Lately many WordPress are suffering from serious security problems that affect the uptime Yet the website stability, and in many cases even affect the server stability.
One of the great advantages of WordPress is that it is the most used content manager, but at the same time it is also is the content manager that finds security flaws faster due to the large number of plugins and themes that exist, any plugin or theme can be a major security breach if it is not updated or if it is poorly developed.
A couple of weeks ago we talk a lot about CryptPHP, a malware that affected many of our customers, since his mode of diffusion is through plugins and nulled themes or pirates, thank goodness that the consequences were not too remarkable and that the only thing we had to solve was a handful of IP addresses included in the main spam lists and web malware.
And now comes the reflection, apart from preventing and beware of nulled and disreputable content, What else can we do? What can protect us from this type of malware? Well, in this article we are going to list 5 WordPress security plugins that you may find interesting to protect your website or blog WordPress.
ALL IN ONE WP SECURITY & FIREWALL
I recently discovered this plugin on one of the English blogs linked to WordPress that I usually read every day.
The main advantage of a All in one, as the name suggests, is that includes several security services in a single plugin: antivirus, firewall, security auditor, firewall and some more features that are very interesting for securing WordPress.
One of the things I like the most about All in One WP Security & Firewall is the managing the .htaccess file and the file management wp-config.php, two of the most important files in the operation of WordPress and in your safety (although he .htaccess can be substituted in case of not using Apache or LiteSpeed).
In All In One WP Security & Firewall I have found tools to control all kinds of parameters: account security, database security, access security and login, security against malicious code injections in files, security of permissions file and folder, protection against brute force attacks, iframe protection and pop-ups, text copy protection and many other features.
WORDFENCE SECURITY
WordFence is one of the most used plugins for reinforce and improve WordPress security, and although it has a long time it is one of the most effective since allows us to protect WordPress from several fronts at the same time.
One of the strengths of WordFence is that it has a good file analysis engine that have changed or that have been injected with code, the bad thing is that sometimes it can give too many false positives in the analyzes, in addition It will allow us to see the visitor analysis in real time, although this significantly increases the consumption of resources if the website has traffic.
Wordfence try to have minimal impact on website performance, for this reason it has implemented a small cache system that can be fully exploited on .htaccess-compliant web servers like Apache.
Secondly, WordFence has a very powerful firewall that allows us block visitors by country, zone of the world or even by provider and user-agent.
As in the case of All in One WP Security & Firewall, to take full advantage of the potential of WordFence must configure the plugin whole, something that requires advanced knowledge to avoid problems.
ITHEMES SECURITY
iThemes Security before it was called Better WP Security and for a couple of months (more than half a year) it has become a very complete solution to protect WordPress, since it allows us make some parameter changes that will help us keep WordPress out of the reach of intruders and hackers.
Although many of our clients use iThemes Security on your WordPress installations, we personally don't like it due to the amount of configuration parameters it has and how difficult the use of WordPress can make us as administrators in exchange for much more security.
Although it seems that iThemes Security takes you by the hand during the entire process of securing the site, the reality is not like that and If you want to take advantage of the full potential of the plugin, you must configure many parametersIf you do not know very well how to configure them, it is advisable not to do it, since One misstep can leave your WordPress inaccessible.
iThemes Security does not have any module that allows you to clean virus or malware, but yes what has a very powerful and customizable blocking firewall and a system that allows us customize many parts of WordPress in order to improve your safety and prevent possible future infections.
CENTRORA SECURITY
Centrora Security is a fairly powerful WordPress security suite and why requires a very deep installation within WordPress, integrating with all parts of the CMS and protecting the facility In its whole.
Unfortunately, not everything can be so beautiful, and it is that the complete protection it offers Centrora directly impacts the performance of the WordPress website or blog.
Secondly, Centrora offers some free features, but many others are paid, as is the case of the "antivirus" module.
In the free part Centrora offers us a very powerful and highly configurable firewall following a normal rules scheme, and a pretty good tool that will allow us audit the security of our website to reinforce those most defenseless parts.
Another strong point of Centrora the thing is protects us against possible attacks or injection attempts using GET parameters in the URL, that is, using variables.
ANTIVIRUS FOR WORDPRESS
Perhaps this plugin is the "laziest" of the list of five, since it only has one functionality: antivirus and antimalware for WordPress.
The operation of the plugin is simple and it simply has a configuration screen where we can perform an on-demand scan of theme files for malicious code.
The plugin itself takes care of scan theme files once a day for malware and if so let us know by email previously configured.
Unfortunately the plugin, in its attempt to analyze the code in the most exhaustive way, usually detects quite a few wrong patterns that cause false positives, so that not a recommended plugin for beginner WordPress users.
No Comment