WordPress CMS application itself is a very secure platform. Approx more than 30% website are running on WordPress CMS.
so, WordPress websites are more vulnerable to hacking and data theft these days. So better to protect your blog/website before it hacked or your data should stolen.
Wordfence starts by checking if your site is already infected. Wordfence do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster.
Wordfence Security is 100% free and open source.
WORDFENCE WORDPRESS SECURITY FEATURES
- Blocking Features
- Login Security
- Security Scanning
- WordPress Firewall
- Multi-Site Security
All In One WordPress Security plugin reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
All In One WordPress Security plugin security and firewall features offered in plugin:
- User Accounts Security
- User Login Security
- User Registration Security
- Database Security
- File System Security
- htaccess and wp-config.php File Backup and Restore
- Blacklist Functionality
- Firewall Functionality
- Brute force login attack prevention
- WhoIs Lookup
- Security Scanner
- Comment SPAM Security
- Front-end Text Copy Protection
BulletProof Security is among the popular WordPress security plugin with more than 100,000 plus active installation.
BulletProof Security provides firewall security, database security, login security and many more security options. BulletProof Security comes with four-click setup interface which gives you to just activate this plugin and then relax as it will take care of your website.
BulletProof Security limits failed login attempts and blocks security scanners, fake traffic, IP blocking and code scanners. BulletProof Security keeps on checking the code of WordPress core files, themes and plugins.
List of BulletProof Security features:
- One-Click Setup Wizard
- jQuery UI Dialog Form Uninstall Options: BPS Pro upgrade uninstallation or complete BPS plugin uninstallation
- .htaccess Website Security Protection (Firewalls)
- Login Security & Monitoring
- Idle Session Logout (ISL)
- Auth Cookie Expiration (ACE)
- DB Backup: Full|Partial DB Backups | Manual|Scheduled DB Backups | Email Zip Backups | Cron Delete Old Backups
- DB Backup Logging
- DB Table Prefix Changer
- Security Logging
- HTTP Error Logging
- FrontEnd|BackEnd Maintenance Mode
iThemes Security (formerly Better WP Security) provides you over more than 30 ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.
iThemes Security works to fix common holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users, iThemes Security can help protect any WordPress site.
iThemes Security Features:
- User Action Logging – Track when user’s edit content, login or logout.
- Two-Factor Authentication – Use a mobile app such as Google Authenticator or Authy to generate a code or have a generated code emailed to you.
- Import/Export Settings – Saves time setting up multiple WordPress sites.
- Malware Scan Scheduling – Have your site scanned for malware automatically each day. If an issue is found, an email is sent with the details.
- Password Expiration – Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed).
- Generate Strong Passwords – Generate strong passwords right from your profile screen.
- Dashboard Widget – Manage important tasks such as user banning and system scans right from the WordPress dashboard.
- Online File Comparison – When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.
- Temporary Privilege Escalation – give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.
- wp-cli Integration – Manage your site’s security from the command line.
- Google reCAPTCHA – Protect your site against spammers.
The Sucuri Security WordPress Security plugin is free to all WordPress users. Sucuri Security is a security suite meant to complement your existing security posture.
It offers it’s users four key security features for their website, each designed to have a positive affect on their security posture:
- Security Activity Auditing
- File Integrity Monitoring
- Remote Malware Scanning
- Blacklist Monitoring
- Effective Security Hardening
- Post-Hack Security Actions
- Security Notifications
- Website Firewall (add on)
Acunetix WP Security plugin is a free and comprehensive security tool that helps you secure your WordPress installation and suggests corrective measures for: securing file permissions, security of the database, version hiding, WordPress admin protection and lots more.
Acunetix WP Security checks your WordPress website/blog for security vulnerabilities and suggests corrective actions such as:
- File permissions
- Database security
- Version hiding
- WordPress admin protection/security
- Removes WP Generator META tag from core code
The Simple Security Firewall is the powerful WordPress protection system which is designed for maximum compatibility with your WordPress sites, while providing an uncomplicated approach for beginner and advanced users alike – with NO nasty site lockouts.
Simple Security Firewall features:
- Easy-To-Setup Interface.
- Plugin Self Security Protection
- Exclusive membership to a private security group where you can learn more about WordPress security.
- Blocks malicious URLs and requests
- Blocks ALL automated spambot comments.
- Hide your WordPress Admin and Login page.
- Prevents brute force attacks on your login and any attempted automatic bot logins.
- Verify user identity with email-based Two-Factor Authentication
- Monitor login activity and restrict username sharin, with User Sessions Management
- Review admin activity with a detailed Audit Trail Log
- Turn on and turn off WordPress Automatic Updates separately for plugins, themes and Core
- Easy to use kill switch to temporarily turn off all Firewall Features without disabling the plugin or even logging into WordPress.
- Plugin Admin Access Protection
- Audit Trail Activity Monitor
- Firewall Protection
- Brute Force Login Protection and Two-Factor Authentication
- Comment SPAM (Full replacement and upgrade from Akismet)
- FABLE – Fully Automatic Black Listing Engine
Security need everywhere, its life or cyber world as on average, 30,000 new websites are hacked each day.
There are more plugin that provides different level of security to blog websites