Need extra WordPress Security?
Although the WordPress core is generally quite secure some people like to go the extra route of adding a plugin to increase security. The important thing when it comes to taking this step is to carefully read the documentation for the plugin as well as the reviews for it to be sure it won’t create more problems than it resolves. There are specific precautions with some plugins so be sure your system is compatible so you don’t break your site completely. The following ten plugins were chosen because of their high overall ratings and are listed in the order of the number of five star ratings. Rating numbers may have changed by the time you access these, especially after a version update so be sure to check out where the rating is when you are researching the plugin.
WordPress Star Rating: 2300 Five Star, 129 Four Star – 4.8 out of 5 overall
This plugin addresses some of the vulnerabilities that attackers look for including plugin vulnerabilities, weak passwords and obsolete software. It does this by hiding sensitive areas and banning users such as troublesome bots and user agents. If something does make it through, the detection and recovery aspects jump in to correct the problems caused. This plugin does make significant changes to your database and other site files so be sure to read the warnings, installation instructions and FAQ before installing this plugin. Be sure to make a backup beforehand also so if a problem results it can be resolved.
Creator Website: http://www.wordfence.com/
WordPress Star Rating: 866 Five Star, 22 Four Star – 4.9 out of 5 overall
This plugin includes a firewall, virus scanning, real-time traffic with geolocation, cell phone sign-in, malicious URL scanning and live traffic including crawlers. It can verify and repair your core, theme and plugin files even if you haven’t made a backup. They also offer a premium API key that provides for cell phone sign-in via SMS and allows for blocking countries and scheduling scanning. This plugin has been downloaded over 1 million times and it appears that they are good at keeping up with the support threads. They also have a video introduction on their website that is worth taking a few moments to watch.
Creator Website: http://www.ait-pro.com/
WordPress Star Rating: 480 Five Star, 34 Four Star – 4.8 out of 5 overall
This plugin protects against RFI, XSS, CRLF, CSRF, Base64, SQL Injection and Code Injection hacking attempts. The benefit of this plugin is that .htaccess files are processed first keeping hackers from reaching the php coding in WordPress. It is fast and simple to use with no manual configuration required. Extensive help info can be found on the AIT-pro.com website and within the BulletProof Security pages as well. This plugin has been downloaded over 900,000 times so far. They seem to be doing a great job keeping up with support threads in the support forum.
Creator Website: http://bestwebsoft.com/plugin/captcha-plugin/
WordPress Star Rating: 218 Five Star, 10 Four Star – 4.7 out of 5 overall
This plugin enables you to implement a security captcha form into web forms thus protecting your website from spam. A captcha can be used for registration, password recovery, login or other uses. They also offer a premium version with more capabilities and compatibilities. This plugin has been downloaded over 1.3 million times. They offer a support website which is probably a better place to go to rather than the support forum which doesn’t seem to get the most prompt attention. They will also customize the plugin to your requirements for an additional fee based on the complexity of the request.
WordPress Star Rating: 206 Five Star, 16 Four Star – 4.8 out of 5 overall
WordPress by default will allow unlimited login attempts which leaves a site vulnerable to brute-force cracking of passwords. This plugin resolves that problem as it will block an Internet address that makes too many login attempts. The user can customize how many attempts are allowed which will be communicated to the person attempting to login. There are very few customer ratings under 4 stars for this plugin even though there have been over 420,000 downloads of it. The downside is that the 13 support threads in the support forum in the past two months are showing that they have been resolved. The fact that there are only 13 is a good sign though.
WordPress Star Rating: 70 Five Star, 4 Four Star – 4.8 out of 5 overall
WordPress users that take advantage of WordPress themes available throughout the web often worried about possible malicious code being slipped in. With this plugin users can scan all of the theme files for potentially unwanted code and static links. The path to the file, the line number and a small snippet of the suspect code will be displayed. This plugin has been downloaded over 200,000 times and hasn’t had a support ticket entered in more than 8 months thus indicating that the plugin is working for most people. So far it has only received 2 ratings that weren’t 4 or 5 stars.
WordPress Star Rating: 69 Five Star, 4 Four Star – 4.9 out of 5 overall
This plugin is designed to take your website security to a whole new level by adding a unique security points grading system so you can easily see how well your site is being protected based on the security features you have activated. The plugin included user account security, user login security, user registration security, database security, file system security, htaccess and WP-config. PHP file backup and restore, blacklist functionality, firewall functionality, brute force login attack prevention, whose lookup, security scanner and comment spam security. This plugin is about as close as you can come to a full 5 star rated security plugin as there has only been 1 person that rated it with 1 star while most everyone else gave it 5 stars. It has been downloaded nearly 100,000 times.
WordPress Star Rating: 67 Five Star, 7 Four Star – 4.6 out of 5 overall
Spammers are the bane of most websites and can be a real pain in the neck. This plugin uses more than 15 different ways to detect spammers and thus eliminates 99% of spam registrations and comments. Many a spammer will be faced with an “Access Denied” message thwarting them from their endeavor. Users can customize the exact message or even redirect them to another page or website. User ratings for this plugin are generally good with just 6 giving it just 1 star. It does appear that support tickets go unresolved more than they should, however.
Creator Website: http://www.wangguard.com/
WordPress Star Rating: 50 Five Star, 1 Four Star – 4.7 out of 5 overall
The WangGuard plugin is advanced protection against sploggers and spam users registration. It is compatible with WordPress as well as WordPress MU, BuddyPress and bbPress 2.0. At the moment they are offering this plugin free of charge but will be incorporating pricing based on the number of queries per day and the income of the company using it once they have added all the necessary tools. Small users (less than 500 registrations and earnings less than $200/month) will not have to pay anything. Thus far it has been downloaded just under 100,000 times and has just 4 ratings under 4 stars.
Creator Website: http://sucuri.net/
WordPress Star Rating: 19 Five Star, 1 Four Star – 4.6 out of 5 overall
This totally free plugin checks your site for spam, blacklisting, malware and other security issues such as htaccess redirects, hidden eval code and more. A newer version further added an option to verify core files for changes which can be helpful at detecting hidden backdoors. They also offer cleanup services via their website as well as additional core and add-on services for an annual fee depending on the number of websites you have. The plugin has been downloaded a little over 170,000 times with only 2 ratings under 4 stars.
It can be helpful to take the time to check your WordPress version against the plugin version for compatibility. By using the pull down for what you are planning to do you can see how many others used that configuration and found it worked or it is broken. Keep in mind that not everyone reports their experience here though. Viewing the support forum and creator website when provided is another good way to get some insight into the plugin before you download it.