September 27th, 2016 in Updates, Website security

The Top Ten WordPress Security Plugins for 2016

WordPress has arguably revolutionised the way in which we design, build and manage our websites – it’s made things so much easier!  As experienced web designers, WordPress is one of our favourite platforms not only for the sheer amount of flexibility that comes as standard, but also for the way in which users can join in on adding and enhancing content long after the initial design and creation process has been completed.  As it goes, WordPress is arguably one of the premier platforms for blogging and the like, and as such remains highly recommended even in 2016.

However, WordPress security should always be optimised – with every web design and hosting platform comes concerns with security – unfortunately, no matter how intuitive nor safe a platform may seem, there will always be an opportunity for hackers to gain access to your data and your sensitive information despite safeguarding to the best of your ability.  Essentially, while there is much that you can do to prevent the worst case scenario from happening, there is much that you can do with WordPress to ensure that your website and/or blog posts are kept protected and away from the wrong hands as much as physically possible.

Infographic keeping your wordpress website secure

To use this on your website, copy this code – <a href=""><img src=""></a>

Thanks to WordPress’ intuitive design and focus on plugins and add-ons, upgrading your security is just as simple as managing, editing and publishing your website and blogs.  Anyone with more than a basic understanding of how to manage WordPress will already likely be familiar with various plugins that can be used to enhance the user experience as well as enable you to track how your website is performing on a closer basis.  However, what many may not know is that there are more than a few WordPress security plugins out there which all aim to offer you optimum security and safety while publishing.

But what truly separates one WordPress security plugin from another?  Often, it can be difficult to see the wood for the trees when there is so much to choose from – therefore, if you’re considering using WordPress to your advantage for your blog or website, there really has been no better time to consider some of the best options available for your website through this user-friendly and increasingly popular service.  Here are some of our favourites – and ones we swear by when setting up our clients’ pages (and even our own)!

The Top Ten WordPress Security Plugins for 2016


wordpress sucuri plugin featuresSucuri Security
Of all the plugins available for WordPress right now, Sucuri is one of our absolute favourites – and it’s one that we trust enough to utilise on our own website!  Sucuri acts rather like a monitoring system for your website, actively ready to sniff out any suspicious activity or content that may harm your data.

Sucuri’s monitoring service is arguably its biggest selling point, actively working on your behalf to take note of anything amiss and notifying you as soon as it occurs.  While it can be entrusted to keep a close eye on proceedings so you don’t have to, it can even be trusted to analyse file integrity and has firewall and blacklisting support for added assistance.  We feel it’s one of the fastest and most under-rated security scanners available in the WordPress security plugin library, and as such we highly recommend it to any clients we work with – if only so it may act as a guard dog of sorts while you go about your regular website activities.

However, Sucuri may not be the best choice for novice users, as it can require some knowledge of file intricacies and coding in order for you to get the best out of the service.

Wordpress wordfence plugin featuresWordFence

WordFence is a hugely popular WordPress security plugin, and it’s not hard to understand why.  While it too provides a scanning service that Sucuri boasts, its main claim to fame is in its particular ability to stop worms and trojans right at the door – offering a particularly robust and easy-to-use firewall system that really works at keeping you and your data safe from any would-be intruders.

What also sets WordFence apart from the pack is its two-step authentication process, which will ensure that anyone likely to try and gain access to your WordPress site will need to do so by accessing a mobile phone – one which you, of course, should have on your person.  It’s also particularly good in its defence against the Heartbleed bug, which still continues to plague a number of unsecure websites to this day.

One drawback of WordFence is that you don’t necessarily get access to all of its efficient and intuitive scanning features unless you wish to upgrade to premium – meaning that while it may be a reliable and effective platform for managing and implementing security for your website, it may not be as cost-effective – especially while some other WordPress security plugins can do similar work on your behalf for free.

All in one wordpress security features

All-in-One WP Security and Firewall

As the name suggests, All-in-One aims to really run the gamut on what a security plugin should provide to its users.  It’s specifically designed and provided to users who may not have the advanced knowledge necessary to run more in-depth analytical programs such as Sucuri, and therefore can be considered one of the best entry-level WordPress security options on the market.

Notable features include an IP blocking facility, malicious script identification and a simple but effective backup and restore system – which can be used as easily as with just one click.  As a result of its ease of use, it’s regarded as one of the most popular security plugins available – though it may not offer the breadth and complexity of some plugins which may require premium upgrades.



bulletproof wordpress security plugin features

Bulletproof may be less well-known than All-in-One, but it’s still mighty effective.  The major plus points in Bulletproof’s corner are in its sheer speed and ease of use – it’s incredibly easy to set up and aims to make the running of your website as quick and as simple as possible.

The main selling point in Bulletproof’s favour lies within its ability to hunt down and stop malicious scripts from being run quicker than many other WordPress security plugins on this list – this is as a result of its useful .htaccess security system, which aims to stop malicious attacks from getting anywhere near your website.  Certainly, it’s a proactive little piece of kit which has picked up a lot of fans in recent times.

Bulletproof is another plugin which boasts full features behind a paid premium service – reporting and more detailed analysis is largely available to premium users, however, its speedy set-up wizard and effective protection are available for free as standard, making it a great choice for anyone looking to secure their WordPress site.

Infographic reasons to have wordpress security

To use this on your website, copy this code – <a href=""><img src=""></a>


iThemes wordpress security plugin features
iThemes is one of the more customisable WordPress security plugins on our list, and as a result is highly regarded by novice users and experts alike.  It boasts over thirty different protection options for your website, and allows for incredibly easy security maintenance through the introduction of an appealing and easy-to-use checklist function – allowing you to learn the basics of website security one step at a time.  Certainly, iThemes is one of the better options for WordPress users and developers who are just starting out and who would like a little guidance in finding an effective safeguard.

iThemes also focuses heavily upon user security in that it will actively encourage users to employ secure passwords – and it will also advise users if any code has been edited without their knowledge.  It even helps to protect SEO by actively advising website developers of breaks in the website or blank pages – meaning that you are always switched on to any problems that may be arising without your knowledge.

WP Antivirus Site Protection

WP Antivirus site protection plugin features

While other plugins on our list may offer intuitive ways to monitor for and prevent attacks on your website, WP Antivirus actively offers a deep cleaning of your files and pages to ensure that nothing malicious is lurking beneath the surface.  Certainly, it can be compared to PC antivirus software, in that it can be activated to scan, search and quarantine viruses and worms that are likely pose more than a minor threat to the running of your website and to the data that you hold within.

WP Antivirus also identifies files that are unnecessary, and any changes that have been made which may be detrimental to your running of your website.  Therefore, as plugins go, it’s one of the most dedicated and intense cleaners on the market.  On the other hand, if you are looking for more of a guard dog and less of a doctor, you may do well shopping elsewhere – or running the application alongside one of the other WordPress security plugins on our list.

Clef Two-Factor Authentication

Clef two factor login plugin features

If passwords are a problem, Clef offers a superb and unique way to help logging in become more secure.  Unlike other plugins on this list, it may not offer scanning nor any way to detect problems, but it immediately cuts down the worry of anyone else gaining access to your website by ensuring that you always have a unique way of logging in – and Clef’s way of employing such a strategy comes about as a result of its own dedicated app, available on smartphones.

Clef enables users to scan their phones across their computer screens to gain access, and even allows encrypted keys to be uniquely stored on your handheld device – making logging in all the more simple and all the more secure.  The only person that will have access to your website through such login security should be you – and with two-step authentication widely being recommended to anyone and everyone, this is a WordPress security plugin and app that you really can afford to download.  It’s available for free, but does have premium features locked away for a price.

Google Authenticator

Google authenticator features

Google Authenticator is a very similar option in WordPress security to Clef in that it promotes the two-step model, and while it doesn’t offer the unique login opportunities that Clef’s app thrives upon, it still aims to make logging in through two methods extremely easy.  Google’s two-step authentication is famously simple, and the same principle is offered here – simply offer your credentials, receive a phone call or text, and you’re away – and there’s even room for USB keys, too.

Google Authenticator will also encourage logging in from similar devices, meaning that it won’t ask you to jump through the same hoops again and again if you need to login in at a later time.  It will, however, expect any would-be hackers to jump these hoops and to discourage any chance of anyone bar you from accessing your website’s dashboard.

Brute force login protection plugin featuresBrute Force Login Protection

BFLP, out of all of the plugins on our list, keeps things the most simple.  What’s the easiest way to attempt to gain access to a user account?  It’s likely that trying to guess username and password combinations will be up there – and while some websites will allow you to guess endlessly, BFLP will protect against ‘brute force’ attacks by limiting login attempts, blocking IP addresses and providing administrators with a detailed list of attempted hackers.  Certainly, while it may be a fairly low-intensity plugin with little other features than those it advertises, it’s a great free ally to place at your front gate, and works especially well with some of the most intensive WordPress security applications on our list.


vaultpress wordpress featuresUnlike other plugins on our list, VaultPress is only available at a cost – but there is a perfectly good reason for this.  It’s a plugin that has been designed and developed by experts who are responsible for WordPress itself, making it one of the most effective and dedicated security scanners and backup services available for download.  Certainly, if you are concerned about quality assurance, VaultPress may be your best port of call.

VaultPress offers real-time security scanning and backup services which enable you to effectively run your website without having to lift a figure to make security arrangements.  Certainly, it’s one of the handiest allies to have in the fight against hacking – but if you are keen to find a free option that offers similar results, there are some great WordPress security alternatives discussed earlier in this list.

The WordPress security plugins you use should actively demonstrate how serious you are about protecting your website, your information and your visitors – and while you may wish to use only one, or a combination of the above, we can genuinely vouch for each and every one of the plugins we’ve discussed to be effective guardians against would-be hackers, viruses and other threats.

More Resources:

For more information on our WordPress development services and on how we can help to build you a safe, secure and effective website, call us at SEO CoPilot today on 01246 540869.