I’ve used a number of different security plugins for my WordPress sites. Often 3 or 4 different plugins to block different security issues. Recently though, I’ve started using a plugin called the All in One WP Security and Firewall plugin, and I am impressed. I am using it together with Stop Spammers plugin, which I also like a lot, and the two together seem to behave quite well. The All in One Security and Firewall plugin acts as a firewall, spam blocker and much more. I recorded a video to explain how to set it up.
WARNING: Before you start applying the various security measures offered by this plugin, backup your htaccess file, WordPress database AND wp-config.php files. The plugin offers an easy way to back these up.
One security plugin I have used up until now, effectively stopped visitors/hackers from accessing the WP-Admin folder. That’s great if your site does not use AJAX, since it’s located in the WP-Admin folder. However, a lot of themes and plugins do use AJAX these days, so blocking that folder is not actually such a good idea. The All in One security plugin actually has this covered though. All round, this plugin gets a big thumbs up for me.
Other plugins I used in the past, but no longer do because this All in One Security Plugin replaces them include:
- WordFence (this is an excellent security plugin and if it is working OK on your site, I recommend you keep using WordFence instead).
- WP-Copy Protect
What security plugin(s) do you use?