Editor’s note: This post is part of our collection on managing multiple WordPress sites.
If you have a WordPress website for your small business, and you haven’t already learned about security and security plugins, your time is now. This is an essential part of maintaining your website. In this post, in addition to looking at some of the top WordPress security plugins, you’ll learn why you need them, and some of the features you will want to look for to keep your website safe.
Please note that if you’ve been hacked already and are reading this article in hopes of cleaning your hacked website, you will want to seek a solution like GoDaddy’s Express Malware Removal, powered by Sucuri.
Do I need a WordPress security plugin?
For the new WordPress user, you probably ask yourself, “Do I need a WordPress security plugin?” The answer is a resounding YES, especially if you’re not code-savvy enough to tackle the Hardening WordPress section of the WordPress Codex.
Security is a big deal. WordPress security plugins help you protect your investment of time and money to create your website.
In not protecting your investment, you risk losing parts of your website or all of it. Whether it is a website geared to selling items online, or an informational website to get people to come to your brick-and-mortar location, your website needs to be up to help your business make money. It can be a real nightmare when your website goes down because it was hacked.
If you’re a bit short on technical know-how, here are 10 simple non-technical ways to secure your WordPress website. Some of the work you can do is by choosing a good and secure host, using really strong passwords, and even creating regular backups.
Pro tip: Looking for a secure host for your WordPress website? Check out GoDaddy Managed WordPress hosting. It includes automatic WordPress core software and security updates, plus daily backups.
Features to look for in WordPress security plugins
Before listing some of the top WordPress security plugins, you really need to know some of the features that you want to look for when choosing the right security plugins for you.
- Has a strong malware scanner – There are so many ways to be hacked, and if the scanner on your WordPress security plugin doesn’t address scanning for several types of hacks, then it is useless in helping to detect anything that doesn’t belong on your website.
- Includes a Web Application Firewall or some type of reliable firewall – Or at least a way to purchase the service. Some plugins might not offer this feature for free, but a firewall really helps in blocking malicious bots from reaching your website. It prevents your website from bigger problems like being hit with tons of bots at the same time, which exhausts your website’s resources and can take your site down.
- Emphasizes strong password and logins – Your security plugin should help educate you a little bit on what you need, especially basic things like having a strong username, password, and the ability to log in in more security. A security plugin that has two-factor authentication can help you implement a more secure way to log in on your website.
- Can help repair files that might be compromised – As a small business owner, you probably don’t have the time to edit malware out of the files in your website. If your security plugin can compare some of the WordPress core files, as well as free WordPress.org plugins, to their originals, and even provide a way to restore those files, it can save you a lot of time.
- Checks your website against Google’s Safe Browsing list – Google is the No. 1 search engine in the world, and if your website has malware or may be labeled as hacked content, then your website could be losing traffic. Google actually labels websites that have been found with malicious hacks or suspicious content.
- The plugin actually works! – Yes, some people choose older plugins that are no longer compatible with their current version of WordPress. If your WordPress security plugin isn’t working, then you’re sitting there with a sign that welcomes an eventual bot attack or hacking.
6 top WordPress security plugins
Below are the top WordPress security plugins available. Some of these can be stacked together, but others should be used alone. It’s important to read each plugin’s description, and their features, to pick one you’re comfortable with.
- Sucuri Security
- iThemes Security
- GOTMLS/ Antimalware and Brute-Force Firewall
- Shield Security
- All In One WP Security & Firewall
As a note, all of the plugins listed below have hundreds of thousands of users who have attested to their trustworthiness.
1. Sucuri Security
Sucuri Security is a highly popular WordPress security plugin with the following features:
- Monitors user activity
- Monitors files and if they’ve been changed
- Has hardening settings to block bots from adding malicious files to your site
- Offers a website firewall for premium users (paid upgrade)
- Has blocklist monitoring in case you’ve been blocklisted from places like Google, McAfee, Norton and more
Wordfence has more than 2 million active installs across the world. This plugin offers a means to purchase their strong premium Web Application Firewall, and features like:
- Blocks bad bots and fake Googlebots
- IP or country blocking (paid feature)
- Live monitoring or real-time blocking
- Options to throttle or block users or bots in ways that may be suspicious or a potential risk to your website
- Two-Factor Authentication
- Enforces users to create strong passwords
- Brute force login security
- Scans files against WordPress core files, WordPress themes, and WordPress plugins
- located at WordPress.org
- Scans for malicious code like trojans, backdoors and more
- Has support for WordPress multisite
3. iThemes Security
iThemes Security, formerly known as Better WordPress Security, was created by adding a bunch of features from different WordPress security plugins to make one huge plugin. The intention was to prevent having to stack myriad WordPress plugins while providing a means for the WordPress user to go through a security checklist. This plugin offers many different options to help guide users through securing their WordPress website.
4. GOTMLS/ Antimalware and Brute-Force Firewall
Anti-Malware Security and Brute-Force Firewall, also well known in the WordPress community as GOTMLS, is respected for its powerful malware scanner. This is a plugin that might be more suitable for tech-savvy users. Between Wordfence and GOTMLS, in this list of top WordPress Security plugins, you can find most types of malicious code or threats. Aside from the scanner, this plugin includes a firewall to help block vulnerabilities.
5. Shield Security
Shield Security has a lot of different options for securing and hardening websites. Here are some of the features:
- Two-factor authentication
- Renaming WordPress login URL
- Brute force protection
- File integrity checking
- User monitoring
- Email reporting
- User management
- Help with reducing comment spam
- Hack protection
- Option for auto-repairing compromised files for WordPress core, or plugins or themes from WordPress.org
- IP manager
- Lockdown on areas like hiding WordPress version, blocking XML-RPC, prevent file editing, and more
6. All In One WP Security & Firewall
All in One WP Security & Firewall is designed with many of the same features as iThemes security. Why All In One over iThemes Security? Some web hosting and plugin setups cannot handle iThemes but might be able to handle All In One. My suggestion is to install and test each plugin to see what works best for you. In the end, the important thing is to choose a WordPress security plugin that actually works!
These are just a handful of the great WordPress security plugins available to help protect your website. Do your research, pick one or more security plugins to try, and start taking a more proactive approach to WordPress website security.
Image by: Chance Monnette on