Due to the recent massive botnet attacks, and since most web masters site are being hacked everyday. We need to find a way to harden the security and make sure that our site is protected from hackers, injection and the like.
And since WordPress is recognized as best CMS there is, which is why it is being used by millions of bloggers and big companies wordwide, security becomes a pain from hackers / attackers.
According to wpwhitesecurity.com
According to statistics From 40,000+ WordPress Websites in Alexa Top 1 Million, more than 70% of WordPress installations are vulnerable to hacker attacks.
Another statistics to how the hackers are finding their way to attack WordPress websites, according to wpsmackdown.com
The Ways Hackers Gain Access
There’s an infographic out there that depicts the various ways WordPress sites get hacked. The sources appear to be quite scattered, but let’s assume they are at least somewhat accurate. Here’s what it says about WordPress hacks:
- 41% were hacked through a security vulnerability on their hosting platform
- 29% were hacked via a security issue in the WordPress theme they were using
- 22% were hacked via a security issue in the WordPress plugins they were using
- 8% were hacked because they had a weak password
Today, we collected the Best WordPress Security Plugin that can protect your website against hacks and injection. These security plugins can add a layer of protection from attackers that wanted infect / ruin your site.
Best WordPress Plugin
iThemes Security (formerly known Better WP Security)
iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.
Check out the settings tutorial here.
Wordfence Security is a free enterprise class security and performance plugin that includes a very fast caching engine, firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security and performance plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.
All In One WP Security also uses an unprecedented security points grading system to measure how well you are protecting your site based on the security features you have activated.
WordPress Website Security Protection: BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection.
Smart plugin you can protect your login page from Brute-force attacks also you can track login history.
Look-see Security Scanner is a relatively quick and painless way to locate the sorts of file irregularities that turn up when a site is hacked. This is broken down into multiple searches.
Sucuri SiteCheck will check your site for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc. The best thing about it is it’s completely free.
Prevent unauthorized access to your WordPress site with Toopher’s innovative location-based two-factor authentication solution.
WordPress automaticaly uses “User login” to fill in the “User Display Name”. WordPress also allows everyone to use the same value for Nickname, Display Name and Login. A hacker can easily see then use your “NickName” or “Display Name” to find your real login. The body_class function also shows to everyone your User ID and Login on author pages.
SECURE shows you exactly how to lock down your WordPress sites. Everyday new security risks are found and hackers are ready to use them against your websites.
Centrora Security is a new plugin that modified from OSE Firewall Security. A WordPress Firewall Security to protect your WordPress Sites from attacks and hacking. The built-in Malware and Security Scanner helps you identify any security risks, malicious codes, spam, virus, SQL injection, and security vulnerabilities.
Jumpple protects your website against technical, content or any other issues that may occur.
Acunetix Secure WordPress plugin is a free and comprehensive security tool that helps you secure your WordPress installation and suggests corrective measures for: securing file permissions, security of the database, version hiding, WordPress admin protection and lots more.
Scans wordpress website server security for detecting possible vulnerabilities and hacks.
Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
The Total Security plugin is the must-have tool when it comes security of your WordPress installation. The plugin monitors your website for security weaknesses that hackers might exploit and tells you how to easily fix them.
The WebsiteDefender WordPress Security plugin is a free and comprehensive security tool that helps you secure your WordPress installation and suggests corrective measures for: strengthening passwords, securing file permissions, security of the database, version hiding, WordPress admin protection and lots more.
Automatically changes all external links on the blog to redirect through various anonymization services, used to hide the source (referer) of traffic.
Simple Security Plugin for WordPress is an Access Log to track Logins and Failed Login Attempts for the admin area of your WordPress Website.
You should check out the best wordpress security plugin for you, I personally use iThemes Security and tried out Wordfence because I’ve heard a lot of folks from them. Use these plugins to add a layer of security to your wordpress website, make sure you do the proper settings to harden the security.
What about you? What do you use to maintain the security of your website? Share with us in the comments below!