Plugin 1: WordFence Security
Features:
- Uses the Falcon Engine to dramatically boost site speed.
- Blocks unknown attackers in real time.
- Employs two-factor authentication (password + phone verification).
- Built-in firewall to prevent common security threats like malicious scans.
- Can restore maliciously modified files.
- Scans for backdoors and vulnerabilities.
- Monitors DNS security to prevent unauthorized DNS modifications.
Plugin download page: https://wordpress.org/plugins/wordfence
Plugin 2: Exploit Scanner
Features:
- Detects malicious code on your site.
- Identifies exploitable vulnerabilities.
- Checks database table security.
Plugin download page: https://wordpress.org/plugins/exploit-scanner
Plugin 3: Sucuri Security - Auditing
Features:
- Security activity auditing.
- File integrity monitoring.
- Remote malware scanning.
- Blacklist monitoring.
- Effective security hardening features.
- Security activity notifications.
- Website firewall.
Plugin download page: https://wordpress.org/plugins/sucuri-scanner
Plugin 4: Bluetrait Event Viewer (BTEV)
Features: Monitors the following actions:
- Password resets.
- User deletions.
- Site logins.
- Site logouts.
- Profile updates.
- Attachment uploads.
- User registrations.
- Theme switches.
- Comment submissions.
- Monitoring of other installed plugins.
Plugin download page: https://wordpress.org/plugins/bluetrait-event-viewer
Plugin 5: WordPress File Monitor Plus
Features:
- Monitors file system changes including additions, deletions, and modifications.
- Sends change notifications via email.
- Can monitor changes based on hash values, timestamps, and file types.
- Runs external scheduled tasks without impacting site performance.
Plugin download page: https://wordpress.org/plugins/wordpress-file-monitor-plus
Plugin 6: AskApache Password Protect
Features:
- Uses built-in Apache server security levels to effectively prevent malicious attacks.
- Effectively blocks spam and other malicious requests, saving CPU, memory, and database resources.
- Can encrypt
wp-adminfiles to protect the WordPress admin directory.
Plugin download page: https://wordpress.org/plugins/askapache-password-protect
Plugin 7: Sucuri Security - Website Firewall
Features:
- Filters all traffic, screening out security threats.
- Applies security patches.
- Virtual security hardening.
- Prevents XSS attacks.
- Prevents SQL injection attacks.
- Prevents RFI/LFI attacks.
- Prevents RCE attacks.
- Advanced security access control.
- Performance optimization features.
Plugin download page: https://wordpress.org/plugins/sucuri-cloudproxy-waf
Plugin 8: WordPress Sentinel
Features:
- Detects whether WordPress core files (including core, themes, and plugins) have been modified.
- Periodically checks and notifies administrators of modified files.
Plugin download page: https://wordpress.org/plugins/wordpress-sentinel
Plugin 9: Login Lockdown
Features:
- Limits the number of failed login attempts from the same IP within a short period, preventing brute-force password attacks.
- Administrators can manually unblock banned IPs from the backend.
Plugin download page: https://wordpress.org/plugins/login-lockdown
Plugin 10: WP Database Backup
Features:
- Manual/automatic backup and restoration of the WordPress database, enabling quick recovery when issues arise.
- Store backups in secure locations such as Dropbox, FTP, Email, etc.
Plugin download page: https://wordpress.org/plugins/wp-database-backup