Skip to Main Content

WordPress Developer's Guide to Security: Security and Backup Plugins

Divi: the easiest WordPress theme to use

Divi: The best WordPress theme of all time!

With over 901.000 downloads, Divi is the most popular WordPress theme in the world. It is complete, easy to use and comes with more than 62 free templates. [Recommended]

If you joined us last week, you know that we have spoken in depth about good WordPress management with a special emphasis on connections. Controlling how people access your site can dramatically reduce hacking attempts.

Sometimes, however, you have to go further. While WordPress Core is pretty secure to start with, you might want to consider a security plugin to increase efficiency and protect your site even more. This is precisely what I am going to talk about here today. Plus, I'll even go over a few backup plugins to protect your data as well.

If you missed a previous installment, please come back at any time:

If you're ready to move on, read on!

Why do i need a security plugin?

Primarily, security plugins provide an extra layer of protection against brute force attacks and malware. They provide you with a set of tools that, when properly configured, help you put on autopilot some of the key security tasks that you need to perform on a regular basis. The best plugins also help you recover from a hack faster, if you fall victim to it.

For Mark Maunder, founder of Wordfence, the idea was to create a plugin that installs comfortably on WordPress and improves functionality already built into Core.

With that in mind, let's take a look at some of the best security plugins currently available and what makes them so beneficial.

Theme Security

It is a very popular plugin choice for security. Formerly known as Better WP Security, iThemes Security offers many ways to secure your site. In fact, it automatically does many of the things we've discussed in previous articles, like implementing obfuscation tactics. For example, this plugin changes your login and administration URLs, removes the meta-generator tag, renames the account "admin", and more.

It also offers several protection features such as performing security scans to locate malware and vulnerabilities, improving server security, banning users with too many invalid login attempts, banning bots, strict enforcement of passwords, etc.

iThemes Security also offers detection features and can notify you when unauthorized changes have been made. It can also detect bots and can be configured to send you emails when someone tries to login too many times without success. Recovery features are also available because iThemes also performs backups. This pairs well with iThemes' dedicated backup plugin, BackupBuddy.

There is also a Pro version of iThemes Security, which offers user action logging, two-factor authentication, malware scans, and more.

Easily create your website with Elementor

Elementor allows you to easily create any website design with a professional look. Stop paying expensive for what you can do yourself. [Free]

All in one WP Security and firewall

All-in-one WP security firewallAnother security plugin option is called All in One WP Security & Firewall and has a long history of delivering high quality results to small bloggers and large developers. I think what sets it apart is how easy it is to set up and use right out of the box. It also includes a security point scoring system that lets you see how well you are protecting your site from hackers. From there, you can turn different features on and off to see what effect it might have on your note.

This free plugin allows you to configure a variety of security protocols with just a few clicks. For example, you can change the user name "admin", identify users with identical login and display names, and activate a password strengthening tool.

An included login lock feature protects your site from brute force attacks, as you can ban IP addresses and users who make too many bad login attempts. You can also force users to log out, view account activity, and even add specific IP addresses to the whitelist. Database and file system security features are also included, along with htaccess and wp-config.php backups.

The included firewall feature allows you to modify your htaccess file to prevent hackers from even accessing your site code. All in One WP Security & Firewall lives up to its name and also includes a security scanner, text copy protection, whois search function, spam security, automatic updates, and more.

Sucuri security

Sucuri securitySucuri Security is another very popular security plugin for WordPress without which no list on the subject would be complete. The SiteCheck feature allows you to scan your site for current security vulnerabilities and malware. You can look for all kinds of issues, from malware like I said, to spam injections, phishing attempts, redirects, downgrades, etc. It can also detect cross-site scripting, obfuscated JavaScript injections, PHP emails, hidden iFrames, anomalies, and IP cloaking.

The scanner also uses APIs for several popular blacklist detectors to give your site in-depth analysis. These external sources include Norton, McAfee SiteAdvisor, and AVG to name a few. Once you have completed the scanning process, you can then 'power up' your site by activating various features with one click. While they do not individually offer the highest level of security, together they provide sufficient site protection.

Some of these features include protecting your download directory, restricting access to wp-content and wp-includes, checking WordPress and PHP versions, and disabling plugin and theme editors. You can also choose to check each main WordPress file to see if any changes have been made and if they are hidden backdoors on your site.

Sucuri also offers several security plans in addition to its free plugin, if you are looking for a more robust security solution.

Are you looking for the best WordPress themes and plugins?

Download the best plugins and WordPress themes on Envato and easily create your website. Already more than 49.720.000 downloads. [EXCLUSIVE]

Wordfence Security

Wordfence SecurityAs I mentioned before, Wordfence Security is another high quality plugin based security solution for your site. Once installed and activated, it performs a deep scan of your site to see if the source code matches the official WordPress core files. If everything is checked, then the security features are activated to protect your site against the possibility of future hacking attempts.

It offers both a free and a premium version, but both are based on the Wordfence Cloud platform, which means the firewall and scanning process is largely done on its own servers. This means virtually no load on your site. “We have our own dedicated physical servers in our datacenter in Lynwood, Washington,” Maunder explains, saving “customers from having to use additional processors, memory and drives on their own servers”.

This plugin supports multi-site logins, cellphones, popular plugins like WooCommerce, two-factor authentication, enforcing strong passwords, file scanning, etc. It also includes a firewall to protect your site from bots, malware, and brute force attacks. Once installed, you will also have the ability to block malicious networks and known attackers, all in real time.


raw protectionRecently acquired by Automattic, BruteProtect is a security solution for WordPress designed specifically to protect against brute force attacks. Along with this core functionality, it also offers multisite protection, a dashboard to monitor attacks, remote automatic updates for core files (as well as plugins and themes), and uptime monitoring.

It won't protect you from all security issues, but it is effective and has the official WordPress seal of approval.

Acunetix WP Security

Acunetix WP SecurityHere is another popular choice. Acunetix WP Security is completely free and makes it easy to scan and secure your site quickly. You can easily set up file permissions, establish database security, hide the version of WordPress you're using, avoid issues with the "admin" username, and more.

It is multisite and backup compatible, and provides reports on overall security and file permissions after scans. What I like is that it includes a live traffic tool to check who is on your site while they are browsing.

Bulletproof security

Bulletproof securityThe last security plugin I'm going to talk about here today is Bulletproof Security. This plugin offers many of the same features as the plugins I already talked about here, like htaccess changes, database backups, and security logging. It also comes with a UI theme changer to customize your interactions with the plugin.

The pro version includes many other features like one-click setup, failback, IP based firewall, error logging, etc. You can also count on database backups, brute force protection, IP ban, firewall configuration and many other features that I can't list all of them here. Seriously, go read its description of the plugins directory and be prepared to be surprised by its thoroughness!

The importance of backup plugins

In addition to taking advantage of a security plug-in, you should also prioritize using a backup plug-in. As you may have noticed, several of the security plugins I talked about here today include backup functionality or their manufacturers have backup plugins available as well.

Regularly backing up your site (and automating the process) is vital to a comprehensive security plan. How else do you restore your site's files to their pre-pirated state in the event of an attack? While there are plenty of backup plugins out there, some of the most popular include VaultPress, WordPress Backup to Dropbox, and BackupBuddy. Ranging from free to paid, these plugins will make sure your WordPress files and database are safe and sound no matter what.

In case you didn't know, ManageWP also offers backups as part of its core feature set. You can schedule backups in advance and make the process fully automated, which is the best way to ensure that they happen on time, every time.

Easily create your Online Store

Download free WooCommerce, the best e-commerce plugins to sell your physical and digital products on WordPress. [Recommended]


While you can manually set many security settings in WordPress, going the plugins route can make your life easier, especially if you need to set up proper security on many sites. The above plugins should get you started in your search for the best solution.

In the meantime, be sure to let me know your favorite security plugin in the comments below. And come back next week for another security post!

Source link

This article features 0 comments

Leave a comment

Your email address will not be published. Required fields are marked with *

This site uses Akismet to reduce unwanted. Learn more about how your comments data is used.

Back To Top