WordPress: Security Plugins (2016 edition)

WordPress security plugins

Online security is very important these days. As en entrepreneur, you need to ensure that when people buy from you, your site is secure and their information safe. Following are some key WordPress security plugins I strongly recommend to keep your site safe and secure.

But first, here are the quick tips to keep your WordPress safe:

  1. Backup your WordPress regularly. There's nothing worse than losing all the information you worked so hard on putting together. You should also keep your softward and plugins updated at all times.
  2. Create strong passwords. Combine letters (upper and lower case), numbers, symbols and try to use more than 12 characters. WordPress allows you to create password up to 64 characters long... crazy, right?
  3. Scan your site for malware, out-of-date software, plugins and more. WP Security Scan will scan your WordPress for security vulnerabilities and it will suggest some corrective actions. Check the list below for more plugins.
  4. Are you using free themes and plugins? Free WordPress Themes and plugins are great, but some may contain possible malicious codes and provide backdoors for potential exploits. WordPress plugins even if they are on the WP repository, may contain problems. This is particularly true for those that are not updated for a long time, so among other things, it is a good indication for you to avoid them. Look at the ratings, users feedback for possible problems.

Read more about protecting your WordPress site in this great post on Hardening WordPress. If you're not a tech person, it might make sense to send the link to your tech team or VA to make sure everything is setup properly. Now, let's get to the top WordPress security plugins.

Website security:

  • Login Lockdown - records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery.
  • All In One WP Security & Firewall - This is the most comprehensive and user-friendly plugin. Some of its features include securing registration and login details. It also provides database security and security scanner.
  • WP Security Scan - This plugin will scan your WordPress installation for security vulnerabilities and it will suggest some corrective actions.
  • iThemes Security - Almost an “all-in-one” security plugin for WordPress. This plugin takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.


  • Backup Buddy - Backup Buddy is a backup & recovery suite for your WordPress website. This plugin allows you to back up database tables as well as files and comes with a rich set up options.

Spam protection:

  • Akismet - protect your blog from comment and track back spam. Every WordPress blog should have this plugin installed.
  • AntiVirus - Viruses, worms and malware exist for WordPress and could easily attack your WordPress installation. AntiVirus for WordPress monitors malicious injections and warns you of any possible attacks. It also has multilingual support.
  • Really Simple CAPTCHA - This is a simple plugin that will allow you to add Captcha to your Comment 7 plugin forms and avoid spam emails. This plugin is super simple, if you're looking for more advanced solution, you should look into Captcha by BestWebSoft instead.

One more tip on website security. If you're using online forms or purchase pages, make sure that all the pages collecting your prospect/customer data are protected (they start with https:// instead of http://). You will need an SSL certificate to create such pages (online shopping carts are set up so that purchase happens at a secure page, so you'll be safe here). Investing into SSL certificate is a MUST if you care about your client security. SSL certificates can be purchased from your web hosting company.

That being said, when shopping online, always make sure that you're on a secure page (https://) yourself!

If you found this post useful, share it with others using the sharing buttons below.

PS: Our blog comments are closed, due to us using social media to stay in touch with you. Send us your feedback using your favorite platform. We’ll be happy to hear from you!


Are you committed to growing your business this year? 

Discover tips and insights to make 2024 your best year yet... in spite of the economy!

Register for my upcoming FREE webinar on June 20, 2024.

Inspire someone today...