I created a website for a friend it is about his private server website. It is a MMORPG server and he asked me to create the website using WordPress and that includes the forum, I won’t be naming the website but yesterday he contacted me saying his website is down. I was wondering why it happened the website is hosted in hostwinds a hosting company that I trusted for a very long time because of the good service they provide.
Upon checking the cpanel of the account it turns out the physical memory was 100% and it is so strange since the website is not that huge therefor when I check the traffic there is a huge spike in the last 24 hours and it made the website very slow and sometimes down for a good minute or two. I was able to mitigate some traffic by temporarily transferring the hosting of the website to one of the server I own so that I can work on the website.
Here are the 3 best security plugin for wordpress website that I used to my friends website:
- Wordfence :The most popular wordpress firewall & security scanner the plugin will block malicious traffic to your website which will come handy if the attacker is going to use several methods trying to send huge amount of traffic to your website. Upon activating it you don’t need to make changes to the plugin option unless you know what you are doing or you subscribe to wordfence premium which will profide a real-time firewall rule since the free version is delayed by 30 days. You can run a scan to your website for malware too if needs be.
- iThemes Security (formerly Better WP Security) : I like adding ithemes security plugin to the website to add more layer of security. Many will argue that wordfence is enough but for me you also need ithemes security plugin specially when you want to remove WordPress traces to your website , I mean a visitor won’t see any sign that the website is built via wordpress even if they will check the inspect element of the browser. Good option of the plugin is you can easily change the login url of your website so instead of /wp-admin or /wp-login you can change it to something else. Integrating captcha to login forms or comment form can be easily done with the plugin too.
- Sucuri Security : Sucuri is known for malware scanner that you can use whenever you visit the website. I used it to my friends site checking if there is a malicious file or if the website is hacked , some may argue that I can do it with wordfence but I feel safe if I do it both with Wordfence and Sucuri.
So there you have it the 3 security plugins that I can recommend to make sure your WordPress website will be secure.