When it comes to protecting your site from evil doers, you should start by installing some powerful WordPress security plugins.
Plugins will act as your site’s bouncer, fighting off brute force and spam attacks, as well as being your inside agent, working to gather intelligence on who is targeting your site.
This comprehensive list includes plugins to fight hackers, kill spam, protect logins, as well as saving backups. All of these plugins are highly rated and regularly updated, and best of all, they’re free.
Some, though, offer premium versions to give you yet more protection for your site.
Check ’em out!
Secure your website with the most comprehensive WordPress security plugin. Firewall, malware scan, blocking, live traffic, login security & more.
Five Stars of
This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.
Take the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.
The Sucuri WordPress Security plugin is a toolset for security integrity monitoring, malware detection, audit logging and security hardening.
Adds Secure Image CAPTCHA on the forms for comments, login, registration, lost password, BuddyPress register, wpForo Register, and WooCommerce checkou
No spam in comments. No captcha.
This plugin provides various two-factor authentication methods as an additional layer of security for wordpress login. We Support Phone Call, SMS, Email Verification, QR Code, Push, Soft Token, Google Authenticator, Authy, Security Questions(KBA), Woocommerce front-end login, Shortcodes for custom login pages.
4.5 rating based on 87 ratings
Active installs: 6,000+
Loginizer is a WordPress security plugin which helps you fight against bruteforce attacks.
Security against brute force attacks by tracking IP, name, password. Idle timeout. Maintenance mode lockdown.
Backups and Restoration
Backup and restoration made easy. Complete backups; manual or scheduled (backup to S3, Dropbox, Google Drive, Rackspace, FTP, SFTP, email + others).
Create & Restore Database Backup easily on single click. Manual or automated backups (backup to Dropbox,Google drive,Amazon s3,FTP,Email).
Schedule complete automatic backups of your WordPress installation. Decide which content will be stored (Dropbox, S3…).
Backup Guard is the best backup choice for WordPress. Backup, restore, clone, duplicate or migrate your website with few clicks.
Backup, restore, clone, duplicate or migrate your site effortlessly with WPBackItUp.
Backup by blogVault is the most reliable way to perform WordPress backup for your site. It is the easiest way to backup, restore or migrate your sites
Keep your valuable WordPress website, its media and database backed up to Dropbox in minutes with this sleek, easy to use plugin. Need help? Please em
XCloner is a full backup and restore plugin for WordPress, it will backup and restore both files and database. http://www.xcloner.com
Manages your WordPress database.
Obfuscate email addresses to deter email harvesting spammers, while retaining the appearance and functionality of hyperlinks.
No setup required! You only need an SSL certificate, and this plugin will do the rest.
Clean up WordPress website HTTPS insecure content
If you know of any WordPress security plugins that deserve to be on this list, please leave the information in comments below. I’m always on the lookout for a better plugin!
Subscribe to Blogsite Studio and get my new ebook!
Secure Your WordPress Website: How to Protect Yourself from Hackers, Spammers, Scrappers, and Imbeciles
A field guide to stopping evildoers from breaking into your website, stealing data, and injecting malware.
Plus, what to do after a hack!