While we think WordPress is a great application for creating websites, its popularity also makes it a major target of hackers who want to gain control of sites to send spam, set up phishing websites, attack other servers, or upload malware.
Thankfully, there are a number of different steps you can take to make your website more secure, as well as lots of plugins designed to help you protect your WordPress installation. To help you find the right solution for your needs, we’ve chosen 6 of our favourite (and free!) WordPress security plugins.
This free WordPress security plugin helps make your site more secure by hiding or protecting sensitive areas of your website. Better Web Security will rename your admin account, make a minor, yet effective, change to user IDs, alter the wp-content path, remove login error messages, change the URLs for various aspects of the WordPress dashboard, and even allow you to prevent anyone from logging in to the admin area for a specified period of time, such as during the weekend, overnight, or while you’re on holiday.
This WordPress security plugin will also scan your website for vulnerabilities and fix them immediately, ban users and hosts who exceed a set number of invalid login attempts, monitor your file system for unauthorized changes, and even create regular backups of your databases and emails which you can restore if your site ever gets compromised.
BulletProof Security, a free WordPress security plugin, provides .htaccess website security which stops malicious scripts before they get the opportunity to reach your site’s PHP code. This free WordPress security plugin will protect your site from Base 64, CRLF, CSRF, RFI, XSS, SQL, SQL injection and code injection hacking attempts.
BulletProof Security also includes login security and monitoring, so you can choose to receive email notifications when an administrator logins or a user is locked out. Plus, you can use this WordPress plugin to put your site in maintenance mode which means only users from specified IP addresses are able to access the dashboard. If you want the added protection of .htaccess security, but you don’t have the knowledge or time to manually configure files, then you should definitely try BulletProof Security.
If you’re looking for a free WordPress security plugin to help you detect malware on your site, then you have to check out Sucuri Security — SiteCheck Malware Scanner. This WordPress plugin will automatically scan your website for malware, errors, database connection issues, blacklisting, .htacess redirects, SPAM injections, and code anomalies and tell you about any problems it finds. Plus, Sitecheck Malware Scanner includes a number of 1-click hardening options which verify your WordPress and PHP version, restrict wp-content and wp-includes access, and protect your uploads directory.
This free WordPress security plugin includes malicious URL scanning, a firewall, real-time traffic monitoring with geolocation, and multi-site compatibility. Wordfence Security will regularly compare your plugins, themes, and core files against WordPress.org versions in an effort to find vulnerabilities, scan your site for known backdoors, malware variants, suspicious code, and phishing URLS, check the strength of your admin and user passwords, and block or limit threats like scrapers, bots and aggressive crawlers. Plus, if your plugins, themes or core files have been compromised, this WordPress plugin can repair them for you.
Login Security Solution, a free WordPress security plugin, will help prevent dictionary and brute force attacks without impacting your site’s legitimate users. This WordPress plugin tracks passwords, usernames and IP addresses, and it monitors how many times someone using the same data is unable to login. Every time someone with the same data fails to successfully login, this plugin slows down your site’s response time, making it likely the attacker will stop targeting your website. However, if the hacker is undeterred and gains access to your admin area, Login Security Solution will end their session and force them to use the password reset option before they can get back in.
This free WordPress plugin uses a security question to add an additional layer of protection to your site, making it harder for unauthorised users to gain access to your admin area. With Login Dongle you simply choose your challenge and response, and add a bookmarklet to your browser. Then, the next time you login, just enter your username and password, click the bookmarklet, and provide the answer you set up earlier. If someone else tries to login without clicking the bookmarklet, they will receive a custom error message.