Application security

Introduction – An Overview of WordPress Security Plugins

November 11, 2017 by Mahwish Khan

This platform was founded back in May 27, 2003, and the entity primarily responsible for its research/development and continued growth is that of the Word Press Foundation. It is important to note that is an Open Source Platform.

This just means, as opposed to a Closed Source Platform, it is free to use. You can just simply download the package, and customize it to fit your website or blogging needs.

Because of its Open Source Platform, and its high levels of ease of use and scalability, Word Press remains of the most popular packages in the creation of websites and blog sites. Consider some of these statistics:

  1. It is used by almost 30% of the top 10 million websites worldwide;
  2. It supports more than 60,000,000+ websites;
  3. It can be used for other applications as well, such as the creation and implementation of Pervasive Display Systems (aka PDSs).

The Top 8 Benefits of Using Word Press

As described, since Word Press was initially founded upon an Open Source Platform, it brings some critical benefits to the end user (whether it is an individual or business entity). These can be described as follows:

  1. Its strong level of Ease of Use:

    The interface is very easy to use and is also very intuitive as well. One can add new pages, images, etc. in just a matter of seconds. Also, formatting of the web pages or the blog site can be done very easily as well. You do not need to know HTML, and you also don’t need any FTP software (the use of this can pose a Security threat, as all information and data is sent to the server via plaintext).

  2. You can manage your website at anywhere you are in the world:

    The main Control Panel is all web browser based. Meaning, if you have an idea for your website in the wee hours of the early morning, you quickly log in and implement those ideas provided you have a good Internet connection.

  3. It is very SEO friendly:

    One of the biggest goals of website and/or blog site creation is to make sure that you ranked on the first page of Google or any other search engine. If you were to do this manually, it can take quite a long time to figure out the right keywords and meta tags to use. However, by using Word Press, this is all automated. In other words, it tells you directly what keywords you need to use to get a high ranking in the major search engines.

  4. You have control over your website:

    By using the Word Press platform, you can create your website or blog site in a way that promotes your brand and image the way you want to so that you stand out in front of your customers. There are thousands upon thousands of design themes that you can pick from and use.

  5. It already has a built-in blog:

    Once you have installed Word Press, you have a blogging platform that is all set to go. You do not need to know HTML or any other programming language to get it up and running. It already comes loaded with RSS features, E-Mail subscription functionalities, commenting capabilities, etc.

  6. You can have multiple users:

    Once you download Word Press onto your hosting platform, you own it. In other words, you become the Admin of it, and with that, you have superuser privileges. This simply means that you can add any other users you want to contribute to your website or blog site.

  7. Help is just one click away:

    Just because Word Press is Open Source, it does not mean you cannot get help or support when you get stuck. As mentioned, it is one of the top CMSs used worldwide, and there are thousands of programmers, software developers, designers, etc. you can contact via E-Mail or an online forum.

  8. You can extend the functionality of your website:

    If you want to keep your website ahead of your competition, you can very easily increase its functionality by making use of “plugins.” These are apps which you can download, install, deploy, and customize very easily on your website. At present, there are well over 48,000 free plugins that you can use.

There are also numerous plugins that you can use to secure your website or blog site, and these are reviewed in the next section.

The Security Plugins of Word Press


Since Word Press is Open Source Platform, the Security features that come with it are also Open Source based. The primary advantages to this are that these plugins are constantly evolving, and you can pick out the ones that you think will best protect your website, blog site, or even your online store.

There are many of these kinds of plugins that are out there, which is evident by doing a Google search. If you are new to Word Press are not exactly sure of what to use, you can always reach out to a developer or other contact via the forum and discussion boards.

The goal of this section is to examine in a little bit more detail one of the more popular Security plugins for Word Press: Defender. Of course, we will examine a few more in the next article about Word Press.

The Defender plug is deemed to offer a layered Security approach to fortifying your site. This simply means that instead of offering just one line of defense, it offers multiple defenses, which makes this a more sought-after Security tool than when compared to the others. For example, in just a matter of a few minutes and clicks, the Defender uses what is known in Security circles as a “Hardening Approach,” which includes the following which is specific to Word Press:

  1. Blocking Hackers from reaching the:
  • The File Editor;
  • Database prefixes;
  • Error reporting tools;
  • Security keys.
  1. Running File Scans:

    You can run free scans of the source code which is at the heart of your site. The Defender will then compare this to what is found in its own directory, and report back any discrepancies that it has found. From that point, it is then up to you if you want to restore the older version of the source code.

  2. Make use of Google 2-Factor Verification:

    By using the Defender, you can now protect your site not only with your password but with your phone as well.

  3. The IP Blacklist:

    The Defender will allow you to block any suspicious IP addresses that are coming into your site, as well as set and establish lockouts. You can also block certain geographic regions from seeing your site as well. You can also block and lock out users after a certain amount of login attempts, as this is a signal of trying to guess a password.

  4. The 404 Limiter:

    This functionality of Defender lets you know when bots are being used to scan your site. The Defender will detect them and automatically shut them down.

  5. Easy to understand reports:

    The Defender will automatically run Security reports that matter to you and your business needs.


Automate is a very simple plugin but it performs two essential tasks for your WordPress site:

  1. Updates your WordPress core files, themes, and plugins
  2. It runs scheduled backups

If you manage several WordPress sites, it can be difficult to keep on track with all the updates. If you want to keep your WordPress site secure, keeping up to date with the latest themes and plugins is essential. That is what makes automate so good; you will never have to worry about performing a manual update because it does it automatically.

Before the plugin does anything, it safely backs up your site so if any issues are found you can restore it.

Automate is user-friendly, it is more geared towards expert WordPress users but because it is so simple to use beginners can also benefit from it.

WP Antivirus Site Protection

This WordPress plugin performs an in-depth scan of all of your website files. It detects hidden links, spyware, adware, fraud tools, worms, Trojan horses, rootkits, and backdoors. The virus database is updated every day, and any hidden threats are displayed in the WordPress admin area, they are also sent to you by email.

The WP Antivirus Site Protection is a fantastic plugin with some great features. It is easy to use and suits any user level from beginner to expert.


VaultPress is a premium security plug-in, there are two packages, you can either pay for Security or Backup, or you can get both. The security package costs $299 for the year or $29 per month. The backup package costs $99 for the year or $9 per month.

VaultPress is probably one of the most effective WordPress plugins because it is made by Automatic who made WordPress. It provides a simple method of backing up your site daily and syncing the content on your site. The service automatically scans for threats and removes them without you having to do anything extra. This is great especially if you are a beginner and haven’t quite got the hang of using security features.

WP Security Ninja

This is a super-fast plugin, and it quickly scans your website for threats, doing so in under 60 seconds. It will then provide you with all the security risks as well as a detailed description of the problem and the steps you can take to get rid of them.

This plugin is extremely user-friendly, all you must do is select “Scan now,” and everything is done for you. The plugin will run more than fifty different security tests to enhance the security of your site. It will also protect you against “script kiddies.” If you plan on getting the premium feature for this plugin, you will get features such as a scheduled scanner, events logger, auto fixer, malware scanner and a core scanner.

Overall, the WP Security Ninja is a very fast plugin with some good features that are going to keep your site safe from the majority of threats.

Clef Two-Factor Authentication

This is a unique plugin that allows you to login to your WordPress site through your phone. When the app is open, position it in front of your WordPress login screen and line the patterns up on both devices. Once they detect one another, you can gain access to your WordPress site. This is excellent for people who find it difficult to remember passwords, or simply want to enhance their login security.

This is a free service, but you can also pay for a premium service. The mobile app is available for Android and IOS.

Google Authenticator

This plugin uses a two-factor authentication for logging onto a WordPress site. As well as entering your username and password, it also requires another form of authentication such as a mobile app, a voice call or a text. The plugin also protects security keys that have been plugged into the USB port.

This plugin is user-friendly, but the features are limited.

Acunetix WP Security

Acunetix provides a free solution to any security issues you may be having with WordPress, but it comes with an extensive list of tools. Once it has been activated, the plugin will begin to search for any vulnerable areas in your site. If it discovers that the security of your site might be compromised, it will lead you to the problematic areas. The plugin will also give you advice as to what you can do to resolve the issues and the additional security measures you can take to make your website safe. The plugin will assist you in several areas such as:

  • Incorporating file permission for data protection
  • Change your password
  • Hide the version of WordPress you are currently using

Anyone can use this security plugin; the instructions are straightforward. Considering that it is free, it gets the job done; I would recommend Acunetix WP security to WordPress users.

BulletProof Security

The three major areas covered by this plugin are database, login and firewall security. The setup process is simple all it takes is the click of one button. If you are using more advanced features, there is a manual containing more specific instructions. For website speed and maintenance, the plugin has an .htaccess security filter which scans for nuisance and malicious attack patterns. This is another free service, it does protect your website but again, if you are looking for something a bit more advanced BulletProof is not advisable.

Brute Force Login Protection

There isn’t much to say about this Word press plugin, it only has one feature, and that is to protect against brute force attacks. It will block an IP address for a certain period if it logs in with the wrong username and password too many times. The plugin is simple to install and easy to use making it great for beginners. However, if you are looking for something with more features, Brute Force Login protection is not what you need.


Overall, this article provided an overview of what Word Press is, and what some its key advantages are. Remember, its free and easy to install and configure. It is an Open Source Platform, so if you need help, you are not stuck waiting for support. Since it is such a popular package, there are millions of experienced people using, so you should not be stuck for long.

We also started to examine the Security plugins which are available for Word Press, by providing an overview into Defender, which is one of the more popular tools used. It offers a multi-layered approach to protecting your site. Other plugins were also reviewed, all of which are both powerful and useful as well, depending on your needs.

Our next article will examine some of the other Security plugins which are available for WordPress.


Posted: November 11, 2017
Mahwish Khan
View Profile

Mahwish Khan is a Pharm-D graduate from The University of Faisalabad. She is experienced in technical writing. She currently works for a university as a technical trainer and documentation specialist. In the past, she has taught university writing courses and worked in two university writing centers, both as a consultant and administrator.