14 Feb How to Navigate The Dangers Behind Free WordPress Plugins

30% of the websites on the internet today are WordPress sites. 60% of the sites on the internet built on a CMS—Content Management System—are built on WordPress.

One estimate says that more than 72% of WordPress sites are in some way vulnerable, and these vulnerabilities can be detected using a free automated tool.

A recent report says that out of just under 4000 WordPress sites scanned, 52% had vulnerable WordPress plugins.

Finally, backdoors, drive-by downloads, pharma hacks, and malicious redirects are the most common types of malware infections used in WordPress.

Clearly, it’s necessary to make sure your WordPress site is secure from all manner of attacks. What can you do to protect your site and your data?

In this article, we’ll cover the different types of features offered by a variety of WordPress plugins, and how to choose a good plugin. We’ll also show you secondary steps for securing your site, like using a VPN, and what to look for. Perhaps need the best VPN that doesn’t keep logs. We’ll talk about why such a thing might be necessary.

What WordPress Security Plugins Offer

There is a multitude of such plugins, and we’re not going to highlight any of them individually here. What we will do is discuss the different features offered and what they can do for you. Ultimately, you should choose your plugin based on the features necessary to you in your circumstances.

Consider the following features:

• Active security monitoring
• Blacklist monitoring
• Brute force attack protection
• File scanning
• Firewalls
• Notifications about detected threats
• Tightened security

Let talk about some of these in a little more depth. The rest should be self-explanatory.

Active security monitoring will mean that you are able to detect any changes that are made to your website files. You can adjust this feature so that changes that you make yourself aren’t reported.

All email providers maintain a list of blacklisted email addresses and IP addresses that are known to send spam. Unfortunately, there are times your own IP address may be added to this list. If you are monitoring for this to happen, you can deal with it and have your address removed from the blacklist.

A brute force attack is a bot or bots that are trying to find your username and password. This will continue until they find their way in, or are stopped.

This security measure simply scans, detects, and deletes any files on your WordPress site that don’t belong.

How to Choose Good Plugins

Above, we mentioned a report that stated out of 4000 WordPress sites that were scanned, 52% of them had vulnerable plugins. This means these plugins had security holes that are either there deliberately or inadvertently.

In order to protect yourself against such plugins, take some time to do some research before installing any plugin. You can check the reviews of people already using the plugin, the number of times the plugin has been downloaded, and how often the plugin is updated. Another way to see how responsive the plugin developer is is to check the plugin’s support forum on WordPress.org. Are concerns and issues addressed quickly or left unanswered?

We mentioned WordPress.org above, and when looking for a plugin this should be the first place you look. All plugins listed here have been vetted for any sort of security hole or issue. In other words, you know you can trust them.

If you can’t find what you’re looking for in the WordPress repository, or you’re looking for a premium plugin, be sure to look for plugins from reputable developers only. Just adhering to these few steps can save you a headache in the future.

The opposite of this is true if you were to choose plugins from unknown, untried sources. You are opening yourself up to the chance of having some sort of malware or spyware embedded in the code of the plugin. So be security conscious and don’t go down this road.

Use a VPN

Now that you’ve got all your other security measures in place and made sure you’ve only chosen reputable plugins, what else can you do to secure your site?

VPN stands for Virtual Private Network and using one is an excellent secondary step in securing your site. It won’t lock it down completely, but it will/can be a significant layer of protection. The beauty of a VPN is that it’s not only going to protect your WordPress site, but it will also protect your computer and all the data on your computer. It will mask your IP address and will be a deterrent against hacking attempts.

Any work that you do on your WordPress site, any work that you do on your computer, any websites that you visit, will remain protected and anonymous behind your VPN.

Above we briefly mentioned why you might want a VPN that does not keep log files. Depending on the sensitivity of your information, or the information you collect on your website, you may decide that you do not want a record of that kept by your VPN. This could be a record that authorities may demand to see in certain situations.