Two WordPress Security Plugins

Sucuri WordPress Security Plugin

 

1. Sucuri WordPress Security Plugin

I was on a webinar this past week with an online security expert.  She is a real expert.  She makes her living as a security expert.  She’s the real deal.  She mentioned two WordPress security plugins that every WordPress website owner should install.  I’ve been using WordPress exclusively for over 3 years now, and I’ve heard the names of these two WordPress security plugins pop up repeatedly from people in the industry whom I respect.

The first WordPress security plugin is the “Sucuri Security – SiteCheck Malware Scanner”.  Here’s the link to that plugin at WordPress.org:

http://wordpress.org/extend/plugins/sucuri-scanner/

Sucuri SiteCheck will check for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc.

This plugin is completely free.

You can also scan your site for free and learn more about Sucuri at the Sucuri Website.


 

Wordfence WordPress Security Plugin

 

2. Wordfence WordPress Security Plugin

The Wordfence Security Plugin is another extremely important and helpful WordPress Security plugin.  I use the free version although there is a paid version that you can find out more about here: http://wordpress.org/extend/plugins/wordfence/

Here’s the blurb for Wordfence on the WordPress.org website:

 

[quote] Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups. Wordfence Security is full-featured and constantly updated by our team to incorporate the latest security features and to hunt for the newest security threats to your WordPress website.[/quote]

 

They Tried to Hack My WordPress Site!

I just installed Wordfence security plugin this week and today I got an email letting me know that someone tried more than six times to log into my WordPress Website (Jupiter Jim’s Marketing Team site) without my knowledge or permission.

 

Here’s part of the email message that Wordfence emailed to me:

 

[quote]A user with IP address xx.nn.xxx.aa has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 6 User IP: xx.nn.xxx.aa [/quote] (xx.nn.xxx.aa is not the actual IP address that was in the email).

 

I looked up the IP address and the attack originated from Russia.

 

While Wordfence did not prevent this attack, it did let me know that someone did try to break into my website.   That makes me want to remain extra vigilant about my site security and my password security!

You can learn more about Wordfence by checking out the Wordfence Website.

And you can check out some of the Wordfence reviews here.

In the comments below please leave your experiences with either of these plugins or your experiences with WordPress Security Issues.

This is something we all need to learn more about and be more aware of!

Thanks for sharing!

 

Article Written by Jim Landers aka “Jupiter Jim”

 

 

Meet the Author

Jupiterjim
32 comments… add one
  • Dr. Erica Goodstone Feb 24, 2013, 1:08 am

    Jim,

    That seems like a really valuable plugin. I use Kaspersky and they seem to be quite stringent in catching threats. In fact, for awhile they were calling my own website “Attack sites” until I got them approved by google.

    Warmly,

    Dr. Erica

  • Astro Gremlin Feb 24, 2013, 5:59 am

    I use a free plugin called User Locker. I once got locked out myself but had another administrator identity that got me in. They will try to crack into your site. My log in password that is quite elaborate. Not possible to brute force it with the few chances that User Locker allows. Biggest danger is if a hacker uses “admin” and fails, locking you out. So give admin rights to another name that you don’t use as an author.

    • jupiterjim Mar 2, 2013, 2:16 am

      Astro,

      Great Advice!!!! Never thought about that because I never use “admin” but some of my clients do!!! Thanks again!

  • Beth Hewitt Feb 24, 2013, 12:48 pm

    Hi Jim,

    Thanks for sharing these I am going to look at them in more detail now. It is so sad that we have to take all these extra precautions. But people will try to keep us on our toes so we have to be prepared.

    Thanks,

    Beth 🙂

    • jupiterjim Mar 2, 2013, 2:14 am

      Beth,

      Yes, very sad! But, unfortunately, it’s the only game in town, so we gotta play! LOL

  • Yorinda Feb 24, 2013, 4:15 pm

    Hi Jim,
    thank you so much for sharing this information!

    I installed both plugins before even writing this comment, since I know you would only share trusted resources.
    I was pleased to have the first scan come back clear and I am aware of my anxiety as I am waiting for the second one from Wordfence.
    It is amazing what is possible with technology and I am glad that these plugins are available.

    I appreciate knowing you and that you made this information available!
    Cheers,
    Yorinda

    • jupiterjim Mar 2, 2013, 2:13 am

      Yorinda,

      Thanks for the positive feedback! I really appreciate the fact that you follow my blog regularly and KNOW that I would not endorse something unless it was Rock Solid for WordPress!

      Take Care,

      Jupiter Jim

  • Charlene Christiano Feb 24, 2013, 9:02 pm

    Thanks for the great post about Wordpress security plug-ins. While my site is fairly new, I guess it’s not immune to hacking. I also like the other comments, too. Astro Gremlin really gave me a good idea to add another admin name (wink) just in case. As always, Jim, you rock!

    • jupiterjim Mar 2, 2013, 2:12 am

      Charlene,

      Thanks for the Kudos!!! And you’re never too New to be a victim of hacking!

  • Jaimie Feb 25, 2013, 10:17 am

    It is really important to have a highly secured blog because nowadays a lot of hackers are on a prowl. The plugins you have mentioned will help a lot to make our blogs secure. Thanks a lot dude

  • Hythe Feb 25, 2013, 11:12 am

    Most Wordpress blogs seem to be under constant brute force attacks now, I use ‘Limit Login Attempts’ and ‘Login Logger’ at the moment.

  • Michael Shook Feb 26, 2013, 10:52 pm

    Every morning when I log onto the internet I get messages that someone else has registered as a user on my site. Not one of the people who are commenting so that they can select from additional posts in CL, but from bots.

    Most often these are from Poland, although I have no idea why. Fortunately, I have never had a problem with accessing my site or being locked out. it is a good idea to have multiple admin accounts, and I am hoping that one of these plugins which make my security concerns go even farther away.

    Thank you Jim, I had not heard of either of these before, and I am very interested in taking a look at them.

  • marquita herald Feb 27, 2013, 4:28 pm

    Wow thanks Jim – scary about that hacking thing! I have used Sucuri in the past – but it was definitely not free. The plugin is new to me so I’ll take a closer look. As concerned as I am over security – I also worry about overlapping programs. Between my blog and my computer I have 4 security programs running and I’m always a little nervous about jamming things up that are already working by overcompensating.

  • Electrical engineering Feb 28, 2013, 9:29 am

    I am using antivirus plugin but not satisfied with it. now i will try your given plugins. Is it necessary to use both plugin simultaneously?

    • jupiterjim Mar 2, 2013, 2:06 am

      Well, the Sucuri is just a scanner so you can run that whenever you want.

  • Melanie a/k/aCrazyMom Mar 2, 2013, 9:19 am

    Thanks Jim for yet another wonderful post and advice. I’ve been concerned about safety for a while so this came at the right time. Already installed both of the plugins and hope to get a little peace of mind. How do you handle the “attacks”? I would freak out getting messages, but how to you handle it? Do you change passwords often? Any advice to make me not freak out when a message comes in would be greatly appreciated.

  • Rachel Lavern Mar 3, 2013, 1:43 pm

    Wow. This serves a reminder for me to perform maintenance on my blog…I am long overdue and need to protect my blog from being hacked.

    I have several plug-ins installed and one of them shows me how many people have tried to hack into my blog.

  • Kulwant Mar 5, 2013, 1:39 am

    Sucuri Scanner have been proved one of the best plugin for me.

    Thanks for introducing another plugin.

  • Chery Schmidt Mar 6, 2013, 1:32 pm

    HI Jim I have no idea if I have a security plug in or not on my wordpress, is there a way to find out? Do I need to have both of these plug-ins you are talking about here today? I am going to go and see if I have them available in my dashboard now. Thanks for sharing! Chery 🙂

    • jupiterjim Mar 7, 2013, 6:37 am

      Chery,

      Use both.

      • Chery Schmidt Mar 7, 2013, 12:41 pm

        Thanks Jim I did go and activate both plug ins, I did run the wordfence and it keeps coming back as a scan error that they cannot connect with the host Not sure what this means, any thoughts. Also is there anything I need to do for the Sucuri plug in? Again Thanks for all you do Chery 🙂

        • jupiterjim Mar 7, 2013, 1:32 pm

          Chery,

          I am sorry I don’t know why you are having the scan error with Wordfence. You can go to the developer’s site and they should have a forum on WordPress.org to answer all questions and problems.

          As for sucuri, I would run it at least once to scan all your files on your server that hosts your WordPress site / blog.

          I hope this helps!

  • 01darkan01 Mar 18, 2013, 9:13 am

    hi all. i’ve coded a new antivirus perl based.
    Functions:
    1) found and remove malicious file and if you want make a backup.
    2) found exploitables file and suggest update
    video demonstration
    http://www.youtube.com/watch?v=RLG2g5HsGnQ

    if someone is interesting to test please contact me
    last few testing and program will be public
    regards
    david

  • KPMDesign Mar 25, 2013, 11:08 pm

    Thanks for the heads up on WordFence. Hadn’t come across it before even after watching a very recent Wordpress security video. It’s great. Have a free version of the Securi scanning for malware installed with BackupBuddy, but WordFence picked up outdated copies of Timthumb lying around in all sorts of unused theme folders plus a couple of suspicious links in files. Much appreciated.

  • Keral Patel Apr 22, 2013, 5:21 am

    Quite funny that you blogged about this last month and this month there was a huge attack on all the wordpress sites. All those who had their sites secure would have felt very glad to take some steps before it was too late.

  • Rosemary O'Shaughnessy May 7, 2013, 7:18 pm

    Hi Jim,

    Thank you very much for sharing this advice . It is so important to have the right plugins to keep wordpress sites safe . Rosemary

    • jupiterjim May 8, 2013, 7:13 am

      Thanks, Rosemary!

  • catherine Apr 18, 2014, 4:40 am

    thank u so much jupiterjim for sharing wonderful techniques which are used to fix wp hacked sites through these Security Plugins………

  • Clare Jun 20, 2014, 8:13 pm

    What an awesome article – going to check it out right now. Security is a huge deal everyone needs to take notice!

    You always provide the best advice and insight!

    ~Clare

  • Akash Oct 1, 2014, 12:58 pm

    Just passing by.. So, you are using Thesis theme.. Nice… Both plugins are great bur Wordfence plugin is just great… But i think itheme security is more powerful then others..

Leave a Comment