WordPress is undoubtedly the most popular content management system in the world. With over 28 million websites using the platform and thousands of free or premium WordPress themes and plugins available to meet every conceivable requirement, it can cope with just about any kind of website imaginable.
It’s also relatively secure out of the box. One of the biggest challenges facing site owners isn’t the most current version of WordPress but older ones that need updates. Attackers find previously unheard-of vulnerabilities, then go after sites that have fallen behind on the latest releases. In a 2017 study, it was found that of all hacked sites featured, over 39% operated on outdated software.
In most cases, the security features that come as part of the package are enough in theory, but it’s always a good idea to add a dedicated WordPress security plugin. They serve as an additional layer on your site to keep intruders out and work alongside security settings from your hosting provider, such as enabling HTTPS, to keep your site online and operating as intended.
There are plenty of options out there, and not all plugins are created equal. Some do more than others, and here are five things to consider before you install one.
1. Consider What You Get for Free
Online threats are constantly evolving, and the best security plugins are in constant development to ensure they keep up. Funding has to come from somewhere, and that’s why many of them operate on a freemium basis.
For the uninitiated, that means that they offer a free plugin alongside a paid upgrade, usually at an annual cost per site of between $99 and $199. Some plugin developers offer more than others for free users, and the upgrade cost is worth keeping in mind in case you decide to add it later.
The good news is that, for the most part, free versions of the best plugins are more than sufficient for small to medium sites. Furthermore, it should represent a small part of your site’s budget by the time you need to upgrade.
2. Check Support for Two-Factor Authentication (2FA)
The WordPress login page is often an area of weakness on websites, especially when people don’t change the default URL. If you haven’t done so, then chances are you’ll start seeing bots trying to brute force their way into your site with typical login details.
As well as moving the page – which some security plugins can do for you – it’s great to add 2FA to the login process. As with any other site, a plugin will ensure you need a code delivered through a separate app or via text message to access your site.
3. What Notifications are Provided and How are They Delivered?
Even if you don’t read them all, it’s always nice to be able to stay on top of the latest attempted breaches on your site in case you decide to do something about them. Most plugins can be configured to send an email whenever there’s a failed or successful login attempt. In addition, some send daily digests outlining all the potential issues it encountered on any given day.
4. Firewall and Malware Protection
Different plugins work in different ways, but some go further than others to protect sites. They all offer malware protection to some degree, as it’s one of the biggest threats facing any website. However, some go further to quarantine malware as soon as it’s spotted immediately. Others can roll back a site to a time before the infection using backups.
Some plugins also include a built-in firewall, which runs on the same server as your site. Of course, there are pros and cons to doing it this way or using a third party, but if you’ve got no firewall protection at all, a plugin that provides it can be a great addition to your site and security suite.
5. Additional Features Beyond Security
As expected, most WordPress security plugins are explicitly designed to keep your site online and safe from all manner of online threats. However, some go further than others with additional features that can come in handy, even if they’re not directly linked to security itself.
One of the leading candidates involves backups. Of course, there are dedicated backup plugins, and some web hosts keep them on your behalf. However, there’s no such thing as too many site backups if you want to protect against every eventuality, so it might be worth choosing a plugin that does this for you alongside its core functionality.
Most WordPress sites can benefit from adding a security plugin. While the CMS itself is impressively secure in its own right, its popularity means that attackers are always looking for new ways to gain access to something they shouldn’t. A security plugin, alongside the dedicated development teams that keep them up to date, can be the difference between your site staying online and needing a costly fix.