The two security plugins I use

WordPress

If you subscribe to email notifications, you probably read the post about this site getting hacked.Since then, I have put stricter policies in place in order to make hacking this site a bit harder for anyone who might try to. I did this mainly by having two security plugins: Shield Security, and WP Cerber. Both are great, but I think combining them makes your self hosted WordPress site more secure.

WP Cerber

WP Cerber, is in my opinion, the most basic, but effective, WordPress security plugin. It attempts to block bot spam comments, prevent brute force attacks, and even has a citadel mode. Citadel mode is actually a really cool feature; if there are a certain amount of failed logins within the specified time, it goes into lockdown, or Citadel mode. In this mode, only IP addresses in the white list are allowed to log in to your WordPress, and existing logged in users will not be logged out. This is one of the many steps WP Cerber adds to prevent brute forcing the password. It even has an access log, so you can see the IP addresses that are trying to hack you. This plugin alone was unable to prevent this site getting hacked, although it did do a good job at preventing it, as it went into lockdown mode and sent me an email.

Shield Security

This is the plugin I used to replace WP Cerber before deciding to use them together. This plugin does many of the things WP Cerber does, but is more advanced. It can make sure that bots aren’t trying to hack you, and many more features. The coolest feature is it’s core file checker, which detects core WordPress files that were tampered with, and can restore them. It can also scan for files that shouldn’t be in your WordPress install, and notify you, or remove it. This plugin will even scan uploads to make sure no one is uploading dangerous PHP or Javascript file.

Leave a Reply