6 Free WordPress Security Plugins To Keep Your Blog Secure

Table of Contents

Keeping your blog/website secure is as important as creating it. WordPress Security is an important matter and deserves equally as much attention as Search Engine Optimization. Your blog is a reflection of who you are, or what your business is, and hence, it is of utmost importance that you spend time and resources on protecting your image, or your business’ image.

Unfortunately, even after knowing the importance of keeping the blog secure, a lot of us do not pay enough attention to it. We take the security of our blog for granted, thinking that nothing will happen, and suddenly, we see our blog affected by a SQL injection attack, or DDoS attack, or brute force attack, and what not attack. We end up losing all the effort, and also our image goes down with it. But fortunately, there is a way out of this, and it is taking measures to keep your blog secure.

嗯,理论上,你可以做很多事情来保护你的博客免受攻击。你的博客容易受到不同类型的攻击,为了保证它的安全,可以改进很多方面。首先,让你的WordPress核心保持最新是让你的博客更安全的一种方式。但是,所有这些措施最终都会深入到一个方面,那就是使用正确的安全插件,以便它能够满足您保持博客安全的需要。

有趣的事实:wordpress网站平均每天被攻击44次。有些人已经编写了代码来自动化查找目标并试图破解目标的过程。这取决于你,让你的博客免受此类攻击。

但是,我们一再听说,安装太多插件会使博客速度变慢,我们应该根据需要使用更少的插件。所以问题来了,我们真的需要一个插件来保证WordPress博客的安全吗?CMS是否不够安全?好吧,让我们看看。

WordPress不够安全吗?

质疑CMS的安全级别是有道理的,因为您正在将整个业务放在CMS上。 因此,一个词的答案是肯定的,WordPress足够安全。 开发人员认为WordPress足够聪明,可以确保CMS的安全,而且每次更新都会让CMS变得更好。查找WordPress中的漏洞并非易事。但是,核心WordPress并不是创建站点的唯一代码。我们使用了很多插件,如插件、主题、外部托管等。当我们使用所有这些外部代码时,完全有可能伴随着安全漏洞。

Other than that, we might also be using easy to break passwords and usernames for our WordPress blog, which again adds one more avenue for compromise. So all in all, despite of having a secure enough WordPress core, it does not make your website completely secure.

And that is where these security plugins come into action. They work on such vulnerabilities and add an extra layer of security to your blog.

Even with all the security features that WordPress brings to the table, we can not overlook the fact that “HaCkErS aRe sMaRt“. In a recent CTF writeup I read, a person was able to perform SQL injection even when the site was protected from sqli attacks, by playing with the raw values of the MD5 function. So it is always better to be as secure as possible, and until you are not google (into which every hacker wants to break into), you will do just fine.

6 Best WordPress Security Plugins for Free

Let us now take a look at the 7 most popular (and useful) WordPress security plugins out there.

1.  Sucuri

Sucuri is probably the most popular WordPress security plugin out there. It is also rated highly in the WordPress community with the average rating being 4.4 stars out of 5. Sucuri has a pretty clean interface for its dashboard and shows all the important things you need to know, in the plugin’s dashboard.

The dashboard basically consists of Audit logs, links, iframes, and all the js scripts running on the server, and it makes sense because these are all the external codes that may contain security loopholes. Other than these, the Sucuri dashboard shows scan results, some basic information about WordPress core, and recommendations to increase the security.

虽然免费版本非常基本,但真正的价值在于购买付费版本。我建议您要么使用付费版本,要么寻找其他替代版本,因为它们提供了比免费版Sucuri更好的功能。 但是,如果你愿意花这么多钱,那么你肯定应该考虑购买Sucuri,因为它提供了一些其他人没有的独特功能。

特征

  • 恢复被黑客攻击的博客 –首先也是最重要的一点,Sucuri会照顾你的被黑客攻击的博客,如果你使用的是付费版本的插件,它会帮助你恢复博客。或者,你也可以付钱给他们来恢复你的博客。
  • CDN公司 –Sucuri提供网站加速、缓存和CDN,以便您的所有流量都通过其服务器进行过滤,恶意流量已经被绕过。
  • 基于云的防火墙 –其防火墙保护您免受各种类型的安全攻击,如DDOS、暴力、SQL注入、XSS等。
  • 修补安全漏洞 –Sucuri为遇到的漏洞提供补丁和修复。
  • 干净的UI和信息丰富的仪表板–它还提供了一个非常干净的UI,所有重要的统计数据都显示在仪表板中,如前所述。

费用

Sucuri有一个免费版本,可以使用WordPress插件选项直接安装。
付费版附带基本、专业和商业计划,每种成本分别为199美元、299美元和499美元。

2. MiniOrange的Google验证器

MiniOrange的2因素插件是WordPress存储库中另一个很好的插件。尽管它提供了许多安全选项,但它被使用(并且流行)的原因是 双因素身份验证功能。

此功能允许您为登录页面添加额外的安全层。 此功能的主要关键在于,您可以添加一组安全问题,这些问题将在用户登录时询问。 如果你没有回答这些问题,它会有一个基于OTP的验证系统让你进入,在这个系统中,OTP会显示在一个外部应用程序上,你可以下载到手机上。

在我看来,这是一个非常酷的功能,它可以保护网站免受最流行的暴力攻击,使黑客几乎无法登录,即使你使用简单的用户名或密码。

除此之外,它还提供了一个防火墙来阻止IP,限制来自特定IP的请求,并将IP列入黑名单和白名单。让我们看看这个应用程序的一些功能。

特征

  • 2因素认证– 这就是这个插件如此流行的主要原因,因为它增加了一层防止暴力攻击的安全性,并且还可以在您的密码被泄露时保护博客。
  • IP阻塞 –它允许您阻止和取消阻止IP,还可以限制来自IP的请求数。
  • 恶意软件扫描 –该插件还可以扫描您网站的主题、插件和外部代码中的漏洞,并为您提供相关报告。

最棒的是,所有这些功能都可以在免费版本中使用。所以使用免费版本绝对值得。

费用

该插件的免费版本还提供了许多良好的安全选项,并提供了三种身份验证方法。除此之外,还有一些付费版本具有更多的功能和更多的身份验证方法。

3. 字围栏

Wordfence再次成为WordPress非常流行的安全插件。它分为两部分,一部分用于防火墙和恶意软件扫描,另一部分用于登录安全。

The version for login security allows you to enable two-factor authentication, login and registration CAPTCHA, and also provides XML-RPC protection.

The version for malware scan and firewall protects from other types of attacks like DDOS attacks, or SQL injection, etc. It also protects the site by detecting existing malicious code and protecting the site from insider breaches. While the Wordfence firewall is extremely effective, it has one downside, and it has an endpoint firewall instead of a cloud firewall, which might make the requests a little slow, but according to Wordfence, it makes the site more secure, so it works both ways.

特征

  • Leaked password protection – WordFence checks from a list of breached passwords publicly available, and notifies you in case your password is among those.
  • Repairs malicious files – WordFence helps you to prevent an attack, and also recovering from an attack, by repairing malicious files.
  • Two-factor authorization – Just like other plugins, WordFence also provides TFA to protect your site from BruteForce attacks, and compromised login credentials.
  • Malware scans – This is pretty obvious, but Wordfence runs malware scans inside your codebase and notifies you in case of vulnerabilities.

费用

WordFence is available as both free and premium versions with the premium version adding more features like RealTime IP blacklist, premium support, country blocking, reputation checks etc.

The premium license is available for 99$/year.

4. All in One WP Security

All in one wp security is another great plugin that comes with a plethora of customizable options to take control of the security of your blog. It comes packed with multiple features like logging WordPress data, security audit, malware scan, and a firewall. It also has a dedicated section for database security and file system security, which are really nice.

“数据库安全性”选项允许您将DB前缀从默认值更改为其他值,以防止自动攻击。

类似地,文件系统安全选项允许您管理插件和其他用户对各种不同文件的编辑访问。这增加了另一层安全性。

它还提供垃圾邮件保护,允许您在博客评论中添加验证码,并防止机器人提交。

特征

  • 安全功能分类 –根据安全措施的工作规模以及是否可能破坏任何功能,将安全措施分为基本、中级和高级。
  • 安全点得分 –仪表板显示安全分数,您可以在其中查看当前分数,以及可达到的最大分数。
  • 关键功能状态  –它向您展示了所有基本功能,您应该在网站中使用这些功能,以实现最低级别的安全性。

费用

WordPress商店免费提供多功能一体式wp安全和防火墙

5. iThemes安全

iThemes安全性是WordPress安全插件的另一个选择,它非常整洁。它附带了30多种方法来确保您的WordPress网站不受任何威胁。

iThemes安全插件还可以记录所有用户的活动,通过启用双因素身份验证、扫描恶意软件来保护您的网站免受暴力攻击,并完成安全插件所需的所有基本和高级操作。这个插件的好处是,只需单击一下,它就会自动应用基本设置,以后可以根据需要进行更改。

特征

  • 插件扫描和404检测
  • 允许您限制登录尝试
  • 双因素身份验证
  • 扫描代码以查找恶意软件和潜在的安全威胁
  • 自动发送电子邮件警报,以防出现违规企图,或将恶意文件上载到服务器

费用

WordPress插件商店提供免费版本的iThemes security,还可以从iThemes网站以64美元/年/站点的价格购买具有其他功能的pro版本。

6. 防弹安全

老实说,防弹安保有一个非常难看的仪表盘。但只要能完成任务,这就不会给我们带来太多麻烦。它有一些很好的安全特性,允许它出现在列表中,尽管没有很好的UI。

一个好东西是安装向导,它可以在30秒内自动完成站点中所需的所有基本更改。除此之外,它还配备了恶意软件扫描器、防火墙、登录安全、数据库备份、反垃圾邮件等等。

特征

  • 一键式安装向导
  • htaccess防火墙针对XSS、RFI、LFI、CSRF、CRLF、Base64、代码注入、SQL注入的保护
  • JTC反垃圾邮件和反黑客功能适用于pro版本,此功能的精简版适用于免费版本。
  • 数据库备份、日志和表前缀更改器
  • 维护模式允许创建一个独特的即将到来的页面,在这里您的工作方式与之前相同,您的用户可以看到即将到来的页面。

费用

Bullettleof security附带了一个免费的基本版本(非常好的tbh),然后还有一个pro版本,一些附加功能的价格约为70美元

最后一句话

这是我认为足够好的6个免费安全插件。现在已经很清楚了,几乎所有的插件都提供了一些基本功能,如恶意软件扫描、防火墙保护、登录安全等。因此,有一点会有所不同,那就是你在使用插件时获得的支持,以及你的网站是否遭到黑客攻击。

In that case, premium plugins would definitely provide priority support to you. In that case, sucuri does provide you guarantee that your site will be taken care of, in case your security is breached.

Other than that, there are certain small features, which are present in some plugins, and missing in some. So you can take a look at the options, and then make a decision. If you have questions, let us know in the comments below.

About The Author
Pranshu

5 Responses

  1. Nice blog post about wordpress free security plugins. As we all know that now a days security is the most so we should be protected. Nice blog post keep the good work going.

  2. I am a WordPress developer and this blog help me more to update in terms of plugins, this blog is very useful as I can also use for my personal site, but to make visible on online its requires online marketing and proper guidance if you want to know more how to make good reach on blog and site then visit http://www.digitalmathur.com for more information.

  3. I believe that Sucuri and ithemes are the 2 best WordPress security plugins. Your list of 7 best plugins for security will help many new bloggers. Keep posting content which can help bloggers.

Comments are closed.

Need help with your business? Join our email list to receive tips and tricks to help you grow your business. 

[cp_popup display="inline" style_id="11792" step_id = "1"][/cp_popup]