The best WordPress security plugins for your site
It’s a pretty scary time on the internet these days. Security and protecting against attacks has never been more important.
But to a novice webmaster, it can all seem so overwhelming. Where do you even begin?
The good news is that if you’re using Sports Bench (either the plugin or theme) and WordPress, there are plenty of great options to add security to your website. Most of them are premium plugins, though most of the top ones also have a free version you can try out.
But in the end, they all do what they’re supposed to do: protect your website.
So, here are some of the security plugins I recommend for your website.
Like a number of the top security plugins, Securi offers a free and paid version of its plugin. If you just want to try it out, it never hurts to see how it works with the free plugin and then upgrade to the paid if you like it. Just know that you won’t have all of the available features with the free version.
As for the plugin itself, it offers a firewall for your website, scans of your site to monitor the code to make sure nothing malicious has been added, denial-of-service or DDoS protection and instant notification if it notices something’s not right.
Overall, I’ve heard good things about Securi and are definitely worth a look to see if it works for you.
WordFence is also a pretty popular security plugin in the WordPress sphere. Like Securi, there’s a free and paid version of the plugin which is good enough to get you started. It offers firewall protection to blocking brute force attacks.
The paid version is a bit steep, however, at $99 a year. But it does offer live traffic monitoring, scans of your code and files and robust login features. If you want to feel like your website is really secure, WordFence is probably the best way to go.
Finally, there’s iTheme Security, which is a pretty good security plugin. It can for you and users to use strong passwords, has support for two-factor authentication (more on that below) and can change authentication keys to keep things safe.
Plus, you also have the ability to set an “away” mode where you can lock the dashboard for all users. And, like the other plugins featured, it will check your files to make sure nothing malicious has been inserted into your code.
The cost is $80 for two websites, which is pretty good if you need it just for your league’s website. It also includes updates to the plugin and ticketed support in case you need any help. You can’t really go wrong if you decide to use iThemes Security.
Check your hosting and passwords
But none of these plugins will work that well if you don’t have a secure host. After all, there’s only so much a plugin can do. If hackers can get to your website through your host’s servers, a plugin won’t be able to stop that.
The good news is that most major web hosts, like WP Engine, GoDaddy, Site Ground, Flywheel, etc., are as secure as they can be. But if you start going off the beaten trail with extremely cheap hosts and shared hosting, you’re going to run into some problems.
Also, make sure you’re using strong passwords for your logins. WordPress has a strong password generator already built in. Plus you can use KeePass (free) or 1Password (paid) to generate strong passwords and store them.
That also leads me to my last point, two-factor authentication. TFA, as it’s known, essentially means that you have to login with your username and password, then get a code sent to you via email or phone and then enter that code in order to actually login.
Since someone trying to guess your login and password would need your device to login, it makes it much harder for someone to get in. It’s still not quite a silver bullet, but it does make your site much more secure.
With WordPress, I highly suggest using the Two-Factor Authentication plugin as it’s what I’ve been using recently and have had no issues with it at all.
So if you’re worried about website security these days, try out these plugins and tips. It won’t take care of everything, but it will make it much harder for someone with bad intentions to accomplish their mission.