Its very important that your WordPress based website is safe and secure. One of the simplest ways to achieve this is to make sure you run the latest version of WordPress. It addresses many WordPress security issues straight out of the box. Our web hosting customers can benefit from automatic updates to there WordPress installs OR at the least be notified when a new version is available.
To stay proactive and above and beyond using the latest version of WordPress you can also install WordPress Security plugins to help keep your site safe.
The 3 best WordPress Security plugins in 2015 that we recommend are as follows (this is not a full list but the ones we recommend)
PLUGIN #1: iThemes Security – Better know as Better WordPress security and now renamed to iThemes Security. This plugin has over 30+ methods to protect your website. At the time of writing its compatible with the latest version of WordPress (version 4.1) and has had over 3 1/2 million downloads.
Its easily installable as with any WordPress plugin. Once installed you can use the ‘quick’ fix method to fix all issues that it finds but our preferred method is to do it all manually.
There are many features of the plugin that we love. As an example, you can change the ID of the admin user. Typically all standard installs of WordPress ads the admin user with an ID of 1. This, in some cases, can be used to brute force attack your site. A quick setting allows you to change this.
You can also block access to the editor (useful if more than 1 editor is using your site). Activate away mode for when you don’t want anyone to access your site at specific times of the day or night. Another feature we love is the ability to restrict access to specific files, writing to files such as wp-config.php and .htaccess.
You can also use the Google ReCaptcha service, activate the malware scanning and there is a nifty file and database backup option. It may seem like a very complex plugin but after the initial configuration of the plugin its a case of letting it run in the background.
They do offer tutorials for those that need to get into the settings a little bit more and even have a brute force network protection option.
All in all for a free plugin this is a must-have. It gives you a basic amount of protection that we think should come as standard in all WordPress installs. You can view information and download the plugin from the official WordPress repository here: Ithemes Plugin for WordPress
PLUGIN #2: WordFence Security – This plugin considers its self as an enterprise level plugin. Its been downloaded over 4 million times and is compatible with the latest version of WordPress.
Upon the standard plugin install routine and activation the plugin will scan all plugin and theme files to see if there is a compromise anywhere and then compares the files to the official WordPress repository files. We have found a few false positives but it generally does what it states..
The plugin includes a quick check for the heart bleed issue which is a plus. It also stops known real-time blocking of attackers. A firewall is also included to block common security threats like fake googlebots and botnets.
The plugin also scans for many known backdoors that create security holes including C99, R57, RootShell, Crystal Shell, Matamu, Cybershell, W4cking, Sniper, Predator, Jackal, Phantasma, GFS, Dive, Dx and many many more.
It can also limit or throttle bots to save you bandwidth which is a bonus. Finally, the best feature we like about this plugin is that it has a real-time view of all traffic that includes humans and bots right from the admin section.
This plugin is feature rich and we have only touched upon some of the features we like above. View more information about the plugin and download WordFence WordPress Security from the official WordPress repository. You can also watch the video below for more on WordFence WordPress Security plugin in action
PLUGIN #3: The 3rd best WordPress security plugin for 2015 isn’t actually a WordPress security plugin as such. It’s more of a test to check to make sure your theme has been built to the standards that WordPress itself recommends.
This helps greatly in making sure that no non-standard code has been used to create the theme which could inevitably allow people to access your site via backdoors! It also allows you to identify if the theme has been built to standards that also allow it to use all the features you would expect from a WordPress based site!
The plugin in question is called Theme Check and has had nearly half a million users download it. We recommend this plugin as it would identify areas of your theme that could be compromised especially if its a custom built theme!
Important note: Before downloading and installing any plugin that changes your core files OR makes changes to the database we highly recommend that you take a backup. Its always highly recommended doing so!
We have also had no issues in using ALL 3 plugins together. There aren’t any conflicting issues that we have come across and we have installed ALL 3 in a multitude of websites!