If your website is on WordPress, you’re on the best CMS website platform out there. Its popularity is growing like crazy and as of 2015 over 25% of the world’s most popular website are on the platform. But that popularity also attracts the bad guys. WordPress developers are constantly hopping to keep in front of the hackers. If you want to keep your website off of the hacker’s hit list, here are three types of WordPress security plugins that you need to have installed in your site.
Security Plugins
I’ve always thought that if the hackers of the world would put their minds to doing good, this world would be a much better place. There are absolute geniuses spending their days trying to break into your website so they can subvert it for their own purposes. While the designers of WordPress do the best to make the platform sound and free from security holes, having an extra layer of security is absolutely essential if you want to keep your site safe. The scary thing is that your site can be hacked and you can’t tell.
I was once hired to redesign a WordPress site that looked completely secure at first look. Once I done into the back end of the site, I noticed some oddly named files in their WordPress directory. They had been hacked months earlier and didn’t have a clue. Had Google picked up on the issue, their site would have been removed form search results, killing their site visitor traffic. That’s not so easy to recover from. Try one of these security plugins to keep your site safer:
Securi
WordFence
*iThemes Security ($)
If you use Jetpack, the multi-faceted WordPress plugin from Automattic, Digital Strategist and Technology Coach Lisa Berger of LisaBerger.com recommends using the Protect module (formally BruteProtect). “It uses data from thousands of WordPress sites to identify the “bots” that are malicious.” Lisa told us. “If it notices a computer trying to guess passwords at multiple sites, it blocks them from guessing on any WordPress site with Protect installed. It’s free, it’s updating in real time, and on many of the sites I manage, it blocks thousands of malicious attempts every single week.”
Comment Spam Plugins
Comment spam is the bane of any website owner’s existence. Where exactly does all of that spam come from? Some come from actual humans who are paid to sit at their computers and submit spam comments all day. And then there are little bot programs running around the web submitting comment after comment to any website they can find. When one attacks your site, you know it to the tune of hundreds of spam comments. Who wants to wake through all of those? And what if a REAL comment gets buried in the mix?
“When we first started our Mom-Owned business directory, the spam was unbelievable.” said Cary Heise of Vend Raleigh. ”The spammers were submitting hundreds of things a day. It took up so much of my time and it was very frustrating.” Cary changed the way submissions were done on her site and used a comment spam plugin to help cut down of the spam.
In WordPress under Settings>Discussion make sure you’ve set your comments to moderation. Then, make sure you have one of these plugins to help weed out the spam.
Akismet ($)
Antispam Bee
Backup Plugins
You’d think that adding some kind of backup utility would be the first thing a web designer does for their clients. And for a web designer who is at the top of their game is it. But if you took advantage of cheap pricing or an inexperienced designer to save a few bucks, you might get left in the lurch when your site goes down.
Your hosting company does take a backup of your site, but it’s not enough. Unless you’ve upgraded your plan or you are on an expensive full-service host like WP Engine, that backup is saved over every time a new backup is taken. That means if you don’t realize your site is hacked within 24 hours, your backup is hacked as well.
Do you really need a backup? Having a good, clean backup can be the difference between having your site restored in 5 minutes and having to pay hundreds or thousands and wait weeks to have your site rebuilt. Just ask Catherine Pooler of Catherinepooler.com. Her site went down in the middle of a huge product launch. “The hosting company said no dice, the website is GONE!” Catherine told me. “But my web designer was on it and restored my site from the backup. We were taking orders again within 15 minutes. Having that backup saved my launch!”
Here are some of the backup plugins we use and recommend:
*Backup Buddy ($)
VaultPress ($)
Updraft Plus
If you haven’t taken any steps to secure your WordPress site, don’t hesitate. These plugins are very easy to install and set up. There is no good reason to put it off.
*An asterisk next to a link denotes a plugin that I endorse as an affiliate. I may receive compensation if you make a purchase after clicking on a link. I review and recommend hundreds of plugins but I only become an affiliate for the ones that I use and depend on for my own sites and client sites. If you see the asterisk, you can take it as my ultimate vote of confidence.