There’s no question about it when it comes to site security: you need to keep your data and your customers’ information safe. But that means keeping track of all the different ways your site might be at risk. Here at Pressable, your site’s security is one of our top priorities. But, we can’t exactly go fight all the bad guys by ourselves.
One of the best ways to improve your WordPress site security is to use plugins. The right plugin is difficult to bypass, easy to configure, and not so big that it messes with your load times. But, in a sea of plugin options, it can be tough to pick out the right fit for you. Here are three of our favorite security plugins for your WordPress website:
1 – Sucuri
While security plugins are a dime a dozen, it’s tough to find a credible, all-in-one option. Sucuri does it all. It’s a complement to your current security posture that includes features like security activity auditing, which can help system admins figure out what’s going on with a site. Sucuri also comes with file integrity monitoring, which makes sure the current file matches a static version, and blacklist monitoring, which will tell you if your site is flagged by various blacklist engines like Google Safe Search.
Premium Sucuri users can also opt for a website firewall, one of the plugin’s best features that will truly upgrade the strength of your security procedures.
2 – Two-Factor
If you aren’t using two-factor authentication (2FA) these days, look around, and catch up with this new standard. If you haven’t heard, 2FA requires users to confirm their identity using two different factors: something they know (like a password) and a second step, such as inputting a code sent via text or channel of your choice to verify you are who you say you are. There are also apps available that can help streamline this effort to defend against malicious actors that acquire your password. Check out Google Authenticator or Miniora if you’d like to learn more.
Two-Factor is an open-source plugin that makes adding a 2FA system to your site super simple.
3 – Limit Login Attempts
The name says it all. Limit Login Attempts will allow you to set a limit on the number of login attempts per IP or through using authorization cookies. It’s super customizable, too. You can opt to receive an email if there are a certain number of lockouts from one IP, and you can add users to a blacklist.
These plugins are not the be-all and end-all of WordPress site security. Rather, they are all great additions to your existing security practices, like making sure your plugins and themes are up-to-date. At Pressable we automatically update several plugins on all of our customer sites. We also offer a Jetpack Security Daily subscription to further help you keep track of your plugin updates. But as helpful as all of this is – simply creating strong passwords can’t be overlooked. It’s so important in fact, that WordPress created this plugin that forces strong password creation. Another tip is to avoid allowing users to upload executable files. But user access is a whole other story.
As always, the 24/7 WordPress support team is here to help with any questions regarding the security of your site.
Zach Wiesman
Zach has 12+ years of experience with WordPress, from creating and maintaining client sites, to providing support and developing documentation. A knack for problem-solving and providing solutions led Zach to pursue a job with Automattic providing customer support in 2015 working with WooCommerce support, and now Zach has recently joined our team here at Pressable. Outside of work, Zach enjoys spending time with his family, playing and watching sports, and working on projects around the house.