6 Great Tools to Secure Your WordPress Website and Keep It Running

Security and protection for your website is always important, and even more so if your site use WordPress like mine do. WordPress makes up at least 20% of the websites on the world wide web now, and the percentage could be greater. While 20% isn’t the majority, it is more than enough to make WordPress a common target for attacks. WordPress itself is a secure content management system, but when left un-updated, it’s prone to attack.

WordPress core updates, theme updates, and plugin updates are important. In addition, here are are 6 plugins that will help guard your site even more against attacks!

1. Protect Your Admin

This plugin allows you to change your /wp-admin and /wp-login.php to any other slug you want. You could change it to mydomain.com/welcome or mydomain.com/signin for example.

WordPress attackers are going to look for your /wp-admin and /wp-login.php as the quickest way to find out if you’re running WordPress. Well, if they don’t see that, they might figure you’re not. Or if you are, they’d have to come up with a good guess as to what your login page is.

2. WordFence Security

This plugin has helped protect my own sites from hacks and helped me fix already hacked sites. It will scan your site for any infected files, even while you’re away from WordPress. So if you browse to another website, or even turn off your computer, no worries. It will continue scanning until it’s done. It will alert you of problems via e-mail and even make you aware of when there are plugin updates available. It also has a firewal, login security options, IP blocking, and for premium users (and I provide WordFence Premium to my WebCare clients), you have scheduled scans, country blocking, remote scans, the ability to check if your site is generating spam or is spamvertized, cell phone login, and an advance comment spam filter.

3. GOTMLS Anti-Malware and Brute Force Security

As much as I love WordFence, I’ve had occasions where WordFence couldn’t detect malware that was actually there! So I needed a second plugin, which did work! GOTMLS does a very thorough scan and will automatically remove threats and backdoors while it’s scanning. It will also patch your login to prevent brute force attacks.

I’d say the only downside to this is, unlike WordFence, you have to keep your browser open with GOTMLS on to continue the scan.

4. WP-SpamShield

This plugin helps eliminate comment, trackback, and contact form spam and it does it without annoying CAPTCHAs. The plugin works like a firewall to make sure the person on your site is human (most of the spam comes from bots but some are humans too) and also helps to make sure humans aren’t spamming you.

5. Sucuri Security Scanner

This is not one that I’ve really used yet, but most other WordPress developers I know swear by this one, and I will be trying it out. It does security activity audits, file integrity monitoring, remote malware scanning, blacklist monitoring, security hardening, post-hack security actions, and security notifications. A firewall available as a paid add-on. In many ways, it’s similar to what WordFence would provide.

6. WordPress Duplicator

A great backup tool is needed to help keep your site up. For a single site, I find this to be a great tool for either moving a site (which is what it was really intended for) or for site backups. Now from experience, if you have a multi-site WordPress installation, it gets a bit more tricky, so I only recommend this for stand-alone WordPress sites.

It gives you both a site download and an installer file when you create your package.


There are multiple tools out there to help secure and protect your website! These are just a few of my favorites plus one that I haven’t had much experience with but I know it’s powerful.

Of course you may not have time to do regular scans, updates, etc. If you care about you care about your site and want to make sure it stays up and running, but don’t have the time to take care of the maintenance, take a look at my WebCare plans. Level 1 is just enough to keep your site up and running, while Levels 2 and 3 are designed to bring in new custoemrs to your site!