Additional menu

Security Plugins

Secure your WordPress site from online vulnerabilities, bad guys, spammer, DDoS attacks and more by using these plugins. Most of them offer continuous security scan and notification.

Google Authenticator

Google Authenticator for WordPress is a simple plugin that lets you enable two-factor authentication. The authenticator app is available for iPhone, Android, and Blackberry.

You can active two-factor authentication per user basis on top of a regular password.

WP Security Audit Log

WP Security Audit Log helps to log every single event on your website. It also works with WordPress multisite. By using this plugin, you can ensure security, productivity and organize your workflow.

The plugin has more than 70,000+ active installations and is a must-have tool for WordPress administrators and security professionals.


  • Tracks almost every activity on your WordPress site
  • Tracks user activities such as password change.
  • Reporting is accurate to milliseconds
  • Records IP address.

WPS Hide Login

WPS Hide is a light-weight plugin that lets you easily change the admin login URL. Deactivating the plugin brings your site back exactly to the state it was before.

Changing an admin URL would be a good idea to hide the login page from an attacker to avoid automatic brute-force attacks.

BulletProof Security

BulletProof Security offers Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam & much more.

Plugin got one-click setup wizard where you can secure your site in few clicks.


  • MScan malware scanner
  • .htaccess protection
  • Idle session logout
  • Login monitoring, logging, and security
  • JTC anti-spam protection
  • Inbuilt firewall

BulletProof plugin also got PRO version with more security coverage.

Cerber Security

Cerber Security defends your site against hacker attacks, spam, Trojan, and malware.

Mitigate brute force attacks by limiting the number of login attempts through the login form XML-RPC / REST API requests or using auth cookies.


  • Permits or restrict access by White IP access list and Black IP access list with a single IP, IP range or subnet.
  • Automatically detects and moves spam comments to trash or deny it completely.
  • Citadel mode for massive brute force attacks.
  • Protection against DDOS attacks.
  • Hides wp-login.php and wp-signup.php from possible attacks.
  • Immediately blocks an IP or a sub-net when attempting to log in with a non-existent username.

The plugin is free.

Block Bad Queries

Block Bad Queries or BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request strings.

This is a simple yet a perfect solution for sites that are unable to use a strong .htaccess firewall.

Some of the key features are:

  • Helps block SQL injection attacks.
  • Scans all incoming traffic and blocks bad requests.
  • Provides statistics such as the number of hit counts for every pattern and bar graph of all count data.
  • Helps block directory traversal attacks.

Anti-Malware Security and Brute-Force Firewall

Anti-Malware Security and Brute-Force Firewall run a complete scan to automatically remove known security threats and backdoor scripts.

It has a Firewall that blocks SoakSoak and other malware from exploiting Revolution slider and other plugins.


  • Disable XMLRPC
  • Prevent brute-force and DDoS attacks
  • Core files integrity checks

Anti-Malware Security and Brute-Force Firewall is an open source software and hence free to use.

Sucuri Plugin

Sucuri, one of the reputable in providing comprehensive security services to a site from small to big. You can monitor security-related events and check your site against popular blacklist including Google, Norton, AVG, Phish Tank, Yandex, etc.

There are four main features of the plugin.

  • Auditing - check what's wrong
  • Monitoring - get notified when something goes wrong
  • Malware Scanning - scan for known malware
  • Hardening - apply a necessary configuration to protect from online vulnerabilities

All In One WP Security & Firewall

A comprehensive, easy to use, stable and well-supported WordPress plugin that adds extra security and firewall to your site by using different tools that enforces a lot of good security practices.


  • Enforce to allow only strong password
  • Stop bad bots
  • Login lockdown based on IP or action
  • Protect against brute-force, XSS
  • and many more...

iThemes Security

50% OFF

iThemes Security is designed to "keep the bad guys out".  It helps in limiting the number of failed login attempts allowed per user with WordPress brute force protection.


  • Lockdown admin area at specific hours
  • Apply strong password-only policy
  • Two-factor authentication
  • Lock the bad users or bot
  • Inbuilt database backup
  • Grade your site and see what all needs to be fixed
  • Inbuilt malware scanning

A good choice to secure and protect your WordPress. iThemes Security is built by WP expert and they have more than 40 WP plugins.