The Top Security Add-Ons for Every WordPress Site

WordPress-powered sites can be hacked. Use one or more of the following security add-ons to help prevent that from happening.

Every website is hackable. That includes your WordPress-powered site. The world’s largest CMS does what it can to fend off fraudsters, but it’s not impenetrable. 

It falls on you to take a few extra measures to keep your site secure for users. Use one or more of the following security add-ons:

Really Simple SSL 

This may go without saying, but your site needs an SSL (Secure Socket Layer) Certificate. You can get one from a certificate authority (Trustwave, GlobalSign, Entrust – there are plenty of them). This certificate certifies that your site connections are encrypted, hence the “https.”

Once you have one, the Really Simple SSL plugin will make it easy to set it up on your site. The manual way is a lot harder. Remember: If you don’t have SSL encryption, you will be penalized in search results (SEO party foul).

Sucuri Security

This plugin monitors your site for abnormal activity, can conduct malware scans and perform blacklist monitoring. This means it synchronizes with lists of bad stuff that shouldn’t be happening on your site created by Sucuri Labs, AVG, Norton and many other security companies).

Other features include:

  • Security hardening: Tweaking configurations for better security.
  • File-integrity monitoring: Comparison of a “good known state” of your site to a potentially bad one.
  • Website firewall (but only with the premium version).

Wordfence Security

WordFence Security does a lot of the same sorts of stuff Securi does, so you probably don’t need both. There’s a free “community” version and a premium version.

The free version provides brute-force attack prevention that limits login attempts (which you have to pay for in Securi). It also provides a website firewall, but it’s delayed by 30 days, so you’re not getting the most up-to-date protection.

As far as comparisons go, Securi definitely has the bigger reputation, but you can’t go wrong with either of these security plugins. A few other reputable options that perform similar functions (with some variation in pricing and features) include:


This is a backup tool, not a security tool. You need it – or something like it – in case something bad happens to your site.

A Better Option

If you use a managed WordPress host (like we do at Black Raven) then they will take care of your SSL certificate, back ups, and a lot of your security needs. In fact, many managed WordPress hosts encourage webmasters not to use third party security plugins because they are unecessary and can add to complications on your site.

Not all hosting is the same, so be careful to choose a good option for your website. We can migrate you to our hosting platform if you want to take the easy option.

Common Sense

A couple more notes that will go a long way toward improving your WordPress security:

  • Don’t give away your password.
  • Avoid performing site maintenance on public networks (use a VPN if you must do work at the cafe).
  • And if you get an urgent message saying you need to change your password, make sure it’s for real before you confirm your “old password.”

Don’t go to sleep on your site security. The bad guys sure wont.

Photo by garloon.

More from Black Raven

about us