3 WordPress Security Plugins to Keep Your Website Safe from Hackers

by Geoff Franklin
WordPress
3 Comments

I’ve lost count the number of times I’ve had to fix hacked WordPress websites because people haven’t had any WordPress security plugins installed. They don’t know what they don’t know, right?! Either way, I’m definitely not saying that WordPress itself is insecure – it is very much secure!

Over 37% of websites built on a CMS are powered by WordPress – that’s about 1 in 3 websites now! So regardless of who you are or what your website is about, hackers love targeting WordPress sites. They see them as an “opportunity”, especially when people don’t keep the WordPress core running at the latest version. Imagine having the back door of your house closed but leaving it unlocked. Kind of pointless, right?

Well it’s time for a bit of WordPress Security 101

As you’re probably sensing, it’s important to make sure that your WordPress website is secure. The last thing you want is to get hacked! So when it comes to keeping pesky hackers at bay, making sure WordPress up to date and using these plugins is a powerful combo!

Let’s look at setting up these 3 free WordPress security plugins that I like to use on most websites.

(Please note: the setup instructions below assume that you already know how to install free plugins and activate it within the WordPress admin area.)

1. Blackhole for Bad Bots

As the plugin name suggests, it sets up a virtual blackhole that traps bad bots that hit your website. The simplest way to explain how the plugin works is, it places a hidden link on every web page of your website. If “bad bots” access the link, they fall into the “trap” and can’t access your website anymore. If you want to read more about how it works, click here.

How to set up the basics of Blackhole

Once installed and activated, you should see a Blackhole menu item in the left sidebar menu. Click it to go to the “Settings” page.
You really don’t need to adjust any settings – the plugins works really well, straight out of the box.
The only setting I tend to change is the “Enable email alerts” option. I usually turn it off as you can tend to get a lot of email notifications coming through when bots are being blocked, which is great to see!

2. BBQ: Block Bad Queries

This is a super-simple yet a power plugin that protects your website against malicious URL requests. It’s great for sites that aren’t able to use a solid .htaccess firewall. Sure, I could explain more about how this plugin works, but you can go here to read more.

How to set up the basics for BBQ

Once installed and activated… that’s it! There’s no settings to mess around with! Like the sound of that, don’t ya?!
However, if you want more control over the plugin’s settings, there is a premium version you can buy here.

3. Wordfence Security – Firewall & Malware Scan

Last but certainly not least, is my favourite WordPress security plugin, Wordfence – the most popular WordPress firewall and security scanner! There is a premium version that’s loaded with features, but the free version is perfect to get you started. Essentially Wordfence keeps your site safe with its firewall rules, malware signatures and malicious IP addresses, all consistently updated. You can read more about the free plugin here.

How to set up the basics for Wordfence

Once installed and activated, you should see a Wordfence menu item in the left sidebar menu. Click it to go to the “Dashboard” page.
If you haven’t accessed the Dashboard before, you may be prompted to go through a series of onscreen “Help” popups. Click Next to go through them or Close the popup to continue.
On the Dashboard, click the Global Options widget.
In each of the expandable options sections that you should see, feel free to go through and tweak the settings, otherwise the defaults should do just fine.

Just a heads up: I’m planning on creating a detailed tutorial of how I actually customise the Wordfence settings to my personal preferences. If this interests you, hurry me up by leaving a comment below or send me a message.

Share your thoughts

If you take the security of your WordPress site seriously, using Blackhole for Bad Bots, BBQ and Wordfence together really is a powerful combination of plugins. Keep in mind though – these 3 plugins are just one combo of security plugins that I like to use in most scenarios. So please share your thoughts on WordPress security, what combinations of plugins you use and if you can recommend anything else.

Custom Redirect After Login for User “Groups” in WordPress

The Problem If you’re using the Groups plugin to set up and manage groups of users within WordPress, the plugin’s documentation for setting up a

Reset menu_order of WooCommerce products in phpMyAdmin

The Problem At the time of writing this post, there has never been a native feature within WooCommerce that allows you to reset the ordering

Danial Wilson says:

July 31, 2018 at 1:51 pm

I would like to suggest one plugin related to security which is User Blocker – WordPress Plugin. This is a free WordPress security plugin that provides the ability to block or unblock user accounts quickly and effortlessly. It has several features such as block user, role based block user, customizable message, etc.

Reply
William Sergio Minozzi says:

December 3, 2019 at 4:02 am

Hi,

I created the free WordPress plugin StopBadBots to block bad bots.
You can download it on WordPress repository:
https://wordpress.org/plugins/stopbadbots/

Cheers,
Bill
Plugin Developer

Reply
1. Geoff Franklin says:
  
  April 10, 2020 at 3:53 pm
  
  Thanks for sharing your plugin Bill! I’ve never used it before, but it looks like a good one 🙂
  
  Reply