Here i am describing some best Security plugins those are really effective and potential for your WordPress site. And all of these are free versions, if you are satisfied with their service then you can go for premium too.
1. BulletProof Security
[image: BulletProof Security – Security Modes page]
[image: BulletProof Security – Login Security and Monitoring page]
BulletProof Security htaccess Core (Firewalls, etc.) Features
- Root Folder BulletProof Mode/Firewall
- wp-admin Folder BulletProof Mode/Firewall
- Built-in .htaccess File Editor & File Manager
- Built-in .htaccess Backup and Restore
- One-click .htaccess website security protection from within the WP Dashboard
- .htaccess security protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection………. hacking attempts
- TimThumb Vulnerability/Exploit .htaccess security protection (Firewall)
- .htaccess Lock / Unlock (404 Read-Only)
- .htaccess AutoLock On or Off
- Security / HTTP Error Logging – Log 400, 403 and 404 Errors
- Security Log: Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log
- Security Log: Turn On / Turn Off / Delete Log
- Security Log Automation: Automatically zipped, emailed and replaced based on file size
- Automatic .htaccess file updating on BPS upgrade installation
- New .htaccess security filters automatically added during upgrade
- WP Dashboard Alerts / WP Dashboard Dismiss Notices
- Anti Comment Spam .htaccess code – works together with Akismet or other Spam plugins to keep Comment Spam at a minimum
- Anti Comment Spambot .htaccess code – Forbid Empty Referrer Spambots
- Author ID / User ID / Username Bot Probe Protection
- Custom Code feature: Add, Edit, Modify, Save additional Bonus or personal custom .htaccess code
- WordPress readme.html and /wp-admin/install.php protected with .htaccess security protection
- wp-config.php and bb-config.php files protected with .htaccess security protection
- php.ini and php5.ini files protected with .htaccess security protection
- WordPress database errors turned off – Verification and function insurance
- WordPress version is not displayed / not shown – WordPress version is removed
- WP Generator Meta Tag filtered – not displayed / not shown
- WP DB default admin username / account check
- System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, WP Filesystem API Method, DNS, Max Upload, Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, cURL, Memcache and Memcached
- Security Status Page – Displays website security status information
- File and Folder Permission Checking – CGI / DSO – SAPI check / display
- Help & FAQ page – links to BPS Guide and other detailed Help & Info pages
- Extensive Read Me! jQuery Dialog Help buttons throughout the BulletProof Security plugin pages
- Website Developer Maintenance Mode (503 website open to Developer / Site Owner ONLY)
- Log in / out of your website while in Maintenance Mode
- Customizable 503 Website Under Maintenance page
- HUD Success / Error message display
- i18n Language Translation coding
BulletProof Security Login Security & Monitoring Features
- Brute Force Login Security Protection
- Log All User Account Logins or Log Only User Account Lockouts
- Logged DB Fields: User ID, Username, Display Name, Email, Role, Login Time, Lockout Expires, IP Address, Hostname, Request URI
- Email Alerting Options: User Account is locked out, An Administrator Logs in, An Administrator Logs in and when a User Account is locked out, Any User logs in and when a User Account is locked out, Do Not Send Email Alerts
- Login Security Additional Options: Max Login Attempts, Automatic Lockout Time, Manual Lockout Time, Max DB Rows To Show, Turn On/Turn Off
- Login Security Stealth Mode: Standard WP Error Messages or Generic Error Messages.
- Login Security Stealth Mode: Enable or Disable Login Password Reset capability and links.
- Dynamic DB Form: Lock, Unlock, Delete
- Enhanced Search: Allows you to search all of the Login Security database rows/Fields
- Stand-alone Unlock Form bpsunlock.php: Unlock User Accounts without having to be logged into the WP Dashboard
- Click the Login Security Blue Read Me help button for full descriptions of all features and options.
BulletProof Security FrontEnd/BackEnd Maintenance Mode Features
- FrontEnd Maintenance Mode, BackEnd Maintenance Mode or both FrontEnd & BackEnd Maintenance Modes
- Website displays & functions normally while visitors see a website under maintenance page
- TinyMCE WYSIWYG Editor
- Embed image files and YouTube videos
- 20 background images, 15 center images (text box image)
- Background image files/options and Center images (text box image) are independent of each other so that you can mix and match different background images with different Center images (text box image)
- Enable Countdown Timer
- Countdown Timer Text Color
- Maintenance Mode Time in Minutes
- Header Retry-After in Minutes ~ 503 HTTP Status Code
- Enable FrontEnd Maintenance Mode ~ site development, maintenance, coming soon, under construction, etc.
- Enable BackEnd Maintenance Mode ~ Deny All IP address .htaccess protection for the wp-admin folder / WP Dashboard
- Maintenance Mode IP Address Whitelist Text Box: Enter The IP Addresses That Can View The Website Normally (not in Maintenance Mode)
- Maintenance Mode Text, Images, Videos Displayed To Website Visitors
- Background Images ~ 20 background images ~ mix and match with center images ~ see screenshot
- Center Images ~ 15 center images ~ mix and match with background images ~ see screenshot
- Background Colors (If not using a Background Image)
- Display Visitor IP Address
- Display Admin/Login Link
- Display Dashboard Reminder Message when site is in Maintenance Mode
- Send Email Reminder when Maintenance Mode Countdown Timer has completed
- Email: To, From, cc, bcc
- Network/Multisite Primary Site Options ONLY
- Put The Primary Site And All Subsites In Maintenance Mode
- Put All Subsites In Maintenance Mode, But Not The Primary Site
2. Wordfence Security
Wordfence starts by checking if your site is already infected. We do a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster.
Wordfence Security is 100% free. We also offer a Premium API key that gives you access to our premium support ticketing system at support.wordfence.com along with two factor authentication via SMS, country blocking and the ability to schedule scans for specific times.
[image: Wordfence scan example]
Wordfence Security is full-featured and constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.
3. All In One WP Security & Firewall
This security plugin offers the latest recommended WordPress security practices and techniques as easy to use features. It is designed and written by experts with the user in mind. You don’t have to learn complex htaccess rules to apply good firewall rules to your site anymore.
The All In One WordPress Security plugin will take your website security to a whole new level. This plugin is designed and written by experts and is easy to use and understand. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
WordPress is already a secure platform in the way it is designed but the common security holes and issues found in most WordPress websites usually come from careless users or bad security practices, poor hosting configuration and poorly coded plugins or themes.
Therefore it is very important to add some extra security and firewall to your site by using a plugin such as this one which enforces many crucial security practices on your site.
All In One WP Security and Firewall also uses an unprecedented security points grading system to measure how well you are protecting your site based on the security features you have activated. More about plugin
This post has already been read 9204 times!
TAGGED : plugin, security