When you put up your WP site you want to make sure everyone knows about it. Unfortunately, that also means unsavory characters who want to either spam or attack your site. You must take security equally seriously as you do SEO. Popularity requires secure measures. Here are a few of the best available for WP sites.

WebsiteDefender WordPress Security Download
WP Security Scan and Secure WordPress plugins have been merged into one plugin. It not only deals with security issues, but also backs up your database in case a disaster strikes. In fact, it does not actually take care of the security issues. It merely identifies them and notifies you. In this way, it is a big let down. We do not need an adviser, we need a solution.

Features:

  • scanning of blog for discrepancies
  • strong password tool to guard against brute force intrusion
  • theme scanning for intrusions
  • removal of many tags and information that provide hackers opportunity

BulletProof Security Download
The main purpose of this plugin is to protect against injections. It alters the .htaccess file, but you do not have to know anything about how to do that. The plugin does it for you. This offers you a level of security outside of WordPress running. The more layers of security you can make for your blog the stronger it will be against attacks.

Features:

  • one-click security
  • .htaccess anti-injection security measures
  • backup and restore selected .htaccess files
  • website maintenance mode with a single click
  • turns off database error messages
  • fast and simple
  • works only on servers running Apache, namely Linux servers

NoSpamNX Download
This does not use any captcha or JavaScript. Nor does it depend on Sessions and cookies. It works based on additional fields added to your forms, which a user cannot see, but a spambot will automatically and stupidly fill in. So if these invisible fields are filled with something, that comment is marked as spam. This is a truly brilliant approach that surely puts an end to those programs that autofill the fields. However, there are legitimate programs, including plugins for browsers, that autofill fields for us. That is the weak point of this solution. You will kill legitimate users’ input.

Features:

  • simple installation and configuration
  • blacklist for phrases, ip ranges, and URL’s
  • no JS, cookies, sessions, nor captchas
  • database queries are kept to a minimum, almost none

Antivirus for WordPress Download
Every site needs an anti-virus program guarding it. This one checks your database tables and themes for injections daily.

Features:

  • admin bar alert for viruses found
  • many languages
  • email notification
  • daily scan
  • whitelist for false positives

Fast Secure Contact Form Download
Contact forms are necessary on every site and spam is ever present, ready to take advantage of those forms. This is a solution that depends on both CAPTCHA and Akismet. So I would not recommend it, since Akismet is a paid solution for e-commerce.

Features:

  • autoresponder
  • no templates
  • redirect to URL upon completion
  • block spam attacks
  • customize the CSS
  • offer meeting scheduling as well

TAC (Theme Authenticity Checker) Download
TAC checks your theme for authenticity. Every file in your theme is examined. Upon discovery of malicious injections it shows the path to the file and a piece of the code, along with the line number. Some are putting out free WP themes with malicious code embedded. This plugin is intended to locate such aberrations.

Features:

  • scans files for malicious code in your theme

Login LockDown Download
Put a cap on the number of times any given IP address can try logging in with failures. It puts a halt to brute force attacks. Once the number of failed login attempts has been reached, there is no login available from that IP for a designated period of time. You can customize this period.

Features:

  • lock out brute force attacks
  • set maximum logging failure
  • set time to wait until next log in possible

Wordfence DownloadAPI Key
This is the only plugin you will need to protect against malicious scrapers, trojans, viruses, malware, and fake bots. It even makes a great defense against brute force attack. It can unbelievably repair the core WP files, theme files and plugins as well. The free version of the API Key does everything except scan and repair themes and plugins. So it is only partially free.

Features:

  • heals core files
  • repairs plugins and themes
  • scans comments, posts, pages for malware infected URL’s
  • reverse DNS on traffic (city level)

Chap Secure Login Download
If you do not have SSL, you can still secure your login process with this plugin. It uses the SHA-256 algorithm. Forget buying an SSL certificate just to secure a login.

Features:

  • secure login without SSL
  • SHA-256 algorithm

Bad Behavior Download
It works as a security solution against spammers along side other more traditional approaches. It catches the spammers before they have a chance to do anything. This is an amazing plugin and should be added to your tools.

Features:

  • identifies the software being used by the spammer and stops them
  • analyzes the delivery method of the spammer
  • reduces your site’s load
  • keeps our logs clean
  • stops DOS attacks before they happen

The Final Word
There are many ways to secure a WP website. When considering your security, you should look at many solutions and decide which combination gives you the broadest and strongest security. However, you should also remain mindful of how much these measures may slow down your site. A slower site means a higher risk that people will not wait for pages to load. They may abandon your site before seeing it. So weigh the costs and test the options until you find the right combination for you. Then be adamant about your security measures. Never compromise them or you will regret it.