One of the most common tasks our Heroic Support® technicians do for our customers is to help ensure their WordPress website is properly secured. There are many WordPress security plugins that can help with this task, but the options can be overwhelming. When it comes to finding the ideal security plugin for your WordPress site, we strongly recommend finding one that suits your needs and maintaining it properly. To help you narrow down your options, the following security plugins have been recommended by the Nexcess Security Team. These plugins are ranked highly, used widely across the industry, and will help secure your site against potential attacks.
WordFence will perform a deep scan on all of your source code files, themes, and plugins to verify their integrity and security. In addition, this plugin offers firewalls, virus scanning, a new caching engine, post & comment scanning, and file scanning. A unique feature of this plugin is the real-time map on the WordFence homepage that tracks attacks on WordPress sites. This map is used as a crowd-sourced approach to blocking attacks. If one site using the plugin is attacked, the attacker is then blocked by all other sites using the plugin, allowing your site to be even more protected.
Formerly known as Better WP Security, this plugin prevents a number of different common attacks through strengthened user credentials, site & database monitoring, locking out users with multiple invalid login attempts, changing the admin login path and username, and limiting the number of times users can access the site (brute force protection). Not to mention, this plugin backs up database files prior to securing your site. It’s easy-to-use, quick start installation makes this plugin ideal for site security.
Well known for its ability to secure and monitor logins, as well as prevent SQL injection attacks, BulletProof Security uses .htaccess files to secure the entire WordPress installation. In addition, it protects against RFI, CSRF, XSS, and Base64 attacks. This plugin also features verbose logging capabilities, which are handy for troubleshooting by your or Nexcess’ admins. The available maintenance mode, backup and restoration of .htaccess files, login security, firewalls, and strengthened access privileges all make this plugin a great option to secure your site.
Check out our Managed WordPress hosting plans with automatic plugin updates, one-click staging, one-click backup and restore and free SSL.