Best WordPress Security Plugins To Increase Security
By James Flarakos | May 19, 2021
To keep yourself as safe as possible here at SeekaHost we have got the Best WordPress Security Plugins that you need to have on your WordPress site. These plugins will also work together really well as they will stop a number of attacks on your site. This includes:
- Brute Force Attacks
- Limiting Logins Attempts
- Stopping and Detecting Malware
- Disabling XML-RPC API
- Disabling wp-config.php
- Block Dangerous IP’s
Why Use WordPress Security Plugins?
Unfortunately these days data is very valuable and people want to steal data no matter how big or small your site may be. Whether it be passwords, email address, other peoples IP’s. They have many methods of trying to extract that information.
So we need to make their job harder for them. To do this we have pulled the best WordPress Security Plugins to use together to combat any unwanted threats to your site. Although we very much encourage using a long and strong password and username there are more ways your site could be attacked.
Between these three plugins you will be protected from a variety of things listed including the ones listed at the top of the article.
Table of Content
I-Themes Security (Formally Known As WP-Security)
WordFence Firewall & Malware Protection
I-Themes Security Plugin Options
To Hide Back End (URL Slug) of your site you will need to access the dashboard of I Themes and Select the Hide Backend option. Your can now change the URL slug on the top selection box to a unique URL slug. For example if you site is called www.mysite.com and your normal login procedure is to type www.mysite.com/wp-admin. By changing the URL slug to “tophat” will make the only way to log into the back end of your site if you type www.mysite.com/tophat
By doing this you can stop a huge amount of armature hackers trying to gain access to the admin account on your WordPress site just by typing /wp-admin at the end of the site address.
If you want to Limit Login Attempts for users then head down to the Local Brute Force Protection option of I Themes and change the number of login attempts to 3 or 5. Also increase Minutes to Remember Bad Login (check period) I increase mine to 1 or 2 hours.
To disable Disable wp-config.php select the all tab in I Themes Security and go to the wp-config.php on the bottom. This will write the required code into your WordPress site with out you having to do it manually. Simply select Write Code and it will be done for you.
Other Settings to change on I Themes to keep you safe are, enable 404 detection. 404 detection looks at a user who is hitting a large number of non-existent pages and getting a large number of 404 errors. 404 detection assumes that a user who hits a lot of 404 errors in a short period of time is scanning for something (presumably a vulnerability) and locks them out accordingly.
Enable File Change Detection so that you will be notified when any suspicious files changes have occurred.
If you dont want to install a plugin specifically to disable XML-RPC then you have the choice on I Themes Security also. Simply select the WordPress Tweaks and then using the drop down menu select Disable XML-RPC.
WordFence Firewall & Malware Protection
WordFence has a great scanning system to detect for malware. You can select what type of scan you want, whether it be a light one, medium one, full or custom scan. Once you have your preferences setup just click scan and it will check for any malicious content.
They have made Setting Up The Firewall extremely easy by choosing the option through the settings. And from experience they do a very good job of actually detecting and stopping any suspicious activity. Not only will they block potential threats but it will also inform you of any login attempts, phishing and much more.
To check for any suspicious traffic simply choose the Tools option under WordFence and it will give you a live list of logins, logins attempts, banned IP’s and more.
Blocking IP’s or researching who it is by tracing their IP has never been easier. From the Tools option you can see the live list of suspicious activity. To block and IP address just select the IP address flagged up by the firewall and click on Block IP. To look the up further select the WHOIS option next top block IP.
Disable XML-RPC-API Plugin
To disable your XML-RPC you can download this plugin and it will do all the hard word for you. It will give you a larger range of settings compared to just switching it off i full using the I Themes security plugin.
It is a method for 3rd parties to access the WordPress site like mobile applications for WordPress. How ever it leaves a security risk due to people been able to exploit this so I always suggest disabling it unless you are specifically designing the site on your mobile device.
SeekaHost WordPress Hosting
Other Posts You Might Like
Starting a WordPress Site | 5 Things to Consider
There are many reasons why you might want to start a blog or a WordPress site. From sharing video content, creating tutorials, selling your products, creating income from your WordPress site and much more.
And with some many people getting started with… click to continue reading.
How to Structure your Blog Posts in 5 Easy Steps
5 steps you need to know to make a successful post and maximise traffic to your site with our How to Structure your Blog Posts tutorial… click to read more.