Imagine setting up a WordPress blog on your own. You were able to follow the 5-minute installation instructions, choose and customize a theme, install essential plugins, and post content and media items. A few days after, you find your spankin’ new website either filled with spam links or just downright inaccessible.
If only we live in a world where everyone was noble and filled with good intentions, then I guess Earth will be the best place in the universe (of course, no other inhabitable planet has been discovered yet). Unfortunately, some people want to get away with putting spam content on websites, or even attack the site’s backend in order to gain access to passwords and hidden content.
If you own a WordPress website, then you need to get your hands on these strong-as-steel security plugins that will protect your site from unauthorized access and unfriendly links:
iThemes Security (formally Better WP Security)
With more than 2 million downloads and counting, iThemes Security has established itself as a formidable and essential security plugin for WordPress. This plugin offers more than 30 ways of protection, some of which include fixing of security loopholes, prevention of automated attacks, and protecting user login details.
iThemes Security approaches site security in four ways: hide vulnerabilities, protect against attacks, monitors security compromises, and recovers from a recent attack or error. The latter involves creating backups of the WordPress MySQL database. You can create backups automatically in a prescribed frequency, or manually to you liking.
Hide My WP
One dangerous gateway for attacks is the fact that malicious hackers can simply look at your website’s source code to see if you are using WordPress. A default WordPress installation makes use of the prefix “wp-“ in the database, folders, and files. This serves as an opportunity for attack, because hackers can easily guess your login credentials and gain access to your database. It’s like leaving your door open to brute-force attacks and unauthorized SQL injections.
Hide My WP is a plugin that, well, hides the fact that you are using WordPress. The plugin does this by protecting your PHP files, which could potentially be primary access points to your SQL database. As such, your site will be protected from XSS attacks and SQL injections.
The plugin will use protective names to hide your default file and folder names (wp-login.php and the wp-content folder, to name a few).
All in all, when you install Hide My WP, no one will know that you are using WordPress.
Here’s a plugin designed specifically to create backups and implement restoration of your WordPress website. Backup Buddy, a security plugin from iThemes, provides a fast and reliable way to backup and move your existing WordPress installation.
When you install Backup Buddy, you have the option to store your backups in any of the following storage locations: Backup Buddy Stash, Amazon Web Services, Dropbox, Rackspace Cloud Files, your own FTP server, or your email account.
The people behind Backup Buddy promise a fast setup: you can start using Backup Buddy and create a backup schedule within 1 minute!
Pricing starts at 2 websites, up to unlimited number of sites and a lifetime of updates.
A relatively cheap plugin packed with a great list of features, Security Ninja uses the industry’s best practices to protect your WordPress website from security issues. This plugin can check whether your site is vulnerable to brute-force attacks, fix your site to avoid hacking attempts, and more.
Security Ninja has garnered over 2,400 purchases to date. The plugin was created by WebFactory, a reputable developer of ThemeForest themes and CodeCanyon plugins. With years of expertise in plugin authorship, WebFactory is a pretty solid company to bank on.
Maintaining many users in your website? I highly recommend the PrivateContent plugin to create different user levels and assign specific access options for each level. By creating multi-level login privileges through this plugin, you can set restricted-access pages, private user pages, and more.
The old procedure of implementing this kind of multi-level access is by setting up codes and programs. With PrivateContent, you don’t need programming knowledge to put up user levels. The plugin will present the user levels and customization options in a convenient admin panel for easier management.
In addition, if for some reason you need to totally prevent access to your website in all user levels, PrivateContent provides a one-click website lock.
WordPress Security Question
If your WordPress site welcomes signups and registrations, then you need to secure login access. Why not pose a security question to ask interested registrants? This scheme prevents signups triggered by autobots (and no, I’m not talking about Transformers) that can cause security issues in your site.
WordPress Security Question is a plugin that puts a security question on your signup page. The plugin provides 10 default security queries that you can set up via the backend configuration page.
What makes this plugin unique is its ability to prevent password changes through SQL injection, a method commonly used by hackers to access WordPress websites.
This is applicable not only for single-user WordPress sites, but also WordPress Multi User (WPMU) websites.
Another login security plugin comes from WebFactory, the same authors behind Security Ninja. This particular plugin, named Login Ninja, provides airtight security procedures for registration and login. Some of its major features include the following:
- Uses CAPTCHA for more secure registration and login forms
- Detects and protects against brute-force attacks, and bans suspect IPs automatically
- Keeps note of all login activities through an automated log
- Blocks registration by bots
- Assigns user roles and redirects them to specific pre-assigned pages
Login Ninja can also send updates on site attacks and login information through your email account.
WooCommerce Minimize Fraud Plugin
One of the most popular WordPress e-commerce tools is WooCommerce, a system designed to provide e-commerce solutions for your WordPress installation. Unfortunately, e-commerce sites are highly attractive prospects to fraudulent transactions and malicious-minded people.
With the WooCommerce Minimize Fraud plugin (or eMinFraud for short), online transactions will be reviewed and checked for risk level. If the plugin senses a risky transaction, the said process will be marked for further review.
One of the best features of this plugin is an automated phone verification system, wherein buyers will confirm the purchase or transaction by providing a working phone number. The plugin will attempt to reach the provided contact number, and ask for phone verification from the customer.
In addition, eMinFraud also has the capability to do credit card verification.
Simple SMS Verification
Another method of automated verification to confirm a customer’s identity is through SMS. If you prefer to confirm purchases via text message to a mobile number, then I recommend the Simple SMS Verification plugin.
This affordable plugin requires site visitors to enter a 4-digit verification code that the plugin will send to their mobile phones. Once the code is entered successfully, that’s the only time that the visitors are granted access to the site pages. This is especially helpful if you require your website visitors to sign up as members, or if you want to restrict access to a few chosen people.
Supported SMS gateways include SMSglobal, Twillio, and Clickatell.
The official security and backup plugin tie-in with WordPress.com is called VaultPress. This premium plugin provides automatic backups of your WordPress site, convenient restoration of your backups, and security scans.
Once you activate the plugin, your site becomes connected to the VaultPress servers, where your backups will be hosted. Because this plugin is made by the same minds behind WordPress, you will be assured that your backups are optimized and designed for WordPress websites.
Using the VaultPress Dashboard, you can easily schedule backups, view the calendar of backups that the plugin has automatically created, restore a previous backup in one click, receive alerts on security threats, and read relevant statistics about your website.
Most importantly, VaultPress is backed up by a team of WordPress experts who can help in backing up or restoring your website.