Few people in the web hosting industry have any doubt that, it is absolutely essentials to secure your WordPress installation against malware injecting bots and hackers. WordPress are often used with a host of third party plugins and themes, which punches the biggest security holes in any WordPress installation. WordPress itself becomes vulnerable if not updated regularly. Themes are the most vulnerable components in this realm. They are least updated or patched for security vulnerabilities. Sometimes incompatibility of old themes, force site owners to stick to the older versions of WordPress and plugins. In our experiences, most malware issues in WordPress sites are tracked to vulnerable or compromised WordPress themes.
The good news is that, there are hosts of powerful WordPress plugins available, which can build application layer firewalls around WordPress installations, and scan for vulnerabilities within them. We will discuss about two such freemium plugins here. We use them extensively in our hosting environment, but other are worth trying, too.
The first one is All in One WP Security and Firewall. A lot of firewall and security auditing features are available in this plugin, and the best thing about it is that, most of these nice features are available for free. This plugin can be found at
https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/. It has a convenient dashboard, with visual representation of your security status using points achieved and settings are easy to understand and configure.
Security points based score in dashboard
Easy access to critical security features from dashboard
All settings are categorized as either Basic, or Intermediate, or Advanced. You may first attempt to resolve the Basic ones, then look into Intermediate or Advanced ones. You can quickly enable and disable the plugin functionality altogether, to check its effectiveness.
Watch the following video for see this plugin in action.
Now, let us discuss about the anti-malware plugin, we use most frequently. Anti-Malware Security and Brute-Force Firewall –https://wordpress.org/plugins/gotmls/ is also another freemium plugin, and the best thing about it is that, almost all anti-malware and vulnerability features are free. Only the firewall part is premium product and is unlocked for a certain amount of donation to the plugin authors. But we don’t need the firewall part here, as it is already covered by the previous one.
The Scan Setting page
An example scan that found some threats
The Quarantine showing threats that have been fix already