Most web hosting providers setup elaborate security measures to ensure that WordPress websites are given utmost security so that they don’t become a tool or a target for attackers. Web Application Firewalls, SPI Firewalls, Malware scanners and many other restrictions are applied to servers to ensure that WordPress doesn’t become a cause of concern for online security. Despite this, many website owners prefer to control their own security and install tools and plugins to work with WordPress and enhance the security. Some popular plugins which help WordPress website become more secure are pretty simple plugins with simple functionality. There are many more comprehensive security plugins which offer all round protection for your website, but some people just prefer the piece-meal options. This article does not deal with comprehensive firewall systems for WordPress. This article aims to highlight some small but powerful tools to keep your WordPress website secure.
This is one of the most simple plugins available in WordPress which simply renames the login page to a custom URL. This helps to prevent hackers from brute-forcing or guessing passwords on the login page. This plugin can also be used to make a more memorable login page link, something like domain.com/login or domain.com/signin. Although this plugin is no longer maintained, it still remains extremely popular. There are also other logins with different names but similar functionality, but this one is the simplest and easiest to use. This plugin doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, except by your custom URL.
Another interesting brute-force prevention plugin is “Limit Login Attempts”. As the name suggests, it blocks multiple failed login attempts for the same user or same IP Address. This way only legitimate users will be able to login. The limit login attempts plugin adds the failed users to a blacklist and bans their IP address from the login page for a certain amount of time which you can set. Certain Auto-installer software like Softaculous allow you to install the plugin along with the initial WordPress installation as a bundle.
This plugin comes from security experts who have a good understanding about WordPress security. It consists of many features which ensure the all round security of your website. Firstly, it offers activity monitoring. Second it offers File Integrity Monitoring. Thirdly it scans for Malware. Among other notable features is the Post-Hack Security Actions, which provides some emergency action to respond to a website compromise. The plugin also offers security advice and provides uptodate security notifications when a WordPress update or upgrade is available.
As the name suggests, this plugin “protects your website against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing eval(, base64_, and excessively long request-strings. The BBQ script is available as a plugin for WordPress or as a standalone script for a PHP based website. This plugin also offers the ability of whitelisting or blacklisting custom query strings, by the use of a related blacklist-whitelist plugin.