URL, etc.
 
F

frischid

New member
In my opinion the best way to be secure is to install only as many plugins as needed and only install plugins that are maintained because there are many old plugins out there which are a security risk. Additionally you can add a reCaptcha to your login form, to fight against brute force. But you will of course never reach 100% security and that's why I would not install 5 more plugins for security because every plugin can cause a security risk.
 
binil

binil

New member
Genesis said:
WordFence. I use the free version for every one of my blogs. It's quite a heavy plugin, but I think worth having. What I also like about WordFence it has a blog and notifications pointing out all of the challenges one should look out for at the time they are happening - they are specialists in WordPress security for sure.
https://wordpress.org/plugins/wordfence/

I also load "Limit login attempts" for all of my blogs. I usually make the number higher just to make sure I don't get locked out myself. But it's good for many things too like whitelisting or blacklisting IP numbers. You can read more about it here:
https://wordpress.org/plugins/limit-login-attempts-reloaded/

Then there are common sense security for WordPress, like having all themes and plugins as well as WordPress script completely up to date all of the time. To ensure the passwords one uses are complicated ones, and to change them regularly. To regularly check up on the blog, particularly if one has comments turned on. To use spam software for controlling the comments, preferably have a system where comments have to be approved by the owner first. I have all of my comments turned off.
Click to expand...

Wordfence is very good, but as you said its very heavy on resources..

Have anyone used these plugins
https://wordpress.org/plugins/block-bad-queries/
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
https://wordpress.org/plugins/better-wp-security/
https://wordpress.org/plugins/wp-malware-removal/
 
afizat

afizat

New member
For security plugins I've used is wp hide & security enhancer, wordfence premium. For the plugins I've been using so far no problem.

You can try the free plugins first. I hope this helps.
 
You must log in or register to reply here.