I’ve lost count the number of times I’ve had to fix hacked WordPress websites because people haven’t had any WordPress security plugins installed. They don’t know what they don’t know, right?! Either way, I’m definitely not saying that WordPress itself is insecure – it is very much secure!
Over 37% of websites built on a CMS are powered by WordPress – that’s about 1 in 3 websites now! So regardless of who you are or what your website is about, hackers love targeting WordPress sites. They see them as an “opportunity”, especially when people don’t keep the WordPress core running at the latest version. Imagine having the back door of your house closed but leaving it unlocked. Kind of pointless, right?
Well it’s time for a bit of WordPress Security 101
As you’re probably sensing, it’s important to make sure that your WordPress website is secure. The last thing you want is to get hacked! So when it comes to keeping pesky hackers at bay, making sure WordPress up to date and using these plugins is a powerful combo!
Let’s look at setting up these 3 free WordPress security plugins that I like to use on most websites.
(Please note: the setup instructions below assume that you already know how to install free plugins and activate it within the WordPress admin area.)
As the plugin name suggests, it sets up a virtual blackhole that traps bad bots that hit your website. The simplest way to explain how the plugin works is, it places a hidden link on every web page of your website. If “bad bots” access the link, they fall into the “trap” and can’t access your website anymore. If you want to read more about how it works, click here.
How to set up the basics of Blackhole
- Once installed and activated, you should see a Blackhole menu item in the left sidebar menu. Click it to go to the “Settings” page.
- You really don’t need to adjust any settings – the plugins works really well, straight out of the box.
- The only setting I tend to change is the “Enable email alerts” option. I usually turn it off as you can tend to get a lot of email notifications coming through when bots are being blocked, which is great to see!
This is a super-simple yet a power plugin that protects your website against malicious URL requests. It’s great for sites that aren’t able to use a solid .htaccess firewall. Sure, I could explain more about how this plugin works, but you can go here to read more.
How to set up the basics for BBQ
- Once installed and activated… that’s it! There’s no settings to mess around with! Like the sound of that, don’t ya?!
- However, if you want more control over the plugin’s settings, there is a premium version you can buy here.
Last but certainly not least, is my favourite WordPress security plugin, Wordfence – the most popular WordPress firewall and security scanner! There is a premium version that’s loaded with features, but the free version is perfect to get you started. Essentially Wordfence keeps your site safe with its firewall rules, malware signatures and malicious IP addresses, all consistently updated. You can read more about the free plugin here.
How to set up the basics for Wordfence
- Once installed and activated, you should see a Wordfence menu item in the left sidebar menu. Click it to go to the “Dashboard” page.
- If you haven’t accessed the Dashboard before, you may be prompted to go through a series of onscreen “Help” popups. Click Next to go through them or Close the popup to continue.
- On the Dashboard, click the Global Options widget.
- In each of the expandable options sections that you should see, feel free to go through and tweak the settings, otherwise the defaults should do just fine.
Just a heads up: I’m planning on creating a detailed tutorial of how I actually customise the Wordfence settings to my personal preferences. If this interests you, hurry me up by leaving a comment below or send me a message.
Share your thoughts
If you take the security of your WordPress site seriously, using Blackhole for Bad Bots, BBQ and Wordfence together really is a powerful combination of plugins. Keep in mind though – these 3 plugins are just one combo of security plugins that I like to use in most scenarios. So please share your thoughts on WordPress security, what combinations of plugins you use and if you can recommend anything else.