Top 5 WordPress security plugins

Posted by admin

November 9, 2016

Many of us don’t worry about the security of our real estate WordPress websites until it’s too late. Security, backups and website recovery are fairly often an afterthought.


Though WordPress is very much secure by itself, but there is never too much ascertainable. Security should be the top priority for any real estate website developer. Due to the lack of security, any website can be hacked, private information can be stolen, and countless hours of hard work can be spent to repair that all.


The number of potential security vulnerabilities faced by WordPress real estate websites is actually much greater than most people realize. Typically we think of the obvious things like using strong passwords and keeping WordPress core files up to date. Truth be told, those items cover only a small percentage of the total vulnerabilities.


Real estate website security can be presented within the following levels:


1 Outer network level (outside of the server – it may be proxy, software/hardware firewalls)

2 Hosting level (it includes server level and a part of networking)

3 Website application level (WordPress real estate website)

4 Client level (computer’s security, safe network environment and common-sense security measures)


Because of this, have an extra layer of security for your site is not a bad idea. Here are some of the best WordPress security plugins to help you protect your site:


- Wordfence

- iThemes Security (formerly Better WP Security)

- Sucuri Security

- BulletProof Security

- All in One WP Security




With one million downloads, WordFence is one of the most popular WordPress security plugins.


WordFence starts by checking if the site is already infected. It does a deep server scan of the site’s source code and compares it to the Official WordPress repository for core, themes and plugins. If it finds any kind of infection, it will notify you by e-mail. It claims to make your WordPress website 50 times faster and secure. For making your website faster, it uses Falcom caching engine. It also scans your posts and comments for malicious code and supports multi-site.


This plugin is free, but a few advanced features are available for premium users. They include country blocking, two-step authentication, scheduled scanning and more.


So, WordFence covers:


- Scanning for file changes

- Blocking IP addresses

- Two-factor authentication

- Country blocking and country redirects

- Custom alerts


The plugin is great both for beginners and pro users.




iThemes Security is a WordPress security plugin that claims to provide 30+ ways to secure and protect your WordPress website from attacks. It strengthens user credentials by fixing common vulnerabilities and automated attacks. The plugin is available in both free and premium versions.


iThemes covers all of the following:


- Two-factor authentication

- Brute force protection

- Monitoring core files for any changes

- Ticketed support (for pro users)

- Logging user actions

- Locking out users for multiple incorrect credential attempts

- Forcing the use of secure passwords for specific user roles and file permissions


It scans the entire website and tries to find if there is any potential vulnerability in it. It also prevents bruteforce attacks and ban IP addresses which try to bruteforce. This plugin forces users to use secure passwords and also forces SSL for admin area in server support. Unlike other plugins, the GeoIP banning feature is not available. But the company has promised to bring this feature soon. iThemes Security also integrates Google reCAPTCHA to prevent comment spam on your website.


The plugin is great for beginners and advanced users alike.


But there are a few things to be aware of before jumping in. If you’re installing the plugin on an existing site, there is a possibility that some of the changes might break your site. Of particular concern are the changes made to the database and changing the path of your wp-content directory.




Sucuri offers a free plugin that is available in the WordPress repository. This plugin offers various security features like: malware scanning, security activity auditing, blacklist monitoring, effective security hardening, file integrity monitoring, and a website firewall. It is a security suite meant to complement your existing security posture. Sucuri incorporates various blacklist engines including Google Safe Browsing, Sucuri Labs, Norton, McAfee Site Advisor and more to check your website. If there is anything wrong, it will notify you via email.


It protects your website from DOS attack, Zero Day Disclosure Patches, bruteforce attacks and other scanner attacks. It also keeps log of all activities and keep these logs safe in the Sucuri cloud. So, if an attacker is able to bypass the security controls, your security logs will be safe within Sucuri’s security operations center. This way, if there is a breach in security, you’ll be able to review the activity logs and find out what happened.


Finally, the plugin also helps you take some of the basic but critical steps necessary to harden your website security including:


- Removing the WordPress version information

- Protecting the uploads directory from browsing and PHP execution

- Restricting access to wp-content and wp-includes

- Verifying your security keys

- Restricting access to the file editor from with the WordPress dashboard.


So, Sucuri is primarily a monitoring tool for certain changes and activities that can harm your WordPress site. Since it requires a lot of understanding and familiarity with codes and file systems within WordPress, this plugin is meant for developers and admins who are experts in analyzing this information.




All In One WP Security & Firewall is also among the most popular WordPress security plugins. It has a user-friendly interface for those who are not familiar with advanced security settings. This plugin protects your website by checking vulnerabilities and implementing the latest techniques and security measures.


Using a convenient grading system, this plugin makes it relatively easy to see the areas where your website security might need to be improved. The main dashboard has an indicator that ranks your current level of security between 0 and 470, depending upon how many features are currently enabled. By adding additional security options, you can increase your score.


With this plugin, there is also the risk of breaking your site. To reduce the likelihood of this happening they have implemented three categories of changes – basic, intermediate and advanced. The basic features are relatively safe to activate, while the intermediate and advanced changes have the potential to break some of your website’s functionality. If something goes wrong there are detailed instruction for fixing the problem.


Each primary security feature has its own sub-menu and a detailed description so you know exactly what you’re changing.


A more extensive list of security features includes:


- The ability to disable the WP Meta information

- Monitoring user accounts for obvious vulnerabilities

- Brute Force login attack prevention that’s more extensive than the Limit Login Attempts Plugin

- A setting that requires you to manually approve new user registrations

- Database prefix management

- Protection of specific files including the ability to edit PHP files from within the dashboard

- Blacklisting users based upon their IP address or a range of IP addresses

- Basic firewall protection

- Changing the login page URL, cookie based logins as well as Captchas and whitelists

- Comment spam prevention

- File change detection

- Disable copying of text and the use of your site in an iFrame


All In One WP Security & Firewall also allows you to schedule automatic backup and receive email notification. What is more, it adds a web application firewall in your website and enables 5G Blacklist to prevent various attacks, denies bad query strings, prevent XSS, CSRF, SQL injection, malicious bots and other security threats.


Usually it works with most plugins without any problem.




Another popular plugin that helps to secure your WordPress website is BulletProof Security. This plugin provides single click security solution. It secures your website against RFI, XSS, CRLF, SQL injection, and code injection hackings.


The full list of features included with BulletProof security is too long to list, but here are a few:


- An easy one-click setup

- htaccess protection against XSS, RFI, CSRF, Base64, SQL injection and other hacking attempts

- Login security and monitoring including max login attempts and lockout time

- Database backups

- Database prefix changes

- File monitoring and quarantine of uploaded files

- Email alerts for a variety of user actions

- For more advanced users, there’s also a manual mode for more specific fine tuning.


The .htaccess security filter aims to match malicious and nuisance attack patterns, which is great for maintaining website speed and integrity.


It also has a pro version that offers some advanced features to improve the security of your website. But the free version is popular enough to make your website secure.



With an increasing number of hacking attacks, it is necessary to have security in your WordPress website. The security plugins mentioned above will help you with that. But even with a security plugin installed, it’s still important to keep an eye out for anything unusual on your site that could indicate a problem.


And the last but not the least important thing: back up your site before using any of these plugins in case there is a problem or compatibility issue with other plugins.