Plugins to Enhance WordPress Security
WordPress has become increasingly popular as a platform for creating highly customizable responsive websites. And of course this makes it increasingly attractive as a target for hackers and spammers.
To help guard against this, here are a couple of plugins that help to at least minimize unknown vulnerabilities.
Your first defence should be to ensure that you keep WordPress itself and all your plugins and themes up to date. WordPress and the WordPress community is very good at reacting to security threats and vulnerabilities as they are discovered and typically patched or updated versions are made available within a few days. But the patches won’t do you any good if they are not applied.
Advanced Automatic Updates by pento adds extra options to WordPress’ built-in Automatic Updates feature. On top of security updates, it also optionally supports installing major releases, plugins, and themes. If you use this to keep your themes updated, please see Don’t let WordPress theme upgrades break your site to avoid losing your theme customizations.
Plugin Vulnerabilities by White Fir Design alerts you when any of your installed plugins contain known security vulnerabilities, as well as warning you of vulnerabilities in other versions of those plugins. This will at least make you aware of an issue until the plugin updater can instgall a patched version.
Finally, Wordfence Security by Wordfence is a must have plugin for any WordPress site. From the plugin description:
Blocking Features
- Real-time blocking of known attackers. If another site using Wordfence is attacked and blocks the attacker, your site is automatically protected.
- Block entire malicious networks. Includes advanced IP and Domain WHOIS to report malicious IP’s or networks and block entire networks using the firewall. Report security threats to network owner.
- Rate limit or block security threats like aggressive crawlers, scrapers and bots doing security scans for vulnerabilities in your site.
- Choose whether you want to block or throttle users and robots who break your security rules.
- Premium users can also block countries and schedule scans for specific times and a higher frequency.
Login Security
- Sign-in using your password and your cellphone to vastly improve login security. This is called Two Factor Authentication and is used by banks, government agencies and military world-wide for highest security authentication.
- Includes two-factor authentication, also referred to as cellphone sign-in.
- Enforce strong passwords among your administrators, publishers and users. Improve login security.
- Checks the strength of all user and admin passwords to enhance login security.
- Includes login security to lock out brute force hacks and to stop WordPress from revealing info that will compromise security.
Security Scanning
- Scans for the HeartBleed vulnerability – included in the free scan for all users.
- Scans core files, themes and plugins against WordPress.org repository versions to check their integrity. Verify security of your source.
- See how files have changed. Optionally repair changed files that are security threats.
- Scans for signatures of over 44,000 known malware variants that are known security threats.
- Scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
- Continuously scans for malware and phishing URL’s including all URL’s on the Google Safe Browsing List in all your comments, posts and files that are security threats.
- Scans for heuristics of backdoors, trojans, suspicious code and other security issues.
WordPress Firewall
- Includes a firewall to block common security threats like fake Googlebots, malicious scans from hackers and botnets.
Monitoring Features
- See all your traffic in real-time, including robots, humans, 404 errors, logins and logouts and who is consuming most of your content. Enhances your situational awareness of which security threats your site is facing.
- A real-time view of all traffic including automated bots that often constitute security threats that Javascript analytics packages never show you.
- Real-time traffic includes reverse DNS and city-level geolocation. Know which geographic area security threats originate from.
- Monitor your DNS security for unauthorized DNS changes.
- Monitors disk space which is related to security because many DDoS attacks attempt to consume all disk space to create denial of service.
Multi-Site Security
- Wordfence Security for multi-site also scans all posts and comments across all blogs from one admin panel.
- WordPress Multi-Site (or WordPress MU in the older parlance) compatible.
Caching Features
- Includes Falcon Engine, the fastest WordPress caching engine available today. Falcon is faster because it reduces your web server disk and database activity to a minimum.
- Wordfence includes two caching modes for compatability and has cache management features like the ability to clear the cache and monitor cache usage.
IPv6 Compatible
- Fully IPv6 compatible including all whois lookup, location, blocking and security functions.
Major Theme and Plugins Supported
- Includes support for other major plugins and themes like WooCommerce.
The Wordfence WordPress security plugin is full-featured and constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.
Don’t wait until your site is hacked before taking action!
Leave a comment