Recommended WordPress Security plugins
There are many different security plugins available for WordPress. Below are the most recommended plugins and a brief explanation of the plugin from the developers.
Plugin site URL: http://www.wordfence.com/
Notes from the plugin developer: "Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don't have backups. Wordfence is now Multi-Site compatible."
Plugin site URL: http://www.ait-pro.com/
Notes from the plugin developer: "WordPress Website Security Protection: BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. Security Logging. HTTP Error Logging."
Plugin site URL: http://bit51.com/
Notes from the plugin developer: "Better WP Security takes the best Wordpress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site."
Plugin site URL: https://www.sec-consult.com/en
Notes from the plugin developer: "Official Launch The beta phase is officially over and we are very happy with the feedback and reception so far! Thanks for all your support! We have implemented a coupon system, so upon subscribing multiple sites you will receive coupons that can be entered to activate any other plugin. This allows you to share subscription costs and get a juicy discount! Security has never been this simple!"
Plugin site URL: http://www.analysisandsolutions.com/
Notes from the plugin developer: "A simple way to lock down login security for multisite and regular WordPress installations. Blocks brute force and dictionary attacks without inconveniencing legitimate users or administrators Tracks IP addresses, usernames, and passwords Monitors logins made by form submissions and auth cookies If a login failure uses data matching a past failure, the plugin."
Plugin site URL: http://www.artistscope.com/
Notes from the plugin developer: "Insert Secure Image Pro encrypted images to pages and posts from your WordPress page editor that are supported across all web browsers on all operating systems, ie: Windows, Mac and Linux. Hand-held devices that can use Java will also be supported. Easy install. Upload and embed encrypted images using WordPress native media tools."
Plugin site URL: http://mywebsiteadvisor.com/
Notes from the plugin developer: "Simple Security Plugin for WordPress is an Access Log to track Logins and Failed Login Attempts for the admin area of your WordPress Website You can add a widget to the admin dashboard for logins and failed login attempts. Upgrade to Simple Security Ultra for advanced features including: Configurable email alert notifications when selected conditions are met."
Plugin site URL: http://www.webfactoryltd.com/
Notes from the plugin developer: "Visit Security Ninja's homepage for more details, FAQ and documentation. perform numerous security tests with one click check your site for security vulnerabilities and holes take preventive measures against attacks don’t let script kiddies hack your site prevent 0-day exploit attacks more test coming daily."
Plugin site URL: http://www.seomix.fr/
Notes from the plugin developer: "WordPress automaticaly uses User login to fill in User Display Name. WordPress also allows everyone to use the same value for Nickanme, Display Name and Login. A hacker may use this information to find your login. And the body_class function also shows to everyone your User ID and Nicename ont author pages. Once activated, User Name Security will prevent WordPress from showing those informations."
Plugin site URL: http://www.blobfolio.com/
Notes from the plugin developer: "Look-see Security Scanner is a relatively quick and painless way to locate the sorts of file irregularities that turn up when a site is hacked. This is broken down into multiple searches: Verify the integrity of all core WordPress files; Search wp-admin/ for unexpected files; Search wp-includes/ for unexpected files; Search wp-content/uploads/ for hidden PHP scripts;."
Plugin site URL: http://www.iosec.org/
Notes from the plugin developer: "This module provides security enhancements against (HTTP) Flood & Brute Force Attacks for Wordpress. Massive scanning tools (like vulnerability scanners), HTTP Flood tools can be blocked or detected by this module. This module can be integrated with htaccess, any firewall, iptables or etc. via "banlist" file."
Plugin site URL: http://ruanglaba.com/
Notes from the plugin developer: "This is plugin will put empty index.html on every folders on wp-content/uploads to prevent content theft."
Plugin site URL: http://wordpress.org/extend/plugins/transparency-secured-images/
Plugin site URL: http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/
Notes from the plugin developer: "WordPress itself is a very secure platform. However, it helps to add some extra security and firewall to your site by using a security plugin that enforces a lot of good security practices. The All In One WordPress Security plugin will take your website security to a whole new level. This plugin is designed and written by experts and is easy to use and understand. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques."
WordPress security Plugins
2014-03-04 3:54 am
Is there any chance that you could please include the All In One WP Security & Firewall plugin on your "recommended-security-plugins" page?
2014-03-04 12:07 pm
As this is indeed a great plugin to use, I have added it to our list.
2014-05-17 8:30 pm
Do you need to install more than one? I was thinking of installing the All In One WP with the Wordfence security plugins. Bad Idea?
2014-05-19 8:42 am
It is typically a good idea to only install one of these as multiple installations of different security plugins can cause unexpected results.
2014-09-14 3:03 am
Do you recommend the in the order in which you listed them? -- i.e. WordFence is no. 1 on your list? Are there any that you think are simpler for "regular people" to manage, but still give good protection. I know that for some of these plugins, there are some dangerous settings! Thanks.
2014-09-15 8:29 am
They are not listed in order of preference, but WordFence was one of the better ones. As for which one is easier to use, that is entirely up to the individual so feel free to see which one you are more comfortable with.