Millions of websites are created by wordpress fans. However, it has been targeted attacking based the software popularity. From web analysis report, the daily attacks are millions on multiple famous sites using wordpress. Because of this, lots of companies make good business by offering wordpress securing service. In this article, we'll introduce 6 best FREE plugins to secure a wordpress site in few minutes.
1. Wordfence Security
The top recommended security plugin for enterprise class security and performance. Wordfence provides a fast caching engine, firewall and anti-virus scanning. It can quickly report malicious URLs and doubtable traffic. It's also announced to be the only wordpress security and performance plugin that can verify and repair your core, theme and plugin files without a backup.
Wordfence official download: http://wordpress.org/plugins/wordfence
See video introduction here:
The plugin also provides premium paid support and features including scheduled scanning, country blocking and more. It would be great for enterprise users to automate the full system. However the free option is already perfect for small to medium users.
2. Stealth Login Page
An advanced wordpress plugin for login protection. Using this plugin, we can fully customize the wordpress login URL instaed the default one. We can also disable the wp-login.php file directly for further protection. Things we can configure:
- Define the wordpress site login URL such as http://mysite/login
- Redirection of unauthorized login attempts
- Authorization code on login form
Plugin download: https://wordpress.org/plugins/stealth-login-page
Sabre(Simple Anti Bot Registration Engine), a plugin dedicated for anti-spam registration on wordpress site. The plugin will auto analyze if its real user registration and block those well know spammers directly. At the meanwhile, captcha authentication is added to registration form so spam registration is almost 100% avoided.
Sabre download: https://wordpress.org/plugins/sabre
4. Bad Behavior
An outstanding plugin to filter spam links. Acting as a gatekeeper, bad behavior prevents spammers from ever delivering their junk or ever reading your site in the first place. It's not only good to keep your wordpress site clean but also helpful to avoid DOS attack.
Bad Behavior: https://wordpress.org/plugins/bad-behavior
5. TAC(Theme Authenticity Checker)
The sole purpose of TAC is for theme verification. TAC will check each theme source file and find out malicious codes if any. Once founded, TAC will show the path to the theme file, the line number, and a small snippet of the suspect code. There're many theme resources on internet but not all are 100% clean. Especially for those free themes trying to collect user information, tac will ensure its cleanness before applying to your production site.
TAC download: https://wordpress.org/plugins/tac
A network level protection to prevent automatic attacks. Beyond a simple security plugin, it's a powerful firewall and dedicated for wordpress protection. AskApache makes full use of available apache modules & rules and load the commands to .htaccess file. Not only the wordpress login page is protected, all site files are secured.
See full description on official page: https://wordpress.org/plugins/askapache-password-protect