security plugins

The Hack Shattering Wordpress Security Plugins Mighty Duo

Wordpress Security Plugins To Harden And Secure Wordpress Websites


Let’s get familiar with the best of the best in Wordpress security. With that said, in addressing best Wordpress security best practices there are some lessons that are really tough to learn and ensuring that you’ve hardened Wordpress shouldn’t be one of them because it’s completely avoidable.

Now of course there aren’t any guarantees, but after you familiarize yourself with some top rated Wordpress security plugins you’ll be way ahead of many others that haven’t bothered to take the time to do what you’re doing right now.. and that’s learning about how to secure Wordpress from hack attacks.

The first Wordpress security plugin that I’m going to talk about is one of the big boys out there and it’s called the All In One Wordpress Security and Firewall.

In all confidence, I can assure you that this is one of the best Wordpress security plugins that you can find online right now.

This Wordpress security plugin boasts more than 500,000 active installations. It is very popular and for good reason as well.

One of the signature features of this security plugin is the security strength meter that you are shown on the dashboard. This strength meter gives you a security score of your Wordpress website. This feature alone elevates it to uniquely being labeled one of the best Wordpress security plugins available today to compliment it’s suite of other features.

Once you’ve installed it, you’ll see where you are in terms of the strength of your security. The website that I spoke of in my last Wordpress security post was at a score of 35 out of 480 according to the strength meter before I had taken any recommendations to improve the security of that Wordpress website through this plugin.

Needless to say, that site was in bad shape prior to installing the All In One Wordpress Security and Firewall plugin.

When you activate the plugin, you’ll see several items that you’ll need to address. Among those items include the following:

  • Dashboard

  • Settings

  • User accounts

  • User registration

  • File system security

  • WHOIS lookup

  • Blacklist manager

  • Firewall

  • Brute force

  • Spam prevention

  • Scanner

  • Maintenance

  • Miscellaneous

While I won’t go into everyone one of these settings, I will address a small selection of them. So with that said, let’s start with the dashboard.

AIO Wordpress Security And Firewall Strength Meter



As you can see, there are a number of different items that are on your Wordpress security dashboard from this plugin. The only thing that I didn’t show here was the logins from which user, date and IP address.

Nevertheless, there’s a lot of good information at a glance.

You’ll also notice that there were 4 tabs at the top next to the dashboard that include, system info, locked IP addresses, permanent block list and AIOWPS logs (the plugin log files).


The next area that I want to address is the settings tab. This covers as you can imagine general settings, the .htaccess file, wp-config.php file, the WP version info and an import/export section too.

What you can do in these sections is backup your .htaccess file and wp-config.php file.

It’s good Wordpress security practice to back these up just in case for any reason something may warrant the necessity for you to go back to your default files prior to any changes made by your Wordpress security plugins.

In the WP version info, this allows you to remove the information that would state in your websites tags which version of Wordpress you’re running.

This information can be used by hackers to take advantage of vulnerabilities in Wordpress especially if you’re running an older version. This feature in this Wordpress security plugin is an option that can remove that information for every page associated with your Wordpress website.

User Account

In the user account section (remember this default feature brought the hackers knocking on my door), this allows you to change your display name and nickname. These should be different than your username. There is also a password strength meter that gauges how strong your password is as well that you’ll find useful.

AIO Wordpress Security And Firewall Strong Password Meter


With that said, I used a tool to create a password several characters long incorporating different characters and symbols that is much stronger than what I was using prior to the implementation of this Wordpress security plugin.

Database Security

Another feature that I love about this Wordpress security plugin is the database security. If you weren’t already aware, your database is probably one of the most critical components of your Wordpress website because of all the sensitive information that it contains.

The database feature allows you to change the default prefix for your Wordpress database to one of your own choosing. This helps to improve your Wordpress security. I’ve also included a more indepth document from WPBeginner that addresses this.


The last thing that I want to address with this particular plugin is in regards to the firewall. Needless to say, this is absolutely necessary to aid in building up your Wordpress hacker protection.

There are basic and advanced firewall settings essentially providing single or double layers of protection. Additionally, you can enable protection to guard against any bots that are not a trusted Googlebot as well in addition to other notably good features in the firewall section.

While I haven’t gone into every feature of this all in one Wordpress security plugin, what I can tell you is that it’s a serious plugin in the goal of securing Wordpress more exhaustively than where you were when you ran the initial installation of this CMS platform.

The other recommendation I will make for your Wordpress security is Wordfence.

This is by far one of the most popular Wordpress security plugins around. However, beyond it’s obvious popularity, it’s an effective security plugin as well. So there’s good reason for all the attention that it receives.

One feature not seen in other Wordpress security plugins is that if your site has been hacked, they have a site cleaning service that you can buy as seen below:

Wordpress Security Wordfence Site Cleaning Service


A cleaning also gets you a year of their premium subscription services as well.

Additionally, you’ll find that Wordfence protects against malware, spam backdoors, malicious code, automated bots, data mining bots, spam bots, code injectors and more.

Once you install Wordfence, one of the first things that you’ll notice on your dashboard is all the different features that are enabled.

Wordpress Security Wordfence Features Dashboard


Even with the free version, you’ll see that there’s quite a lot of protection. There’s a lot of protection not only for your individual connected Wordpress website but also from their protection for their network too.. just look at all the attacks that are prevented ! It definitely provides a high degree of confidence about their network overall.

Wordpress Security Wordfence Hacker Block Prevention


Another absolutely wonderful feature about Wordfence is their scanner. It works the same way that any internet protection software worth it’s salt would work.

There are updates every 30 days for the free version and updates in real time for the paid version. At face value there isn’t a huge discrepancy between the free and paid when you look at the threat defense feed, but there are definitely some premium options that you get that could certainly be worth it in the paid version that you don’t get as a free user.

With that said, another thing that I love about the scanner is that with respect to any issues that are found, Wordfence provides you fairly decent details about each issue giving you a level of awareness that you don’t typically get with other security packages helping you to decide from a more informed perspective whether you want to fix the issue or not.

Additionally, I think their firewall is a great compliment to the all in one security plugin (assuming you run both at the same time as I do).

You start out in learning mode so that Wordfence can “learn” your website. This helps the plugin to understand how to protect you to the fullest extent possible and this is probably how any security plugin “should work”.

Nevertheless, after a week of learning, what will happen is that the firewall automatically switches from learning mode to enable the firewall to go into full effect.

In terms of addressing Wordpress hacker protection, the learning mode is still effective but it’s effectiveness does increase once it has learned “how to protect your Wordpress website”. Learning how to improve Wordpress security for your website makes this a security plugin that stands apart from most in how it secures your CMS property.

There are many other options to configure with Wordfence but having these two plugin recommendations enabled on your website is sure to harden Wordpress far beyond the basic out of the box version when you start your Wordpress website.

Without question, there are many many more Wordpress security plugins that people may already be using, but I leave this post with these recommendations in full confidence that if you install, activate and use these security plugins that I’ve discussed here in this post today that you’ll be well protected on a very popular platform that gets targeted by hackers everyday.

Wordpress accounts for a quarter of all websites online and that makes it a valuable target for hackers. Wordpress security without any reservations when I say this… is a big deal and I hope that you’ll secure your hard work with the help of the knowledge you’ve gained here today.

Additionally, if you have any Wordpress security plugin recommendations I’d love you to leave a comment to this post or send me an email about your recommendations and experiences about what you’re currently using or have used yourself.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #security #plugins

Shellacking The Hacking A Wordpress Security Scoop

Wordpress security isn’t always the first thing that comes to mind when you think of the Wordpress platform is it ?

Let’s face it, Wordpress is pegged to be “the place” to start if you want to create a blog which means that there are different levels of knowledge that come to this platform as people begin to develop their blogs. That sounds pretty reasonable when you consider that of all the millions of blogs online that have been constructed.. nearly 25% of them exist through Wordpress.

Beyond that staggering fact.. there are the newbies, the intermediate crowd and the advanced Wordpress operators.

In reflecting on that for a moment.. which were you when you started a blog or even better yet, which are you now if you haven’t started a website just yet, but are still considering it ?

Secure Wordpress Security Hacker Protection


With that said, there is something very startling to me as I put together this post about Wordpress security. There are more than 60 million sites that use Wordpress yet there are only a few thousand searches on a monthly basis regarding the security of this platform.

Regardless of what the install stats may be, the search data still represents a huge disparity between those who operate a Wordpress website and those who want to understand hardening Wordpress to better secure it.

According to BBC News in a news post back in February 2017, one of the worst attacks in recent times for Wordpress affected more than a million pages including a massive 800,000 attacks in the same timeframe where this event occurred.

Security affects us all but how many of us intentionally think about that in the excitement of getting a domain name and using Wordpress as our CMS platform ? I can tell you that it’s not nearly as many as it should be.

It’s a scary thought to know that all the hard work you invest into putting together meaningful, substantive and helpful content can be taken away in an instant simply because the attention to implementing a Wordpress firewall or not possessing the knowledge of how to improve Wordpress security on your blog has not turned into actionable behavior by the respective owner.

And I’ve been guilty of it myself.

One of the websites that I own uses the Wordpress CMS platform and I did what most people do.

I got online and thought of a decent name for my domain and found a host and installed Wordpress. It was great.

I had my plan, I was up and running after making some tweaks once I accessed my Wordpress control panel and I started adding content right away.

I’d bet 10 to 1 that this is how most people get started with Wordpress.

Everything is in it’s neat little box ready to go for you and it’s plug & play. You don’t have to have any technical knowledge, you don’t have to know a thing about Wordpress because that’s the way it’s designed. It’s designed so that it’s easy. So easy in fact that anyone can start a blog on their platform and true to it’s name and mission, Wordpress lives up to that.

Beyond changing some minor things like how my posts would look, the theme, the look and feel of my dashboard and adding a couple plugins I didn’t do much more in the way of customization.

After more than a 100 posts, I started getting warnings and warnings from my hosting provider that there were multiple attacks being made on my Wordpress website.

Of course, I wasn’t sure what prompted this out of nowhere and I didn’t have a clue as to how I got so lucky as to warrant the attention of hackers ? (just being sarcastic folks).

However, what I came to quickly realize was that in terms of Wordpress security best practices, I was doing it all wrong and was literally raising red flags all over my website that said, hey ! hack me.. I’m vulnerable.

How To Improve Wordpress Security Lessons


Before this, as foolish as I feel about the admission, I really didn’t know anything about how to improve Wordpress security on my blog on the Wordpress platform. I hadn’t even heard of a Wordpress firewall before or had any familiarity with Wordpress security plugins either.

However, was there really a need for me to know ?

I already knew that Wordpress had it’s own basic security so I hadn’t put much thought into beefing it up beyond what it was already equipped with. I could venture to say arbitrarily that maybe 1/16th of Wordpress owners think.. hmmm… what do I need to do to harden Wordpress so I can keep hackers out. It’s just not a common thought that crosses most owners minds with respect to this particular CMS platform and I was surely no exception.

Needless to say I discovered that even beyond my own mistakes, there are definitive Wordpress security issues right out of the box that make you an easy target for hackers if you aren’t aware of what needs to be changed and what you need to do to send a definitive message of, hey.. messing with me is like trying to walk through a brick wall.. it’s not happening here !

I ended up getting attacked several times for several reasons:

  • username was in my url slug (Wordpress uses this as the author url slug by default)

  • no Wordpress firewall

  • no Wordpress security plugin

  • same names used across the site

  • no Wordpress security lockdown

  • no captcha system in place

  • too many settings left the same that were automatically set by Wordpress

  • no bruteforce protections

  • no spam protection

  • no malware protection

Considering everything I was missing that contributed to the constant attacks, it goes without saying that Wordpress security is a very big deal and I was in a heap of trouble if I didn’t do something about this quick.

As I mentioned in one of the bulletpoints above about the username being in my url, let me clarify that further as to why that was such a problem.

Here’s why this is so significant. Wordpress does publish the username in the author slug by default when you start to use the platform and for hackers this is golden.

Your username in your url slug gives hackers HALF of your login credentials. The only thing left for hackers to do from there is guess your password. This can be achieved by a brute force login attack which means they are just going to keep guessing your password until they guess correctly and eventually get access to your website and ultimately take it over.

Once I discovered I was getting attacked, I did some research and found some great tools (e.g. Wordpress security plugins) to put a dramatic halt to this nonsense.

You can read here about my top Wordpress security plugin recommendations to protect your blog from hack attacks.

For the website that I own that I referenced in this post, I went from a thin sheet of paper like protection to a deep brick wall of protection. It was very enlightening to know just how poor my protection was and what it takes to drastically improve it so that I could safeguard my content and hard work from the dangerous attacks from hackers.

Securing Wordpress secures your work and your livelihood. Understanding Wordpress hacker protection is probably the best thing that you can do for your website once you’ve become a Wordpress website owner.

My mistakes may be embarrassing, but the lesson learned was invaluable and hopefully it will also steer you in a direction to employ Wordpress hacker protection for your own Wordpress properties. As I mentioned before, you can read here about my Wordpress security plugin recommendations that I used and found to be extremely helpful in securing Wordpress in a way that I hadn’t thought was possible before.

Thanks for reading. If you liked the post, please use the share buttons below.

#candidwriter #wordpress #security