Web security firms claim that over 30,000 websites are breached daily. I don’t know if that’s true; however, I do see a high malware infection-rate (20-25%) on older sites when companies ask for website upgrade quotes. Employing a method to repel brute force attacks is one of many security layers that should be integrated into every website. The following are few popular WordPress security plugins I’d like to provide some insight on…
‘Limit Login Attempts’
I was told that the popular website hosting company, WPEngine, enforces the use of this plugin. Really? I recommend that webmasters avoid this plugin for something else. Two reasons…
- According to the WordPress.org CODEX, this plugin hasn’t been updated since June of 2012 (wow!); and,
- Hackers can breach the latest version of the plugin like a hot knife slicing through butter (see further explanation at this link, http://wordpress.org/support/topic/scary-limit-login-attempts-lockout-bypassed?replies=42)
‘Stealth Login Page’
A recommendation by designer Ozzy Rodriguez; however, be careful, it’s not for beginners. A webmaster can easily get locked out of their own website if one’s full attention isn’t used during setup. This plugin generates a secret login authorization code that needs to be entered. If not entered correctly, those attempting to log in will be redirected to another URL.
I find this to be a good plugin for monitoring login attempts. Install this plugin, and over the course of a few months, you’ll see- and be amazed at- how many times your website’s login page was attacked. Ever wonder why your website is slow? This plugin may show you why. It also has a blacklist feature which can block the IP of that persistently pesky hacker.
‘Login Security Solutions’
The one type of WordPress security plugin we’re all keeping our eye out for is a true 2-step verification plugin, in-line to what Google uses. There are a few that have been released, but none we can yet endorse. When such a plugin becomes available, we’ll give our recommendation.