Freebie Friday: 5 Free WordPress Plugins for Security

by admin June 29, 2012   Blog


Is your website hosted on wordpress?  Is it safe from hackers?  

Last February my website was hacked, and I made a post on what I learned from that titled, 5 Things I Learned From Being Hacked!.  Being hacked was a horrible feeling.  Wondering what they hacked, and where the site was being redirected to.  It took hours to get youth ministry media back up and running.  Just because you have a wordpress website doesn’t mean you aren’t vulnerable to being hacked.  Trust me!  I was naive, and this site went down and it took hours to get back up.

Here are 5 plugins you should have installed if you are paranoid like me!  

1. Antivirus for wordpress.  This is a great plugin.  It will scan your wordpress site for malicious code or backdoors that will allow others to hack your website.  This plugin cleared up so many of my problems!  I would install this on any fresh wordpress install.

2. Secure wordpress.   A few features of secure wordpress are:

  • Remove error-information on login-page
  • Add index.php plugin-directory (virtual)
  • Add index.html to plugin directory
  • Remove the wp-version, except in the admin-area
  • Hide wp-version in backend-dashboard for non-admins
  • Remove Really Simple Discovery
  • Remove Windows Live Writer
  • Remove core update information for non-admins
  • Remove plugin-update information for non-admins
  • Remove theme-update information for non-admins (only WP 2.8 and higher)
  • Block bad queries

Essentially, it removes all the ways hackers can sneak into your website.

3. Login lockdown. Have you ever checked your google analytics only to see a few hits at your login screen?  This plugin sets up permissions for your login.  Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes.

4. File Monitor Plus.  If someone changes one file on my website I want to know!  When I was hacked in February I had to personally check 100’s of files.  This was a pain.  If I had this plugin activated I would know what files were tampered with and in what way.  Helpful plugin.

5. Exploit Scanner.  This plugin searches the files on your website, and the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.  You might want to download this plugin to see if anything sketchy is going on with your website.

Those are the 5 free wordpress security pugins.  Which ones do you have installed?  

  • Alex Slack

    I use BruteProtect on every WordPress installation. I’m not sure what that would compare to on your list, but it focuses on protecting against brute force attacks with an extensive ip address block list. After installing the plugin, you request a unique API key that gets sent to your e-mail. After putting that in the API key box in the settings, any attackers will be added to a global black-list. In this way, all the users of BruteProtect can work together to eliminate attacks.

    As of when I posted this, there were 17,334 sites using BruteProtect, with a grand total of 15,696,953 attacks thwarted. This plugin claims to have stopped 535 malicious attempts to access my church’s site, which I think is pretty good. I can believe that, because at one point before I installed this plugin I had a site getting almost constant brute force attacks.

    Hope that helps, and I will certainly check out some of the items on your list. Thanks!

    • Thanks Alex. I will check out brute force. It looks awesome.

Written by

Posted In