Tuesday, June 4, 2019
If you run a wordpress website, you know how powerful it is as a content management system for updating and keeping your website 'alive' and fresh. But, being the world's most popular website builder, it is also the most 'attacked' and vulnerable. However, there are also a number of great plugins which you can use to protect your website from hackers, spammers and otherwise unwanted attention.
These are our top 8 picks and in fact, we would go as far as to say, plugins that you really should be using if you run a wordpress website. To install any of them, just go to the PLUGINS > ADD NEW in your wordpress dashboard, search for each one and install. Enjoy.
1) Really Simple SSL
This plugin assumes you have a SSL cert (which most websites nowadays do and should have). It basically ensures that your wordpress site is fully served to any visitors with https - without any errors.
2) WP Mail SMTP
SMTP (Simple Mail Transfer Protocol) is an industry standard for sending emails. SMTP helps increase email deliverability by using proper authentication. (usually password). Popular email clients like Gmail, Yahoo, Outlook, etc are constantly improving their services to reduce email spam. One of the things their spam tools look for is whether an email is originating from the location it claims to be originating from.
The default in wordpress is to use PHPmail. Unfortunately this requires no authentication and forms etc can be hijacked on your site by spammers to send mail through your domain. That's REALLY BAD NEWS for your domain. Your domain could be blocked by Gmail, Yahoo, Outlook and others from sending mail to their users.
If the proper authentication isn’t there, then the emails either go in SPAM folders or worst not get delivered at all. Use WP Mail SMTP to send mail through one of the email addresses/mailboxes you have set up in your hosting account. Spammers won't be able to access your scripts and your mail will always be authenticated.
3) Akismet Anti-Spam
Used by millions, Akismet is quite possibly the best way in the world to protect your blog from spam. Your site is fully configured and being protected, even while you sleep.
Protect your website with the best WordPress security available. If you were only to install one plugin on this page, let it be this one.
Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Their 'Threat Defense Feed' arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by a suite of additional features, Wordfence is the most comprehensive security option available.
5) Disable XML-RPC (highly recommended and advised)
Pretty simply, this plugin disables the XML-RPC API on a WordPress site running 3.5 or above.
Beginning in 3.5, XML-RPC is enabled by default. Additionally, the option to disable/enable XML-RPC was removed. For various reasons, site owners may wish to disable this functionality. This plugin provides an easy way to do so.
6) Really Simple Captcha
Really Simple CAPTCHA is a CAPTCHA module intended to be called from other plugins. It is originally created for my Contact Form 7 plugin.
7) Anti-Spam by Cleantalk
Max power, all-in-one, no Captcha, premium anti-spam plugin. No comment spam, no registration spam, no contact spam, protects any WordPress forms.
8) Block wp Login
This plugin completely blocks access to wp-login.php and creates a new secret login URL
*All of the above are free but some may have premium options.