Webmaster Security
Best Wordpress Security Plugin
Submitted by philzilla86, 28-06-2019, 03:36 PM, Thread ID: 135250
Thread Closed
RE: Best Wordpress Security Plugin 26-12-2020, 11:06 PM #21 I recommend the Wp Security Plug. It has a great use
26-12-2020, 11:06 PM
#21 I recommend the Wp Security Plug. It has a great use
RE: Best Wordpress Security Plugin 28-12-2020, 01:30 PM #22 23-09-2019, 10:26 PMwabo Wrote: iTheme Security is probably the best single install you can do
I approve this, but you could some scans for security problems, there are sites to do that and they will tell u the problems. After that you can do some researches and learn how to fix the problems.
28-12-2020, 01:30 PM
#22 23-09-2019, 10:26 PMwabo Wrote: iTheme Security is probably the best single install you can do
I approve this, but you could some scans for security problems, there are sites to do that and they will tell u the problems. After that you can do some researches and learn how to fix the problems.
RE: Best Wordpress Security Plugin 28-02-2021, 11:55 PM #23 Hi,
In my opinion, the best security plugin for wordpress is the Secupress (Pro) extension to have!
28-02-2021, 11:55 PM
#23 Hi,
In my opinion, the best security plugin for wordpress is the Secupress (Pro) extension to have!
In my opinion, the best security plugin for wordpress is the Secupress (Pro) extension to have!
RE: Best Wordpress Security Plugin 20-03-2021, 02:50 AM #24 Wordfence is pretty good also, but i think is more valuable if its used with a license.
20-03-2021, 02:50 AM
#24 Wordfence is pretty good also, but i think is more valuable if its used with a license.
RE: Best Wordpress Security Plugin 06-04-2021, 01:14 AM #25 1. WordFence
2. Sucuri Security
3. iThemes Security
these are good plugins.
06-04-2021, 01:14 AM
#25 1. WordFence
2. Sucuri Security
3. iThemes Security
these are good plugins.
2. Sucuri Security
3. iThemes Security
these are good plugins.
RE: Best Wordpress Security Plugin 21-05-2021, 09:21 AM #26 As a general rule, the less plugins you have on wordpress the more secure it will be as Wordpress itself is very secure. I lookup CVE's daily (Computer Vulnerability Exploits) and make sure my systems are patched at work.
With that said, check out a free application called WPScan, it's a fantastic utility scanner aimed at wordpess website and is built into Kali linux out of the box. I use it when I'm doing web server assessments to see what I can find. I'd also suggest running, if you're self hosting, nikto, it's a very popular web scanner. Another tool I'd look into using is called Greenbone, though it's since rebranded to gvmd. It's an autoamted utility scanning suite that can scan your own webhost (assuming you're hosting the server yourself) and take a peak at stuff and even point out CVEs on the server itself which can be just as vulnerable.
If you're concerned about wordpress security, as I said above, WP core is pretty secure, but it doesn't hurt to have things like cloudflare, proper SSL certs and a good CSP setup. I personally suggest w3 cache!
21-05-2021, 09:21 AM
#26 As a general rule, the less plugins you have on wordpress the more secure it will be as Wordpress itself is very secure. I lookup CVE's daily (Computer Vulnerability Exploits) and make sure my systems are patched at work.
With that said, check out a free application called WPScan, it's a fantastic utility scanner aimed at wordpess website and is built into Kali linux out of the box. I use it when I'm doing web server assessments to see what I can find. I'd also suggest running, if you're self hosting, nikto, it's a very popular web scanner. Another tool I'd look into using is called Greenbone, though it's since rebranded to gvmd. It's an autoamted utility scanning suite that can scan your own webhost (assuming you're hosting the server yourself) and take a peak at stuff and even point out CVEs on the server itself which can be just as vulnerable.
If you're concerned about wordpress security, as I said above, WP core is pretty secure, but it doesn't hurt to have things like cloudflare, proper SSL certs and a good CSP setup. I personally suggest w3 cache!
With that said, check out a free application called WPScan, it's a fantastic utility scanner aimed at wordpess website and is built into Kali linux out of the box. I use it when I'm doing web server assessments to see what I can find. I'd also suggest running, if you're self hosting, nikto, it's a very popular web scanner. Another tool I'd look into using is called Greenbone, though it's since rebranded to gvmd. It's an autoamted utility scanning suite that can scan your own webhost (assuming you're hosting the server yourself) and take a peak at stuff and even point out CVEs on the server itself which can be just as vulnerable.
If you're concerned about wordpress security, as I said above, WP core is pretty secure, but it doesn't hurt to have things like cloudflare, proper SSL certs and a good CSP setup. I personally suggest w3 cache!
RE: Best Wordpress Security Plugin 25-05-2021, 11:51 PM #27 These sorts of things are best handled through a layered approach, using a host that provides specialist WordPress tools (eg: Plesk hosting with WordPress Toolkit) along with security tools such as Immunify360 or similar to block and scan for attacks so that you stay informed, combine this with WordFence or Sucuri plugins and you are on the way to helping keep your site safe.
You must keep WordPress and all plugins updated else it doesn't matter how good your scanning is you will still get popped.
Plesk's WordPress Toolkit for example does the following security improvements to WordPress sites
Forbid's execution of PHP scripts in the wp-includes directory
Forbid's execution of PHP scripts in the wp-content/uploads directory
Disable's scripts concatenation for WordPress admin panel
Turns off pingbacks
Enables hotlink protection
Disables file editing in WordPress Dashboard
Enables bot protection
Blocks access to potentially sensitive files
Blocks access to .htaccess and .htpasswd
Blocks author scans
Restricts access to files and directories
Configures random security keys
Blocks directory browsing
Blocks unauthorized access to wp-config.php
Disables unused scripting languages
Disables PHP execution in cache directories
Changes the default database table prefix
Blocks access to sensitive files
Changes the default administrator's username
25-05-2021, 11:51 PM
#27 These sorts of things are best handled through a layered approach, using a host that provides specialist WordPress tools (eg: Plesk hosting with WordPress Toolkit) along with security tools such as Immunify360 or similar to block and scan for attacks so that you stay informed, combine this with WordFence or Sucuri plugins and you are on the way to helping keep your site safe.
You must keep WordPress and all plugins updated else it doesn't matter how good your scanning is you will still get popped.
Plesk's WordPress Toolkit for example does the following security improvements to WordPress sites
Forbid's execution of PHP scripts in the wp-includes directory
Forbid's execution of PHP scripts in the wp-content/uploads directory
Disable's scripts concatenation for WordPress admin panel
Turns off pingbacks
Enables hotlink protection
Disables file editing in WordPress Dashboard
Enables bot protection
Blocks access to potentially sensitive files
Blocks access to .htaccess and .htpasswd
Blocks author scans
Restricts access to files and directories
Configures random security keys
Blocks directory browsing
Blocks unauthorized access to wp-config.php
Disables unused scripting languages
Disables PHP execution in cache directories
Changes the default database table prefix
Blocks access to sensitive files
Changes the default administrator's username
You must keep WordPress and all plugins updated else it doesn't matter how good your scanning is you will still get popped.
Plesk's WordPress Toolkit for example does the following security improvements to WordPress sites
Forbid's execution of PHP scripts in the wp-includes directory
Forbid's execution of PHP scripts in the wp-content/uploads directory
Disable's scripts concatenation for WordPress admin panel
Turns off pingbacks
Enables hotlink protection
Disables file editing in WordPress Dashboard
Enables bot protection
Blocks access to potentially sensitive files
Blocks access to .htaccess and .htpasswd
Blocks author scans
Restricts access to files and directories
Configures random security keys
Blocks directory browsing
Blocks unauthorized access to wp-config.php
Disables unused scripting languages
Disables PHP execution in cache directories
Changes the default database table prefix
Blocks access to sensitive files
Changes the default administrator's username
RE: Best Wordpress Security Plugin 02-06-2021, 04:56 AM #28 28-06-2019, 07:28 PMwabo Wrote: Making it harder to hack is something you dont need a plugin for.
rename the wp-admin folder to something completley random which helps a little but can still be found with a directory scan.
A good htaccess file to block directories and files you dont want the public to view password protect htaccess with an htpasswd file
An a good hosting provider who actively scans and protects all ports and everything else on the server.
will be more than happy to assist you
Cant agree with this enough.
02-06-2021, 04:56 AM
#28 28-06-2019, 07:28 PMwabo Wrote: Making it harder to hack is something you dont need a plugin for.
rename the wp-admin folder to something completley random which helps a little but can still be found with a directory scan.
A good htaccess file to block directories and files you dont want the public to view password protect htaccess with an htpasswd file
An a good hosting provider who actively scans and protects all ports and everything else on the server.
will be more than happy to assist you
Cant agree with this enough.
RE: Best Wordpress Security Plugin 02-06-2021, 11:54 AM #29 The best security plugin is running your own linux server, with the necessary packages and dependencies up to date with an up to date Wordpress installation with no stupid security breaching configurations. In general it is bad practise to bloat setups with too many plugins, since this actually may open up vulnerabilities in the fututre. Also use a decent firewall, ufw or iptables, depends who's asking.
02-06-2021, 11:54 AM
#29 The best security plugin is running your own linux server, with the necessary packages and dependencies up to date with an up to date Wordpress installation with no stupid security breaching configurations. In general it is bad practise to bloat setups with too many plugins, since this actually may open up vulnerabilities in the fututre. Also use a decent firewall, ufw or iptables, depends who's asking.
RE: Best Wordpress Security Plugin 13-06-2021, 10:03 PM #30 02-06-2021, 11:54 AMava11 Wrote: The best security plugin is running your own linux server, with the necessary packages and dependencies up to date with an up to date Wordpress installation with no stupid security breaching configurations. In general it is bad practise to bloat setups with too many plugins, since this actually may open up vulnerabilities in the fututre. Also use a decent firewall, ufw or iptables, depends who's asking.
Someone running a vps/dedicated is not always the safest option. Its a different set of skills
13-06-2021, 10:03 PM
#30 02-06-2021, 11:54 AMava11 Wrote: The best security plugin is running your own linux server, with the necessary packages and dependencies up to date with an up to date Wordpress installation with no stupid security breaching configurations. In general it is bad practise to bloat setups with too many plugins, since this actually may open up vulnerabilities in the fututre. Also use a decent firewall, ufw or iptables, depends who's asking.
Someone running a vps/dedicated is not always the safest option. Its a different set of skills