WordPress security: The most important security plugins

As a project that originally started as a weblog, WordPress is now available in 51 languages and, as of November 2015, its current version has been downloaded more than 27 million times. It is not just small and medium businesses that can be found on this content management system (CMS), but also many players such as the New York Times, LinkedIn and CNN are taking advantage of this technology. The sheer number of plugins, themes and widgets appeal to commercial users just as much as private. There are over 30,000 downloadable plugins to choose from and this number is rising by the day. In addition to popular SEO tools, there are also numerous security plugins, which drastically increase WordPress security whether externally or internally. Since the CMS is so simple to operate it also means that it is relatively easy for hackers to gain access and therefore, as administrator, it is your responsibility to make sure the system is secure. You can increase the security of your website with the following WordPress security plugins.

Plugins against malware and spam

You protect your PC with anti-virus software, so it makes sense to protect your web project, which can be done by installing WordPress security plugins. If an intruder is not discovered or is discovered too late, it can lead to a severe decline in website traffic. Search engines, such as Google, detect infected websites and send a warning message to the user and prevent the site from being shown in the future.

The 1&1 SiteLock feature actively protects against malware and unauthorized access. This WordPress hosting feature allows up to 500 subpages to be scanned for any security breaches. The following WordPress security plugins offer additional protection:

The Anti-Malware Security plugin scans the whole installation for malware and viruses. In the next step the plugin helps the user to remove any traces of malware. The AntiVirus Plugin works in a similar fashion since it offers malware and spam protection and therefore makes WordPress more secure. AntiVirus detects security breaches and protects against any possible attempts to exploit this weakness. As an administrator you can also use this plugin to perform regular scans and reports. It is also possible for the plugin to inform you via email if malware has been found. Additionally you can set up a whitelist, which is a list of people and institutes that you trust. Another useful plugin is Bad Behavior, which prevents link spam being left in the comments or guestbook by blocking spambots before they can act.

Plugins for maximum login security

The importance of a secure password is often underestimated. Users should continually refer to the WordPress password security tips as well as taking advantage of the additional protection that plugins offer. The Limit Login Attempts plugin is a useful tool against hack attacks, which are classified as so-called brute force attacks. This is where hackers try to decrypt a user’s login data by combining common passwords with the username. If they are successful they could leak data or make unauthorized changes to the source code. During the hacking attempt thousands of passwords are entered into the system per minute. If you set the Limit Login Attempts plugin to disable after four failed attempts the hacker will have fewer login tries.

The administrator themselves will not have a problem logging in since the plugin registers the IP address of each attempt. Many all-in-one solutions offer a firewall system as a premium feature, which protects against brute force attacks and provides you with the highest WordPress security.

Installing a second password level

The WP Secure Login plugin makes it possible to secure the account even more with a second password. The extra password is only accessible on the Google app and is regularly renewed. The Two-Factor Authentication plugin works in a similar way, allowing the user to play around with a second username and password.

Plugins as all-in-one solutions for WordPress security

So-called all-in-one solutions combine different security features in the form of a Wordpress security plugin. The aim is to prevent security breaches and to close any pre-existing instances, therefore making WordPress as secure as possible with just one simple plugin. An advantage of these all-in-one plugins, such as iThemes Security, is that they are suitable for users with relatively little experience. These essential features only require some basic knowledge, such as the Acunetix WP Security plugin, which can be installed by less advanced users. The plugin scans the website for any potential security threats. As well as identifying the problem, the user is also informed of which actions to take and which tools are needed to fix the problem.

These plugins also come with extra features that  can then be used by more experienced users as a convenient tool. The Acunetix WP Security plugin also offers a password generator as well as a special data bank tool. The BulletProof Security plugin protects against specific attacks such as XSS, RFI, CRLF, CSRF, Base64, Code Injection und SQL Injection. Important source code files are particularly protected.

WordPress security plugins for regular updates

With 1&1 you will find many plugins already installed. Any additional WordPress security plugins, as well as other extensions, can be installed by the user. Just make sure to use trustworthy sources and make sure they are up-to-date by using plugins such as the WP Update Notifier. Crude security breaches will be found and stopped in their tracks, but this can only happen if the plugins are up-to-date. The Update Notifier is not a security plugin in the traditional sense, but provides the most current and safest versions of plugins, themes and other installations in the long run.

1&1 customers profit from Safe Mode, which keeps all applications up-to-date when activated during installation.

Making WordPress safer with security checks

If you want to control the security status of your website then the Security Ninja is recommended. This plugin allows you to carry out around 30 tests on your website, including one that stimulates a brute force attack. Weak areas can be identified and quickly fixed thanks to the plugin.