WordPress has become the most popular content management system (CMS) with its features and flexibility etc, and it is also important to ensure the security of the WordPress blog.
Before we get started – let’s checkout below different types of security issues:
- SQLI
- Upload
- CSRF
- Multi
- LFI
- RCE
- FPD
- Auth bypass
- RFI
- Bypass
- Redirect
- XXE
- DOS
- SSRF
I’m sure we may not have heard all of these before at all. Some of them are very crucial and major security patterns. Reason I’ve posted this list because some of the plugins are very well designed and provides reasonable configuration options to above these attacks at free cost.
In this tutorial we will go over my favorite WordPress Security Plugins. I would recommend my readers to use only one of these on their live site.
Let’s get started:
Plugin-1) iThemes Security Plugin Review
Rating:
4/5
Link:
https://wordpress.org/plugins/better-wp-security/
This on is my favorite one. Very simple and straight forward options including Backups.
Under settings tab – plugin provides very clean and detailed options.
Also, plugin creates 3 extra Database tables.
During uninstall process – plugin also removes these 3 tables
and all setting inside .htaccess
file and wp-config.php
file. I would recommend using this plugin.
Plugin-2) Wordfence Security Plugin Review
Rating:
3/5
Link:
https://wordpress.org/plugins/wordfence/
Wordfence Security is most used and downloaded plugin on WordPress Plugin repository. It provides list of security features. But there is a catch, not all features are available for free users. They do have premium plan with $5/month which removes restrictions on all below features.
When I installed plugin on my localhost (on my Macbook Pro), noticed 20 extra DB tables
added by Wordfence. I hate that. Personally – I don’t want any plugin to create extra tables in my DB except YARPP. Take a look at this.
Should I use it? I would say it’s up-to you, but I would definitely pass on this. It might be too heavy on DB and may impact your live site. I would suggest to follow manual security optimization steps.
Interestingly – uninstall process doesn’t delete these added tables from DB and that’s not right approach too. Plugins uninstall process should be clean and efficient
.
Plugin-3) All In One WP Security & Firewall Plugin Review
Rating:
4/5
Link:
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
There is no premium version available for this plugin and that’s good news
. All of the mentioned and provided features in this plugin doesn’t need any activation key.
This one is also one of my favorite plugin. Here are the features:
Each and every setting option has multiple tabs with more settings. I would suggest you to go over each and every setting, read carefully and update. It’s better to take .htaccess
file and wp-config.php file backup before enabling any features.
Feature list is too long. There is no point rewriting features here rather please visit each and every plugin site for full features list. Between – this plugin also creates 6 database tables
during installation which wont be deleted after plugin uninstallation step. So, if you decide to delete plugin then you have to delete those 5 tables manually.
Summary:
NOTE:
You do not need to download all these plugins. I would suggest, go for iThemes Security
first and then all in one Security
and Firewall.
If you have a good budget and do not want to involve into all of these settings by yourself, you could go for premium versions
for better supports and features.
VaultPress also provides Security Features and I’m kind of interested in purchasing $29/month
package for Crunchify.com. Site doesn’t provide any details unless you purchase it. If anybody of you know what all features VaultPress security package provides then please let me know.
NOTE:
Personally I’ve implemented all steps mentioned here: https://crunchify.com/secure-your-wordpress-blog/