The original is not allowed to be reproduced without the authorization of the author
Although the security settings and design of the website itself are very important, for example, what should be paid attention to after the WordPress installation and before the database installation, the WordPress security plug-in is also one of the important tools to keep the website safe. Various security plug-ins allow you to customize the security features of the website to meet your specific requirements. Next, we will introduce you to the six top-level WordPress security plug-ins.
The first one is Sucuri Security
Sucuri Inc. specializes in website security, and WordPress website security is one of their specialties. The WordPress plug-in is free for all WordPress users. It is a security suite, and of course there are some paid functions, but most of the functions are free, which is more than enough for the security of general websites. Sucuri Security provides:
Website Activity Audit File Monitoring Malware Scan Security Notification Web Application Firewall (WAF) (Advanced Version Only) More features.
Most of these services are free. In addition to website firewall and other functions, you need a paid Sucuri account. The official website is priced at US $199.99 per year, More information
Wordence is the flagship product of Defiant Inc. Its functions are similar to those of Sucuri, but compared with the free version of Sucuri, its functions are more comprehensive. include:
WORDPRESS firewall: Web application firewall identifies and blocks malicious traffic; Prevent violent login attacks by limiting login times; The scanner blocks malware, requests that contain malicious code or content. Other WORDPRESS security scanning: 1. Wordence Security software scanner will check whether core files, Wordpress themes and plug-ins have malware, wrong URLs, backdoors, SEO spam, malicious redirection and code injection; 2. Connect your core files, themes and plug-ins with // WordPress.org Compare the content in the repository, check its integrity and report any changes to you; 3. Repair the changed files by overwriting them with the original version, and delete all the files not included in the original version in the Wordence interface; 4. Check your website for known security vulnerabilities and issue warnings. When the plug-in is closed or abandoned, you will also be reminded of potential security problems. For more functions, please visit the official website. Login security: Two time authentication (2FA), which is one of the most secure forms of remote system authentication that can be used by any TOTP based authenticator application or service. (In short, it requires two verifications when logging in, including the phone number); The login page CAPTCHA prevents bots from logging in; Security tool: real-time traffic and analysis monitoring More features.
, which is known by few people. It is referred to as all-in-one WP security and firewall for short. Although it is completely free, it has most functions to maintain website security. Some main functions are as follows:
Login locking can prevent brute force attacks Monitor/view failed login attempts Too many login attempts and when locked out, notify by email. It is allowed to block one or more IP address database backups. File protection, editing, backup and restore Firewall protection Comment Spam prevention can disable right clicking to prevent articles from being copied. See more features
Developed by WPMU DEV, WPMU DEV is an alliance of WordPress experts and WordPress toolkit developers. As a WPMU DEV member, you can use a variety of services, including website hosting, performance, security, SEO, multi site plug-ins, marketing tools, etc. Some main functions of Defender WordPress Security are as follows:
Login Twice Verification (2FA) WordPress Security Firewall – Blocking IPWORDPRESS Security Scan Login Protection: After a certain number of login failures, the IP will be permanently disabled or a timed lock will be triggered. IP address blacklist More features.
The professional version has more comprehensive functions, providing additional scanning, security vulnerability report, etc. But you need to become a WPMU DEV member to use it. The price is $49 per month, and the website provides more than 100 plug-ins for use. For more details, please visit the official website.
The WP Activity Log plug-in is developed by WP White Security to help webmasters better manage WordPress websites and users. For example, WP Activity Log focuses on providing high-quality activity monitoring, including user changes, widget and menu changes, post and page changes, WordPress database changes, etc. In short, it is a comprehensive monitoring of website activities.
This is a simple and easy to use firewall plug-in. It claims to be the fastest firewall plug-in in Wordpress. It mainly protects your website from malicious URL requests. It will check all incoming traffic. For websites that cannot use the. htaccess firewall, this is a simple and reliable solution
Blocking various malicious requests Blocking directory traversal attacks Blocking executable file upload Blocking SQL injection attacks Scan all incoming traffic based on 5G/6G firewalls and prevent bad requests from scanning all types of requests: GET, POST, PUT, DELETE, etc. For more functions, please visit
BBQ: Block Bad Queries Professional Edition includes more advanced scanning functions. The lowest price is $20.
summary
All kinds of security plug-ins have too many functions and are dazzling. I don't know which one to choose. In fact, the most important thing is to see the needs of your website. You can scan your website with security software, and then choose according to the defects of the website. Maybe you only need firewall, login protection and blocking IP, and other functions of the plug-in do not have to be enabled (personal opinion, only for reference).
