Over the past years, we have seen an increase in websites getting hacked and personal information being stolen. These websites belong to well-known corporations like Adobe. This has put a spotlight on website security. Though, while this happens to corporations, we cannot forget that this happens even to the little guy, like you. I don’t subscribe to the word “basic,” when it comes to security. Why would I? Security is essential and critical — these are the words I use.

In this post I’m going to discuss seven (7) essential WordPress plugins that you need to protect and secure your WordPress installation, but before I do that, please do not forget that you should also:

  1. Make sure your WordPress core is up-to-date;
  2. Keep your plugins up-to-date;
  3. Do not use out-dated plugins;
  4. Use simple secure or complex passwords; and
  5. Do not use usernames like admin or administrator

It’s important to invest in security. You should understand the WordPress core, plugins and themes in terms of how it’s coded and the security implications of using them; also code snippets that can help secure your account and WordPress installation, and how your web host secures the server. Remember, taking the time to protect yourself and your WordPress installation is well worth the investment — time, money and energy — it’s better than the alternative, i.e. your website being blocked for malware.

Okay, with this being said, let’s take a look at my suggestions for essential WordPress security plugins:

Limit Login Attempts

Limit Login Attempts is a WordPress plugin that limits the number of login attempts a person can make before being banned. You can also configure the plugin to send you an e-mail when someone logins to many times.

This plugin is important because by default, WordPress allows a person to attempt to login an unlimited amount of times, which gives brute force attackers plenty of time to crack your login information.

Simple Login Log

The Simple Login Log plugin allows you to keep a log every time someone logins. You can track the username, time of login, IP address and browser user agent.

This plugin is great whether your WordPress installation allows multiple users or a single user, as you can track any unusual activity, thus allowing you to act faster.

Exploit Scanner

Exploit Scanner searches the files and database of your WordPress install for signs that may indicate that it has fallen victim to malicious hackers. It is also one of two plugins that make up Automattic’s VIP WordPress scanner.

This plugin is great, as it has the potential to help you identify security holes and the possibility that your WordPress installation has been hacked.


Theme-Check is a simple and easy way to test your theme for all the latest WordPress standards and practices.

SiteCheck Malware Scanner

The SiteCheck Malware Scanner by Sucuri is a great security plugin that checks your WordPress installation for malware, spam, blacklisting and other security issues like .htaccess redirects and hidden eval code.

SiteCheck Malware Scanner will detect various types of malware, SPAM injections, website errors, disabled sites, database connection issues and code anomalies that require special attention. These include things like: Obfuscated JavaScript injections, Cross Site Scripting (XSS), Website Defacements, Hidden & Malicious iFrames, PHP Mailers, Phishing Attempts, Malicious Redirects, Anomalies, Drive-by-Downloads, IP Cloaking and Social Engineering Attacks.

SiteCheck Malware Scanner also uses leading blacklisting databases to check for malware, SPAM, and phishing attempts. These blacklisting databases come from: Sucuri, Google Safe Browsing, Norton, AVG, Phish Tank, ESET, McAfee SiteAdvisor and Yandex.

Better WP Security

Better WP Security helps you by protecting you against vulnerabilities, such as using “admin” as a username or the displaying of the WordPress generator. Not only does it help identify vulnerabilities, it helps you resolve them.


VaultPress is security and backup plugin for your WordPress installation. It is operated by the team behind WordPress, Automattic and starts at USD $3 per month. This is affordable and helps you secure your website.

Using Another Backup Plugin

It is my recommendation that you use VaultPress as it is a great affordable service. It is critical to backup your WordPress installation just in case your site does get hacked. There is no guarantee that you WordPress won’t get hacked, I mean look at the giant corporations that do get hacked; hackers are constantly looking for security holes and ways to hack your site — so it’s critical to have backups of your site.