When it comes to security, good enough is not enough. That’s why you should always go for a premium WordPress security plugin/service.
There’s no denying that on the whole, premium WordPress plugins offer much more value over the free ones. But even among the premium plugins, there are some that are on top of the food chain. They might be expensive, but they have a unique impact on your business, and any WordPress website worth its salt cannot do without them.
This post is about four such amazing plugins and services. But first, let’s step back a little and talk about this dark art known as web security.
Why should I care about Web security?
Hmmm, good question.
It’s hard to get yourself excited about security when your business is growing, and your website is doing great month after month. Now, you know that your business is 100% digital — those few files residing on a public computer somewhere is what makes your business all that it is.
And believe it or not, it’s a very shallow foundation to be banking your entire future on. New libraries, software, and features are being pushed out every week, but the state of security is very much where it was ten years ago (there are still several nasty ways to bring down a web app).
This is particularly true for WordPress, which doesn’t have a confidence-inspiring architecture from a security standpoint.
For you, the business owner, the risk is colossal — losing everything you have built over the years within a few seconds. Think about it — the business will come to a screeching (or silent) halt, customer complaints and anger will mount exponentially, and there will be nothing to do.
Even if you have multiple and frequent backups of everything and can restore the site, the damage to your reputation will be irreversible.
In other words, please, please, for the sake of your business and its reputation, act before it’s too late. By using one or more of the suggestions in this post, you’ll be able to take care of 99% of the weak links in your defense chain (as for the remaining 1% everyone has them). Take charge of your WordPress website security.
Okay, enough of rabid motivation; let’s get on on the suggestions. 😛
SUCURI is a cloud firewall, CDN, monitoring, and DDoS protection; all rolled into one.
It’s a decoupled, platform-neutral service that works with any CMS or web setup out there, most notably WordPress, Joomla, Drupal, and Magento.
Head over to their pricing plans, and you’ll find lovely deals. What caught my eye was the $199.99 per year plan, which has everything you could ask for (hack scanning, blacklist monitoring, DDoS protection, CDN, SSL, firewall), along with twelve-hour response time and 30-days money-back guarantee! :-O
For a website that’s making a few thousand dollars a month (or year) and can at any time lose it all to a stupid, automated attack? Not at all!
Wordfence is a kind of household name by now, being one of the best freemium plugins out there. Even after 2+ million active installations, it retains a near-perfect rating and is the number-one-thing-to-install for experienced WordPress admins.
But the real joy of this plugin is in the premium version, where you get a very useful firewall and eye-popping good features (IP filtering, country-blocking, backdoor scanning, to name a few).
The icing on the cake is the reporting dashboard that is available right from your WordPress admin menu.
Price? $99 per website per year. C’mon, you have to be kidding me?!
iThemes is a known name in managed WordPress hosting, but they also have an amazing premium security plugin called iThemes Security. It’s another batteries-included offering that contains some unique and useful features. I feel compelled to take a pause and quickly discuss a couple of them.
File change detection: WordPress is (almost) all about files and what’s contained in them. When a plugin is added, it adds its files; when the core is updated, several files are replaced; and so on. Which means if someone has gained access to your website and is installing malicious code, file changes are one of the first things to look for.
404 detection: The greatest threat to most websites is not from determined hackers, but from bots that persist with their mindless but thorough attacks. For instance, a WordPress bot designed to hack would start by searching for key URLs in a setup that can be compromised.
For instance, it might search for /admin, /members-only, /private, and so on, hoping to find a page that grants access to the site after the password is broken. But since this bot can only guess and comb through the options one by one, it will generate a lot of 404 (not found) requests on the server.
In other words, it’s asking to be blocked, which is something iThemes Security does well.
Honestly, the number of features are too many to be all discussed here, so I encourage you to visit the site and have a look.
If you’re a freelance WordPress developer, you can protect up to 10 websites for $127 per year. That’s $12.7 per year for one site. Impossible to believe!
There’s no doubt you’ve heard of Cloudflare before; it’s one of the top (or the top?) names when it comes to high-performance CDN. I mean, unless you’ve researched CDNs on your own, Cloudflare is probably the first thing that comes to mind, or the first name that someone recommends, when it comes to a CDN.
What you may not know, however, is that the pro plan is an industry-grade security offering that’s used by the likes of Discord, Crunchbase, Udacity, ZenDesk, Cisco . . . Okay, I’ll stop before my brain explodes!
Cloudflare is not tied to just WordPress but works with all. It’s an extremely serious, high-performance offering for businesses that have things moving at a mad scale and cannot afford any weakness at all, no matter how minute.
The pro plans are expensive, with the basic one being at $20 per month, but does contain nice features like image optimization and mobile optimization. So, if you’re at a scale where the laws of (computer) physics are no longer obeyed, and nothing less than a howitzer will do, Cloudflare is the answer.
To conclude, you can’t go wrong with any of these plugins/services here. For some, a combination of Wordfence and Cloudflare works best, while others are happy to activate SUCURI and not have to worry about total attacks blocked in a day.
The same boring thing I always say: don’t be in a hurry and always take reviews with a pinch of salt. Even mine. 😉 Go for the free/cheapest version first, try it out actively for some time over different use cases, and only then make the change.
May you have a secure and thriving WordPress deployment! 🙂