WordPress Security

On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software. I can concur with this as I have been hacked a number of times.

The thing is, most WordPress admins don’t know they’re vulnerable until the hosting provider suspends the account.

Keeping your website secure can be an expensive business too. When my site was hacked, malware was implanted which moved around in the file manager affecting other files. As a result the hosting provider took my website off line until the malware was removed. At this time I had no software installed to prevent such an attack.

Don’t let this happen to you. You do need protection on your WordPress sites.

Luckily, there are a number of plugins that can help with securing your Wordpress website. The popular ones include Wordfence, Sucuri Security and iThemes Security. There are of course others.

Malware Monitoring, Security Scanning and Incident Detection

It’s easy to overlook the importance of passive detection and scanning but it’s one of the critical functions that you should employ. There are no defenses available that provide you 100 percent certainty that the controls in place will stop attackers from exploiting weaknesses in your environment. To account for this, security professionals employ a number of tools, like malware and security scanning, for continuous and early-detection of potential incidents.

The WordPress platform is one of the fastest, most recognizable Content Management Systems (CMS) available to website owners. It dominates over 25 percent of the market share, and has been deployed in large and small organizations alike. With its popularity comes many struggles for website owners; one such struggle is with security.

WordPress Security Plugins

There are three security plugins I’m going to look at here. These are Wordfence, Sucuri and iThemes. All have there advantages and disadvantages. Although all three start off as Free plugins, for the best protection you will need to purchase the Pro package.

Another consideration is whether any of the security packages provide a service to fix your site should it be hacked or malware implanted.

Let’s have a look at what the three security plugins provide.

iThemes

iThemes Security claim to be the #1 WordPress Security Plugin. It does provide a lot of features as a free plugin, but you would be better to purchase the pro package for better protection

iThemes Security gives you over 30+ ways to secure and protect your WordPress site. It has been designed to lock down WordPress, fix common holes, stop automated attacks and strengthen user credentials. With advanced features for experienced users, the WordPress security plugin can help harden WordPress.

Below a table to compare the free plugin with the pro.

Wordpress Plugin ithemes security

ithemes security logo ithemes security pro
One-click “Secure Site” WordPress security check
Ban bad users
Block specific IP addresses and user agents from accessing the site
404 Detection
Hide Login & Admin URL
Change WordPress salts & keys
Away Mode
Database Backups
File Change Detection
Remove Windows Live Write header information
Remove RSD header info
Remove update notifications from specific user roles
Remove login error messages
Rename ‘admin’ account
Change ID on user with ID 1
Change WordPress database table prefix
Change wp-content path
Force SSL for any post, page, or admin page
Turn off file editing in WordPress admin
Reduce Comment Spam
Local brute force protection
Network brute force protection
XML-RPC brute force protection
Security logs
Email Notifications & Digest Emails
Customizable lockout messages
Strong Password Enforcement
File Permission Check
iThemes Sync Integration
Malware Scan
Dashboard Widget
Google reCAPTCHA Integration
Two-Factor Authentication
Settings Import & Export
WordPress Core Online File Comparison
Scheduled Malware Scanning
User Action Logging
Temporary Privilege Escalation
WP-CLI Integration
Password Expiration
Private Ticketed Support

 

There are competitive annual subscriptions for purchasing iThemes Pro making this the cheapest out of the three – especially if there are discount coupons.

Below the prices for different packages for Secure and Protect (Prices May 2017)

Blogger
$80per year
  • 2 sites
  • 1 year of ticketed support
  • 1 year of plugin updates
  • 10 iThemes Sync sites
Freelancer
$100per year
  • 10 sites
  • 1 year of ticketed support
  • 1 year of plugin updates
  • 10 iThemes Sync sites
Developer
$150per year
  • unlimited sites
  • 1 year of ticketed support
  • 1 year of plugin updates
  • 10 iThemes Sync sites

Gold

$297 LIFETIME

  • unlimited sites
  • 1 year of ticketed support
  • *LIFETIME* plugin updates
  • 10 iThemes Sync sites

 

Note. iThemes do not provide a service to fix your site should it be hacked or infected with malware. 

Discover more by visiting the iThemes Security website

ithemes security pro

Sucuri Security

https://sucuri.net/wordpress-security/

 

Wordfence

If your WordPress site becomes compromised by attackers, it is incredibly important to restore it to working order as quickly as possible. As the creators of the most popular WordPress security plugin, we have the most expertise in the industry. Let our team of seasoned Security Analysts take care of it for you quickly and professionally.

Wordfence Clean