Protection Tips for Wordpress SitesApr252017

Protection Tips for Wordpress Sites

Wordpress sites are more often susceptible to a security breach because they require a user name and password to enter the Administration area. Straight HTML coded websites experience other methods for hackers to take over their site. If your website utilizes a managed hosting solution, plugins update and perform security updates for the operating system on a regular basis.

A Few of the Most Widely Used WP Security Plugins

Shield Security by iControlWP,

50,000+ Active Installs (as of 3-28-2017)
Tested up to 4.7.3

Key Features:

  • Blocks malicious URLs and requests.
  • Blocks ALL automated spambot comments.
  • Hides your WordPress Admin and Login page.
  • Prevents brute force attacks on your login and any attempted automatic bot logins.
  • Verifies user identity with email-based Two-Factor Authentication.
  • Monitors login activity and restricts username sharing, with User Sessions Management.
  • Reviews admin activity with a detailed Audit Trail Log.
  • Turns on and turns off WordPress Automatic Updates separately for plugins, themes and Core.
  • Easy to use kill switch to temporarily turn off all Firewall Features without disabling the plugin or even logging into WordPress

All in One WordPress Security & Firewall,

500,000+ Active installs (as of 3/28/2017)
Tested up to 4.7.3

Key Features:

  • User Accounts Security
  • User Login Security
  • User Registration Security
  • Database Security
  • File System Security
  • HTACCESS and wp-config.php File Backup and Restore
  • Blacklist Functionality
  • Firewall Functionality
  • Brute force login attack prevention
  • WHOIS Lookup
  • Security Scanner
  • Comment Spam Security
  • Front-end Text Copy Protection
  • Regular updates and additions of new security features


2+ million Active Installs (as of 3-28-2017)
Tested up to 4.7.3
Heavy Resource User

Key Features:

  • Firewall Security
  • Login Security
  • Security Scanning
  • Monitoring Features
  • Multi-Site WordPress Security
  • WHOIS Lookup, Location and Blocking

Free Learning Center

iThemes Security (formerly Better WP Security),

800,000+ Active installs (as of 3-28-2017)
Tested up to 4.7.3
Heavy Resource user

Key Features:

  • Two Factor Authentication
  • Password Security
  • Malware Security
  • Google reCaptcha
  • Brute Force Protection
  • Hides Common WP vulnerabilities
  • Recovery Capable
  • Detects Hidden 404 Errors
  • Security Tutorials

Protect Your WordPress Admin with These Tips

Consider a Lightweight but Effective Plugin that Acts as a Login Barrier

WP Limit Login Attempts,

This plugin performs as protection against brute force attacks, which is considered the easiest method of gaining access to a CMS, Wordpress website. Bots will try over and over to crack your user name and password until it gains access. This easy to set up plugin limits the rate of login attempts and will block IPs.

IP Address Limited Access

Whitelist your IP address in your security protection plugin of choice. If you have site contributors who post to your site regularly, add their IPs as well.

Big No No, Never Use “Admin” or “admin” as Your User Name

Make it hard for attackers to guess. Brute force attackers first use admin/Admin as user names when trying to break in.

Choose a Strong Password

Use a different password for your WP site then you use for other logins. It’s recommended to use 10 characters made up of mixed case letters, numbers, and symbols. Try to change your password every 60-90 days.

Don’t Broadcast Your WP Version

WP version identification allows attackers to quickly determine known vulnerabilities for your running version. Via FTP, delete the "readme.html" file.

Two Step Password

With the WP-OTP you can easily set up 2 Factor Authentication with One Time Passwords for your WordPress login. This extra layer makes your WordPress site a lot more secure.