August 29, 2016

4 Security Plugins for a Hack-Proof WordPress Site

Data breaches occur all the time. So far in 2016, a few large organizations—LinkedIn, Eddie Bauer, and the U.S. Department of Justice to name a few—have been hacked, jeopardizing thousands of customer accounts in the process.

If you’re like many small business owners, website security isn’t something you worry about. After all, most thieves don’t target small businesses, right? Wrong. In fact, The New York Times reported “60 percent of online attacks in 2014 targeted small and midsize business.”

Sooner or later, your site will be attacked. When that happens, it will be out of service for a few hours at best, or your business brand and revenue can suffer at worst. Fortunately, you can protect your WordPress site by installing one or more security plugins. Here are four we use and recommend all the time.


4.8 stars out of 2,785 reviews
More than 1 million active installations

Wordfence security plugin offers both free and premium versions. The free version performs regular scans to check for vulnerabilities. By default, scans run daily, but they can run manually, too. The firewall features are very thorough—for instance, Wordfence will automatically blacklist IP addresses that fail login attempts, then log them in your dashboard so you can review the activity. The premium version includes more features, as well as phone support and expedited requests.

Live activity feed showing blocked IP addresses
Live activity feed showing blocked IP addresses

Why we recommend Wordfence: It’s a comprehensive solution that’s also easy enough for novices to install and maintain. It also has a “Live Traffic” view for a real-time report of site traffic and hack attempts.

Download Wordfence.


4.7 stars out of 3,702 reviews
More than 700,000 active installations

iThemes, formerly known as Better WP Security, is another popular WordPress plugin that offers a fast, one-click installation. It has a diverse range of basic and advanced security features—enough to overwhelm novices, but don’t let that dissuade you.

Some useful features in the free version include:

  • Malware scanning;
  • File change detection, which alerts you when a file has been changed;
  • Comment spam detection;
  • Brute force detection—a brute force attack is when someone tries to gain access by entering usernames and passwords over and over until they get through.

The iThemes premium version includes more advanced security features, as well as ticketed support services.

Dashboard showing security features and settings
Dashboard showing security features and settings

Why we recommend iThemes: This plugin is easy to install and offers one-click configuration.

Download iThemes.

All In One WP Security

4.8 stars out of 532 reviews
More than 400,000 active installations

All In One WP Security protects against malicious code, comment spam, SQL injection attacks—which is where an online form is used inject malware or other harmful code into a page, potentially harming visitors—and other threats.

One unique tool is a security meter, which scores your site based on the number of security features you have activated. The higher the score, the better protected your site is against attacks. What’s more, each security feature is labelled as “basic,” “intermediate,” or “advanced,” which correlates to how likely it is to break the site or other plugins. That way, you have a heads-up on which security features may cause a problem before you activate them.

Dashboard of security strength meter; the higher the score,the better protected you site
Dashboard of security strength meter; the higher the score,the better protected you site

Why we recommend All In One: One thing this plugin has that most other security plugins don’t is the ability to prevent other sites from displaying your content in an iframe—a practice that “steals” traffic from your site and can potentially tarnish your reputation.

Download All In One WP Security.


4.6 stars out of 183 reviews
More than 200,000 active installations

Like most WordPress security plugins, Sucuri provides basic site monitoring and scanning features in a free version and more comprehensive features through a paid plan.

What’s unique is Sucuri’s cleanup service. For a fee, Sucuri will repair hacked sites by removing malware and spam, then work with search engines and service providers to remove the domain from blacklists. The cleanup service can save site owners a lot of time, which is a resource small business owners are short on.

Website monitoring log showing security warnings
Website monitoring log showing security warnings

Why we recommend Sucuri: The most useful features are only available in the premium version, but the value of the free version lies in its site scanner and alerting features. The service alerts you by email, text, or instant messaging when someone logs onto your site, when a page or post is updated, or when a template file has changed. When unauthorized changes are made, you know your site has been hacked and can take steps to stop it.

Download Sucuri.

Protect Your Business and Peace of Mind

Protecting your business website from attacks takes only a few minutes in most cases. A good security plugin will reduce vulnerabilities. In addition to installing one or more of the plugins we recommend, you can take other preventive actions to keep your site secure, including choosing a strong password and selecting a good web host.

If you prefer the help of a professional, the Proactive Maintenance team is here to secure your website and make sure it stays protected. Get started today.