TOP 10 security plugins for WordPress 2020
WordPress is one of the most used CMS in the world. It is a very secure platform in itself, although it is also one of the most hacked. On average, 30,000 new websites are hacked every day. WordPress sites can be an easy target for attack due to plugin vulnerabilities, weak passwords, and outdated software.
For your website to be safe and free of vulnerabilities, you must take certain measures such as: having WordPress and all the plugins you use always up to date, not downloading pirated themes or plugins, and always having backup copies. It is also very helpful to have your CMS installed on a fully secured and 100% optimized WordPress Hosting.
You can add a little more security to your website by installing a plugin that acts as a firewall and complies with good WordPress security practices.
In Interdominios we are specialized in WordPress security, in fact, we do a lot of weekly disinfection of clients who have their websites hacked and infected with all kinds of malware and we recover their websites to versions of previous days with backup copies.
TOP 10 security plugins for WordPress
Most WordPress administrators do not know that their websites are vulnerable and are surprised when they are hacked (even thinking that it is a problem with their hosting server) when in fact, it was their security problem. For this reason, it is necessary to:
Secure the usual holes through which viruses and malware enter.
Stop automated attacks
Strengthen user credentials.
Although it is not advisable to fill your WordPress with plugins that slow down its loading speed (you may also be interested in reading: "How to optimize and speed up your WordPress"), security plugins are very necessary, since they work as a firewall and antivirus.
The plugins that we are going to list below are free, except in some cases that have premium versions such as WordFence Security and Security.
1. Wordfence Security
It is the security plugin par excellence, the most complete and most used in the WordPress landscape. It is our favorite and the one we recommend the most for its malware analysis and detection capabilities.
Wordfence includes an endpoint firewall and a malware scanner to protect WordPress. Its latest version (updated a week ago) includes the latest firewall rules, malware signatures, and malicious IP addresses that it detects and blocks to keep your website safe.
Main features:
Firewall: Identify and block malicious traffic.
Malware Scanner - Checks main files, themes, and plugins on the web for malware. Check the web for known security vulnerabilities and alert you to any problems.
Wo Factor Authentication (2FA) - One of the most secure forms of remote system authentication available through any TOTP-based authentication application or service.
Alert System: Highly configurable alerts can be sent by email, SMS, or Slack. Improve the signal-to-noise ratio by taking advantage of importance level options and a daily summary option.
live traffic (in its premium version) to monitor visits and hacking attempts in real-time that are not shown in other analysis packages in real-time; including origin, your IP address, time of day, and time spent on your site.
You can view and download it here: https://wordpress.org/plugins/wordfence/
2. WeSecur Security
It is a free plugin that works as a WordPress antivirus and malware scanner. secure works as a maintenance plugin (to leave installed in WP) Thanks to its firewall and its malware scanner, it is specially designed to protect your WordPress without slowing down your website.
Main features:
File integrity checker.
Bruteforce Login Protection.
Monitoring the blacklist.
External malware scanner.
Hardening settings.
The Premium version offers server-side malware scanner, automatic malware removal, vulnerability scanner, and smart alerts.
You can view and download it here: https://wordpress.org/plugins/wesecur-security/
3 All In One WP Security & Firewall
It is another of our favorite security plugins because it is very complete and easy to use and understand. Reduce security risk by checking for vulnerabilities and implementing and applying the latest WordPress security best practices and techniques.
All In One WP Security offers three levels of security: "basic", "intermediate" and "advanced". In this way, the firewall rules can be applied progressively without breaking the functionality of the site.
It has Whitelists, blacklists, firewalls, options to backup and restores Files, security in the user registry and user accounts, security scanner and instantly blocking the brute force attack at log in.
Additional characteristics:
The ability to remove WordPress Builder Meta information from your site's HTML source.
Ability to remove the WordPress Version information from the JS and CSS file included on your site.
Ability to prevent people from accessing the readme.html, license.txt, and wp-config-sample.php files
The ability to temporarily block the front end of your site from general visitors while you perform various backend tasks (investigate security attacks, perform site updates, do maintenance work, etc.) Ability to export/import security settings.
Prevent other sites from displaying your content through a frame or iframe.
You can see and download it here: https://es.wordpress.org/plugins/all-in-one-wp-security-and-firewall/
4. Honeypot WooCommerce
WooCommerce-Honey-Pot-Anti-Spam
WooCommerce-Honey-Pot-Anti-Spam
This plugin is not one of the best known, however, it is very necessary. Activate a lure (Anti-Spam and anti-bot) in the following sections of an online store developed with WordPress + WooCommerce:
WooCommerce login form.
WooCommerce registration form.
Publication comment box.
WordPress registration form.
WordPress login form.
It is highly optimized, so the performance of your online store will not be affected.
You can see and download it here: https://wordpress.org/plugins/honeypot-woocommerce-wp-antispam/
5. Sucuri Security WordPress
Sucuri Security is one of the most widely used and recognized security plugins worldwide. It is a security suite made up of a set of very interesting functions that constantly monitors the security of websites with WordPress, it has a free version with some functions, although most can only be used in the premium version of the plugin.
Main features:
Audit security activity
File integrity monitoring
Remote Malicious Software Scan
Blacklist monitoring
Effective security reinforcement
Security actions after an attack
Security notices
Website firewall (premium)
You can see and download it here. https://wordpress.org/plugins/sucuri-scanner/
6. NinjaFirewall
NinjaFirewall can scan, sanitize, or reject any HTTP / HTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located within the blog installation directories and subdirectories will be protected, including those that are not part of the WordPress package. Even hard-coded PHP scripts, hacker shell scripts, and back doors will be filtered by this plugin.
It allows blocking requests by POST and GET which can lead to insecure results.
NinjaFirewall includes the most powerful filtering engine available for WordPress. Its most important feature is its ability to normalize and transform data from incoming HTTP requests, allowing it to detect web application firewall evasion techniques and obfuscation tactics used by hackers, as well as to support and decode a large set of encodings.
Other important functions:
The fastest and most efficient brute force attack protection for WordPress
Stop in real-time
File integrity monitoring
observe your website traffic in real-time
Notification of events and a non-intrusive interface for the user
You can see and download it here: https://es.wordpress.org/plugins/ninjafirewall/
7. Cerber Security, Antispam & Malware Scan
Defend WordPress against hackers, spam, Trojan, and malware attacks. Mitigates brute force attacks by limiting the number of login attempts through the login form, XML-RPC / REST API requests, or the use of authentication cookies.
Among other functions (which are a few) it offers:
Track user and intruder activity with email, mobile and desktop notifications. Stop spam: Activate a specialized Cerber antispam engine and Google reCAPTCHA to protect registration, contact, and comment forms.
Scans for advanced malware, integrity checker, and file monitor.
Strengthening WordPress with a set of flexible security rules and sophisticated security algorithms.
Restrict access with Black IP Access List and White IP Access List.
We invite you to take a look at everything that this plugin offers since it is very complete and free https://es.wordpress.org/plugins/wp-cerber/
8. iThemes Security (formerly Better WP Security)
iThemes Security (formerly Better WP Security)
iThemes Security (formerly Better WP Security)
iThemes Security (formerly Better WP Security) offers you more than 30 ways to secure and protect your WordPress site. It has a very complete free version and a paid Pro version.
Some of its most important functions:
Protects. Avoid brute force attacks by banning servers and users with too many invalid access attempts and scan your site to instantly report any existing vulnerabilities
Detect. Intercepts bots and other vulnerability search attempts.
Hidden. Change the URLs of the areas of the WordPress dashboard, including access, administration, and more
Recover. Make regular backups of your WordPress database,
You can see and download it here: https://es.wordpress.org/plugins/better-wp-security/
9. WP Hide & Security Enhancer
WP Hide & Security Enhancer
WP Hide & Security Enhancer
The great advance of this plugin is that nobody will know that you are actually running WordPress. It's the easy way to completely hide your WordPress: core files, login page, themes, and plugin paths from being displayed on the public side.
The plugin not only allows you to change your WordPress default URLs, it hides/blocks many similar codes by default, it only changes slugs, but the default values are still accessible, unconsciously revealing WordPress as CMS.
Change the default WordPress login URLs from wp-admin and wp-login.php to something totally arbitrary. No one will ever know where to try to access and hack your site
No files or directories are changed anywhere, everything is processed virtually. The plugin code uses URL rewriting techniques and WordPress filters to apply all internal functions and features. Everything is done automatically, it does not require user intervention.
You can see and download it in the WordPress repository by following this link: https://es.wordpress.org/plugins/wp-hide-security-enhancer/
10. WP Security Audit Log
WP Security Audit Log
WP Security Audit Log
With WP Security Audit Log you will have an activity log of everything that happens in your WordPress.
This plugin for WP allows:
Easily detect suspicious behavior before there are security issues
Facilitate problem-solving
Know exactly what all your users are doing
No comments