4 Must Have WordPress Security Plugins – Simple, Light And Easy On Server Resources

Updated: August 11, 2018 / Home » Web Hosting and Wordpress » Tutorials, Optimization, Hack and SEO

WordPress is the most popular CMS, it is believed that 30% of the websites on the internet is powered by WordPress alone. Considering the fact that WordPress is extremely popular, this also makes it vulnerable to hacking due to the flexibility of WordPress in accepting third party themes and plugins.

Related / Alternative ➤ 8 Useful .htaccess Snippets For Hardening Your WordPress Security And Prevent Hacking

WordPress Security Plugins

Prevention is better than cure, this is why it is important to a good plugins that prevents your site from being hacked. By default, WordPress core has some basic security measures in place, but it’s nothing compared to what a reputable security plugin does for you.

Wordfence and Sucuri Security are two of the more well known security plugins for WordPress. However, I find them too ‘heavy’ for my shared hosting. Below are a few simple and light plugins that does a good job of protecting your site, I use these plugins on some of my WordPress site, so far so good.

↓ 01 – NinjaFirewall (WP Edition) | Stand Alone Firewall

NinjaFirewall (WP Edition)

NinjaFirewall (WP Edition) is a true Web Application Firewall. Although it can be installed and configured just like a plugin, it is a stand-alone firewall that sits in front of WordPress. NinjaFirewall can hook, scan, sanitise or reject any HTTP/HTTPS request sent to a PHP script before it reaches WordPress or any of its plugins. All scripts located inside the blog installation directories and sub-directories will be protected.

Read Also  3 Free Website With In-Depth SEO Analysis On Speed And Optimization

↓ 02 – BBQ: Block Bad Queries | Stop Bad Bots & Request

Block Bad Queries (BBQ) is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.

  • Blocks a wide range of malicious requests
  • Blocks directory traversal attacks
  • Blocks executable file uploads
  • Blocks SQL injection attacks
  • Scans all incoming traffic and blocks bad requests
  • Scans all types of requests: GET, POST, PUT, DELETE, etc.

↓ 03 – WP fail2ban | Block Brute Force Attacks

fail2ban is one of the simplest and most effective security measures you can implement to prevent brute-force password-guessing attacks. This plugin protects your wp-login.php from brute-force password guessing bots. WP fail2ban also stop comment spam bots, failed pingbacks and many more.

↓ 04 – WP Hide & Security Enhancer | Hide Important WordPress Files

WP Hide & Security Enhancer

The easy way to completely hide your WordPress core files, login page, theme and plugins paths from being show on front side. This is a huge improvement over Site Security, no one will know you actually run a WordPress. Provide a simple way to clean up html by removing all WordPress fingerprints.

  • Block any direct folder access to completely hide the structure
  • Custom wp-login.php filename
  • Block default wp-login.php
  • Block XML-RPC API
  • Adjustable theme url
  • New child Theme url
  • Change theme style file name
  • Clean any headers for theme style file
  • Custom wp-include
  • Block default wp-include paths
  • Block defalt wp-content
  • Custom plugins urls
  • Individual plugin url change
  • Block default plugins paths
  • New upload url
  • Block default upload urls
  • Remove wordpress version
Read Also  8 SQL Queries Not Found In Plugins To Reduce Wordpress Database Size

Conclusion

While keeping your WordPress core, themes and plugins up to date is important, using the right plugin is just part of the solution. If you are on a shared hosting, some security features due to the server OS is beyond your control. You can be hacked if the server is compromised or have lots of weak security holes.

The next best solution is to have a proper backup in the event your site is hacked beyond salvage.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.