Webmaster Security

Best Wordpress Security Plugin

Submitted by philzilla86, , Thread ID: 135250

Thread Closed

RE: Best Wordpress Security Plugin

#21
I recommend the Wp Security Plug. It has a great use

RE: Best Wordpress Security Plugin

#22
23-09-2019, 10:26 PM
wabo Wrote:
iTheme Security is probably the best single install you can do

I approve this, but you could some scans for security problems, there are sites to do that and they will tell u the problems. After that you can do some researches and learn how to fix the problems.

RE: Best Wordpress Security Plugin

#23
Hi,

In my opinion, the best security plugin for wordpress is the Secupress (Pro) extension to have!

RE: Best Wordpress Security Plugin

#24
Wordfence is pretty good also, but i think is more valuable if its used with a license.

RE: Best Wordpress Security Plugin

#25
1. WordFence
2. Sucuri Security
3. iThemes Security

these are good plugins.

RE: Best Wordpress Security Plugin

#26
As a general rule, the less plugins you have on wordpress the more secure it will be as Wordpress itself is very secure. I lookup CVE's daily (Computer Vulnerability Exploits) and make sure my systems are patched at work.

With that said, check out a free application called WPScan, it's a fantastic utility scanner aimed at wordpess website and is built into Kali linux out of the box. I use it when I'm doing web server assessments to see what I can find. I'd also suggest running, if you're self hosting, nikto, it's a very popular web scanner. Another tool I'd look into using is called Greenbone, though it's since rebranded to gvmd. It's an autoamted utility scanning suite that can scan your own webhost (assuming you're hosting the server yourself) and take a peak at stuff and even point out CVEs on the server itself which can be just as vulnerable.

If you're concerned about wordpress security, as I said above, WP core is pretty secure, but it doesn't hurt to have things like cloudflare, proper SSL certs and a good CSP setup. I personally suggest w3 cache!

RE: Best Wordpress Security Plugin

#27
These sorts of things are best handled through a layered approach, using a host that provides specialist WordPress tools (eg: Plesk hosting with WordPress Toolkit) along with security tools such as Immunify360 or similar to block and scan for attacks so that you stay informed, combine this with WordFence or Sucuri plugins and you are on the way to helping keep your site safe.
You must keep WordPress and all plugins updated else it doesn't matter how good your scanning is you will still get popped.

Plesk's WordPress Toolkit for example does the following security improvements to WordPress sites
Forbid's execution of PHP scripts in the wp-includes directory
Forbid's execution of PHP scripts in the wp-content/uploads directory
Disable's scripts concatenation for WordPress admin panel
Turns off pingbacks
Enables hotlink protection
Disables file editing in WordPress Dashboard
Enables bot protection
Blocks access to potentially sensitive files
Blocks access to .htaccess and .htpasswd
Blocks author scans
Restricts access to files and directories
Configures random security keys
Blocks directory browsing
Blocks unauthorized access to wp-config.php
Disables unused scripting languages
Disables PHP execution in cache directories
Changes the default database table prefix
Blocks access to sensitive files
Changes the default administrator's username

RE: Best Wordpress Security Plugin

#28
28-06-2019, 07:28 PM
wabo Wrote:
Making it harder to hack is something you dont need a plugin for.

rename the wp-admin folder to something completley random which helps a little but can still be found with a directory scan.

A good htaccess file to block directories and files you dont want the public to view password protect htaccess with an htpasswd file

An a good hosting provider who actively scans and protects all ports and everything else on the server.

will be more than happy to assist you


Cant agree with this enough.

RE: Best Wordpress Security Plugin

#29
The best security plugin is running your own linux server, with the necessary packages and dependencies up to date with an up to date Wordpress installation with no stupid security breaching configurations. In general it is bad practise to bloat setups with too many plugins, since this actually may open up vulnerabilities in the fututre. Also use a decent firewall, ufw or iptables, depends who's asking.

RE: Best Wordpress Security Plugin

#30
02-06-2021, 11:54 AM
ava11 Wrote:
The best security plugin is running your own linux server, with the necessary packages and dependencies up to date with an up to date Wordpress installation with no stupid security breaching configurations. In general it is bad practise to bloat setups with too many plugins, since this actually may open up vulnerabilities in the fututre. Also use a decent firewall, ufw or iptables, depends who's asking.

Someone running a vps/dedicated is not always the safest option. Its a different set of skills

Users browsing this thread: 4 Guest(s)