{"id":169016,"date":"2017-11-06T13:00:56","date_gmt":"2017-11-06T13:00:56","guid":{"rendered":"https:\/\/premium.wpmudev.org\/blog\/?p=169016"},"modified":"2017-11-01T02:15:43","modified_gmt":"2017-11-01T02:15:43","slug":"wordpress-security-plugins","status":"publish","type":"post","link":"https:\/\/wpmudev.com\/blog\/wordpress-security-plugins\/","title":{"rendered":"17 Best WordPress Security Plugins to Keep Your Site Secure"},"content":{"rendered":"<p>There are a number of ways in which your site could become the victim of a security breach. Unsupported and outdated plugins and themes are one way. Weak password rules and unfettered access to WordPress is another. Hackers could also get in through your hosting server. And on and on the possibilities go.<\/p>\n<p>Needless to say, having a laser-eye focus on security is of the utmost importance when you\u2019re a web developer, especially when you work on a platform like WordPress that already seems to have a huge target on its back.<\/p>\n<p>But this isn\u2019t news to you. That\u2019s why WPMU DEV publishes posts with the <a href=\"https:\/\/wpmudev.com\/blog\/wordpress-security-tips\/\" target=\"_blank\" rel=\"noopener\">most commonly overlooked security tips<\/a> as well as the <a href=\"https:\/\/wpmudev.com\/blog\/ultimate-guide-wordpress-security\/\" target=\"_blank\" rel=\"noopener\">ultimate reference guide to WordPress security<\/a>.<\/p>\n<p>Now, although it\u2019s been revealed in the past that some WordPress plugins have actually introduced vulnerabilities into WordPress, those problems tend to stem from plugins that developers no longer support or monitor. There are plenty of plugins that <em>are<\/em> secure, reliable, and well-maintained to the point where you\u2019ll regularly see patches come through for them (just as you do the core).<\/p>\n<p>And it\u2019s within those plugins where you\u2019ll find trustworthy security plugins to help keep your site secure.<\/p>\n<h2>17 Best WordPress Security Plugins to Keep Your Site Secure<\/h2>\n<p>Typically, when we talk about the best security plugins, we focus on ones that promise to be all-encompassing. However, a list of the best WordPress security plugins really isn\u2019t complete without breaking out the more specialized players. You know the ones: they deal in special protection against things like brute-force attacks or in safeguarding the admin login area.<\/p>\n<p>That&#8217;s\u00a0why, in the following roundup, I\u2019m going to cover all of the best WordPress security plugins that will help you protect your site from every angle.<\/p>\n<h3>Best All-Encompassing Security Plugins<\/h3>\n<p>These plugins cover as many security bases as they possibly can.<\/p>\n<ul class=\"dev-tutorial-list\"><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Defender<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"333\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Defender-600x333.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Defender image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>WPMU DEV\u2019s Defender plugin is now <a href=\"https:\/\/wpmudev.com\/blog\/defender-now-available-wordpress-org\/\" target=\"_blank\" rel=\"noopener\">available for free<\/a> in the WordPress repository <em>and<\/em> remains part of the WPMU DEV membership pack. What\u2019s not to love about that? Oh yeah. The security piece. Here\u2019s why this is the ultimate bodyguard for your WordPress site:<\/p>\n<ul>\n<li>Automated and customized security scans<\/li>\n<li>Recommended security fixes<\/li>\n<li>Updated security keys<\/li>\n<li>Two-factor authentication at login<\/li>\n<li>Limited login attempts<\/li>\n<li>Code and file scanning for unauthorized changes<\/li>\n<li>Bot and IP lockout when you suspect they\u2019re out to do you harm<\/li>\n<li>Online monitoring lets you know if your site was blacklisted<\/li>\n<li>10GB of <a href=\"https:\/\/wpmudev.com\/project\/snapshot\/\" target=\"_blank\" rel=\"noopener\">Snapshot<\/a> backup included<\/li>\n<\/ul>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Defender?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wpmudev.com\/project\/wp-defender\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">All in One WP Security<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"192\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/All-in-One-WP-Security-600x192.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"All in One WP Security image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>The name is no exaggeration. When you want all-in-one security protection for your site, you can trust in this plugin to deliver that. It will cover:<\/p>\n<ul>\n<li>Standard security scanning<\/li>\n<li>User account (and password) security<\/li>\n<li>IP address blacklisting\/whitelisting<\/li>\n<li>Automated database backups<\/li>\n<li>One-click restore<\/li>\n<li>File security<\/li>\n<li>Firewall enabling<\/li>\n<li>Brute-force attack security<\/li>\n<li>Spam-blocker<\/li>\n<li>And more<\/li>\n<\/ul>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in All in One WP Security?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/all-in-one-wp-security-and-firewall\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">iThemes Security<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"193\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/iThemes-Security-600x193.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"iThemes Security image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>Although there is a premium version of this plugin available, I think the standard iThemes Security is a good place to start so you can get a sense for the power this plugin packs into it. As the developer describes it, this plugin\u2019s job is to protect, detect, and obscure. If you want to round out your process with the \u201crecover\u201d portion, iThemes sells BackupBuddy, one of the backup plugins [link to Backup Plugins article] we recently featured in our comparison roundup.<\/p>\n<p>This plugin really specializes in fortifying the login and user management piece of WordPress security, so if that is a primary concern for you, then this may be a good one to start with.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in iThemes Security?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/better-wp-security\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Shield Security<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"172\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Shield-Security-600x172.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Shield Security image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>Perhaps my favorite thing about this plugin is the developer\u2019s commitment to automating the security monitoring and protection process. When you look at how easy this plugin is to use and how many points it ticks off on your security audit checklist, you can see that they really take this mission to heart.<\/p>\n<p>Here are some of the things Shield Security will do:<\/p>\n<ul>\n<li>Off-site security key included<\/li>\n<li>Activity auditing<\/li>\n<li>Firewall protection<\/li>\n<li>Two-factor authentication<\/li>\n<li>Brute force protection<\/li>\n<li>Spam-blocker<\/li>\n<li>Automatic core, plugin, and theme updates<\/li>\n<li>IP address blocking<\/li>\n<\/ul>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Shield Security?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/wp-simple-firewall\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Sucuri Security<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"191\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Sucuri-Security-600x191.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Sucuri Security image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>Sucuri is a trusted name in security. You\u2019ve likely seen one of their hacked website reports that consistently demonstrate <a href=\"https:\/\/sucuri.net\/reports\/\" rel=\"noopener\" target=\"_blank\">how vulnerable WordPress can be<\/a> when it\u2019s not properly secured. So, it\u2019s nice to see that an expert on the matter has thrown their own plugin to the mix. Aside from a premium firewall add-on, this plugin is 100% free to use. It includes:<\/p>\n<ul>\n<li>Activity auditing<\/li>\n<li>File monitoring<\/li>\n<li>Malware scanning<\/li>\n<li>Post-hack recovery<\/li>\n<li>And more<\/li>\n<\/ul>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Sucuri Security?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/sucuri-scanner\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Wordfence Security<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"194\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Wordfence-Security-600x194.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Wordfence Security image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>Wordfence Security is by far the most downloaded security plugin for WordPress and there is a good reason for it. Although there are a number of upgrades worth looking into if you manage higher-traffic sites, the free version in and of itself is super robust and may be sufficient enough on its own.<\/p>\n<p>With the standard Wordfence security plugin, you\u2019ll get:<\/p>\n<ul>\n<li>A firewall<\/li>\n<li>Real-time monitoring capabilities<\/li>\n<li>Scanning of the core, plugins, themes, and all files<\/li>\n<li>Blocking against a variety of threat types<\/li>\n<li>Stronger login practices<\/li>\n<\/ul>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Wordfence Security?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/wordfence\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><\/ul><!-- end dev-tutorial-list -->\n<h3>Best Anti-Spam Plugins<\/h3>\n<ul class=\"dev-tutorial-list\"><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Akismet<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"193\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Akismet-600x193.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Akismet image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>Part of the Automattic family of plugins, Akismet handles all that nasty comment spam that often comes through on blogs. It\u2019s a super simple plugin that takes all the thinking and actual work out of moderating comments or links from malicious entities you want to spare your readers from clicking on.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Akismet?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/akismet\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Anti-spam<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"193\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Anti-spam-600x193.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Anti-spam image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>This is another simple anti-spam plugin that works to kick out malicious comments from your blog. This one is more set-it-and-forget-it, so if you like the idea of not having to bother with settings or monitoring the spammy traffic that comes through, this may be a good choice.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Anti-spam?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/anti-spam\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Spam Protection Firewall, Anti-Spam<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"192\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/CleanTalk-600x192.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Spam Protection Firewall, Anti-Spam image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>This plugin from CleanTalk does more than just protect your blog comment feeds from spam infiltration. This one also works to prevent <em>you<\/em> from having to moderate spam emails or responses on your contact forms, surveys, reservation systems, and more.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Spam Protection Firewall, Anti-Spam?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/cleantalk-spam-protect\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">WP-SpamShield<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"192\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/WP-SpamShield-600x192.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"WP-SpamShield image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>I recently tackled the question, \u201c<a href=\"https:\/\/wpmudev.com\/blog\/disable-comments-wordpress-blog\/\" target=\"_blank\" rel=\"noopener\">Should you disable comments on your WordPress blog?<\/a>\u201d While much of the reasoning came from WordPress pros who used factors like SEO or website real estate to validate their decisions, there\u2019s one thing they didn\u2019t talk about much about. And that is speed.<\/p>\n<p>WP-SpamShield directly addresses that part of the equation, however, as this firewall plugin aims to keep spam completely off your site and out of your database.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in WP-SpamShield?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/wp-spamshield\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">WPBruiser<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"192\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/WPBruiser-600x192.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"WPBruiser image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>This anti-spam plugin works much as the others do: it blocks spammers from getting in through comment fields as well as contact forms. This one, however, takes it one step further and defends against brute force attacks. So, if you\u2019re looking for a one-two punch, you\u2019ll get it here.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in WPBruiser?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/goodbye-captcha\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><\/ul><!-- end dev-tutorial-list -->\n<h3>Best Login Protection Plugins<\/h3>\n<ul class=\"dev-tutorial-list\"><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Cerber Security & Antispam<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"193\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Cerber-Security-600x193.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Cerber Security &amp; Antispam image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>This plugin is part anti-spam, part login-fortifying plugin. Like many of the other plugins mentioned before, this one works on kicking out spammers before they can get through to your comments or contact forms. It also works to strengthen your login screen, changing the wp-admin address, adding a reCAPTCHA, and limiting login attempts.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Cerber Security & Antispam?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/wp-cerber\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Loginizer<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"192\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Loginizer-600x192.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Loginizer image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>The main purpose of this plugin is to limit the number of login attempts made on your WordPress website; effectively, shutting down any opportunity for a brute force attack. However, this plugin also comes with some great premium features. If you like how effective the free Loginizer is, you might want to think about an upgrade so you can unlock two-factor authentication, login challenge questions, reCAPTCHA, wp-admin renaming, disabling of XML-RPC, and more.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Loginizer?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/loginizer\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">WPS Hide Login<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"192\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/WPS-Hide-Login-600x192.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"WPS Hide Login image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>This is a great plugin to add onto your security plugin set when none of the others will help you rename and \u201chide\u201d the wp-admin directory or your wp-login.php page. In addition, this works with Multisite, so you can change your entire network\u2019s admin URL much more easily.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in WPS Hide Login?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/wps-hide-login\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><\/ul><!-- end dev-tutorial-list -->\n<h3>Other Security Plugins<\/h3>\n<ul class=\"dev-tutorial-list\"><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Really Simple SSL<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"191\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Really-Simple-SSL-600x191.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Really Simple SSL image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>It\u2019s so easy these days to get an <a href=\"https:\/\/wpmudev.com\/blog\/ssl-https-wordpress\/\" target=\"_blank\" rel=\"noopener\">SSL certificate<\/a> that it seems kind of silly not to have one. That said, if you\u2019re not able to get one through your web host, you\u2019ll need to get it from a third-party provider and then install it on your site. This plugin will help you get it up and running while also checking for mixed content issues that could cause just as much of a security headache as not having a certificate in the first place.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Really Simple SSL?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/really-simple-ssl\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">Anti-Malware Security and Brute-Force Firewall<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"194\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Anti-Malware-Security-600x194.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"Anti-Malware Security and Brute-Force Firewall image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p>Has your WordPress site had issues with malware in the past? If so, you might want to think about getting this plugin that specifically targets that type of vulnerability in WordPress, especially issues discovered in plugins as well as the core.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in Anti-Malware Security and Brute-Force Firewall?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/wp-force-ssl\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><li class=\"dev-tutorial-list__item\"><header class=\"dev-tutorial-list__item__header\"><h3 class=\"dev-tutorial-list__item__title\">IP Geo Block<\/h3><\/header><section class=\"dev-tutorial-list__item__image\"><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"194\" src=\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/IP-Geo-Block-600x194.png\" class=\"attachment-ratio-large size-ratio-large\" alt=\"IP Geo Block image\" aria-hidden=\"true\" \/><\/section><!-- end dev-tutorial-list__item__image --><section class=\"dev-tutorial-list__item__content\"><p><a href=\"https:\/\/wpmudev.com\/blog\/geotargeting-wordpress\/\" target=\"_blank\" rel=\"noopener\">Geotargeting<\/a> can be quite useful when you\u2019re trying to better hone where your site\u2019s traffic comes from. This particular geotargeting plugin can also be used to block malicious parties from entering your site, especially if you know where the brunt of those attacks are coming from geographically.<\/p>\n<\/section><!-- end dev-tutorial-list__item__content --><footer class=\"dev-tutorial-list__item__footer\"><p>Interested in IP Geo Block?<\/p><div class=\"dev-tutorial-list__item__cta\"><a target=\"_blank\" href=\"https:\/\/wordpress.org\/plugins\/ip-geo-block\/\" class=\"dui-btn dui-btn--sm dui-btn--brand dev-btn--Details\">Details<\/a><\/div><!-- end dev-tutorial-list__item__cta --><\/footer><!-- end dev-tutorial-list__item__footer --><\/li><!-- end dev-tutorial-list__item --><\/ul><!-- end dev-tutorial-list -->\n<h2>Wrapping Up<\/h2>\n<p>If you\u2019re really worried about the <a href=\"https:\/\/wpmudev.com\/blog\/is-wordpress-secure\/\" target=\"_blank\" rel=\"noopener\">security of the WordPress platform<\/a>, then a WordPress security plugin is definitely in order. Whether you want one that promises an all-encompassing approach to security or you want to mix-and-match plugins based on where you believe your site to be most vulnerable, there is indeed a plugin that can help.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are a number of ways in which your site could become the victim of a security breach. Unsupported and outdated plugins and themes are one way. Weak password rules and unfettered access to WordPress is another. Hackers could also get in through your hosting server. And on and on the possibilities go. Needless to [&hellip;]<\/p>\n","protected":false},"author":344989,"featured_media":169132,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"blog_reading_time":"","wds_primary_category":0,"wds_primary_tutorials_categories":0,"footnotes":""},"categories":[4],"tags":[10821],"tutorials_categories":[],"class_list":["post-169016","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-plugins","tag-security"],"_links":{"self":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/169016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/users\/344989"}],"replies":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/comments?post=169016"}],"version-history":[{"count":4,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/169016\/revisions"}],"predecessor-version":[{"id":169041,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/posts\/169016\/revisions\/169041"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media\/169132"}],"wp:attachment":[{"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/media?parent=169016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/categories?post=169016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tags?post=169016"},{"taxonomy":"tutorials_categories","embeddable":true,"href":"https:\/\/wpmudev.com\/blog\/wp-json\/wp\/v2\/tutorials_categories?post=169016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}